/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-24 06:17:02 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080824061702-zxrru4r1vxmx4tuq
* Makefile (PREFIX, CONFDIR, MANDIR): Use $(DESTDIR).
  (install-server, install-client): Use "install --directory" instead
                                    of mkdir.

* mandos-keygen: New options --subtype and --sublength.
  (trap): Added semicolons and backslashes.
  (gpg): Added "--enable-dsa2" to all invocations.

* mandos-keygen.xml: Changed single quotes to double quotes for
                     consistency.
  (/refentry/refentryinfo/copyright) Split copyright holders.
  (SYNOPSIS): Added "--subtype", "--sublength", "-s", and "-L".
  (OPTIONS): Document the subtype and sublength options.
  (SECURITY): Also note the "--subtype" and "--sublength" options.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2009-01-04">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
32
      <holder>Teddy Hogeborn</holder>
37
33
      <holder>Björn Påhlsson</holder>
38
34
    </copyright>
39
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
40
58
  </refentryinfo>
41
 
  
 
59
 
42
60
  <refmeta>
43
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
44
62
    <manvolnum>8</manvolnum>
47
65
  <refnamediv>
48
66
    <refname><command>&COMMANDNAME;</command></refname>
49
67
    <refpurpose>
50
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
51
70
    </refpurpose>
52
71
  </refnamediv>
53
 
  
 
72
 
54
73
  <refsynopsisdiv>
55
74
    <cmdsynopsis>
56
75
      <command>&COMMANDNAME;</command>
57
 
      <group>
58
 
        <arg choice="plain"><option>--dir
59
 
        <replaceable>DIRECTORY</replaceable></option></arg>
60
 
        <arg choice="plain"><option>-d
61
 
        <replaceable>DIRECTORY</replaceable></option></arg>
62
 
      </group>
63
 
      <sbr/>
64
 
      <group>
65
 
        <arg choice="plain"><option>--type
66
 
        <replaceable>KEYTYPE</replaceable></option></arg>
67
 
        <arg choice="plain"><option>-t
68
 
        <replaceable>KEYTYPE</replaceable></option></arg>
69
 
      </group>
70
 
      <sbr/>
71
 
      <group>
72
 
        <arg choice="plain"><option>--length
73
 
        <replaceable>BITS</replaceable></option></arg>
74
 
        <arg choice="plain"><option>-l
75
 
        <replaceable>BITS</replaceable></option></arg>
76
 
      </group>
77
 
      <sbr/>
78
 
      <group>
79
 
        <arg choice="plain"><option>--subtype
80
 
        <replaceable>KEYTYPE</replaceable></option></arg>
81
 
        <arg choice="plain"><option>-s
82
 
        <replaceable>KEYTYPE</replaceable></option></arg>
83
 
      </group>
84
 
      <sbr/>
85
 
      <group>
86
 
        <arg choice="plain"><option>--sublength
87
 
        <replaceable>BITS</replaceable></option></arg>
88
 
        <arg choice="plain"><option>-L
89
 
        <replaceable>BITS</replaceable></option></arg>
90
 
      </group>
91
 
      <sbr/>
92
 
      <group>
93
 
        <arg choice="plain"><option>--name
94
 
        <replaceable>NAME</replaceable></option></arg>
95
 
        <arg choice="plain"><option>-n
96
 
        <replaceable>NAME</replaceable></option></arg>
97
 
      </group>
98
 
      <sbr/>
99
 
      <group>
100
 
        <arg choice="plain"><option>--email
101
 
        <replaceable>ADDRESS</replaceable></option></arg>
102
 
        <arg choice="plain"><option>-e
103
 
        <replaceable>ADDRESS</replaceable></option></arg>
104
 
      </group>
105
 
      <sbr/>
106
 
      <group>
107
 
        <arg choice="plain"><option>--comment
108
 
        <replaceable>TEXT</replaceable></option></arg>
109
 
        <arg choice="plain"><option>-c
110
 
        <replaceable>TEXT</replaceable></option></arg>
111
 
      </group>
112
 
      <sbr/>
113
 
      <group>
114
 
        <arg choice="plain"><option>--expire
115
 
        <replaceable>TIME</replaceable></option></arg>
116
 
        <arg choice="plain"><option>-x
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
      </group>
119
 
      <sbr/>
120
 
      <arg><option>--force</option></arg>
121
 
    </cmdsynopsis>
122
 
    <cmdsynopsis>
123
 
      <command>&COMMANDNAME;</command>
124
 
      <group choice="req">
125
 
        <arg choice="plain"><option>--password</option></arg>
126
 
        <arg choice="plain"><option>-p</option></arg>
127
 
        <arg choice="plain"><option>--passfile
128
 
        <replaceable>FILE</replaceable></option></arg>
129
 
        <arg choice="plain"><option>-F</option>
130
 
        <replaceable>FILE</replaceable></arg>
131
 
      </group>
132
 
      <sbr/>
133
 
      <group>
134
 
        <arg choice="plain"><option>--dir
135
 
        <replaceable>DIRECTORY</replaceable></option></arg>
136
 
        <arg choice="plain"><option>-d
137
 
        <replaceable>DIRECTORY</replaceable></option></arg>
138
 
      </group>
139
 
      <sbr/>
140
 
      <group>
141
 
        <arg choice="plain"><option>--name
142
 
        <replaceable>NAME</replaceable></option></arg>
143
 
        <arg choice="plain"><option>-n
144
 
        <replaceable>NAME</replaceable></option></arg>
145
 
      </group>
146
 
    </cmdsynopsis>
147
 
    <cmdsynopsis>
148
 
      <command>&COMMANDNAME;</command>
149
 
      <group choice="req">
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
 
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
 
155
        <arg choice="plain"><option>-f</option></arg>
 
156
      </group>
 
157
    </cmdsynopsis>
 
158
    <cmdsynopsis>
 
159
      <command>&COMMANDNAME;</command>
 
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-h</option></arg>
150
162
        <arg choice="plain"><option>--help</option></arg>
151
 
        <arg choice="plain"><option>-h</option></arg>
152
163
      </group>
153
164
    </cmdsynopsis>
154
165
    <cmdsynopsis>
155
166
      <command>&COMMANDNAME;</command>
156
167
      <group choice="req">
 
168
        <arg choice="plain"><option>-v</option></arg>
157
169
        <arg choice="plain"><option>--version</option></arg>
158
 
        <arg choice="plain"><option>-v</option></arg>
159
170
      </group>
160
171
    </cmdsynopsis>
161
172
  </refsynopsisdiv>
162
 
  
 
173
 
163
174
  <refsect1 id="description">
164
175
    <title>DESCRIPTION</title>
165
176
    <para>
166
177
      <command>&COMMANDNAME;</command> is a program to generate the
167
 
      OpenPGP key used by
168
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
169
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
178
      OpenPGP keys used by
 
179
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
180
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
170
181
      normally written to /etc/mandos for later installation into the
171
 
      initrd image, but this, and most other things, can be changed
172
 
      with command line options.
173
 
    </para>
174
 
    <para>
175
 
      This program can also be used with the
176
 
      <option>--password</option> or <option>--passfile</option>
177
 
      options to generate a ready-made section for
178
 
      <filename>clients.conf</filename> (see
179
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
180
 
      <manvolnum>5</manvolnum></citerefentry>).
 
182
      initrd image, but this, like most things, can be changed with
 
183
      command line options.
181
184
    </para>
182
185
  </refsect1>
183
186
  
184
187
  <refsect1 id="purpose">
185
188
    <title>PURPOSE</title>
 
189
 
186
190
    <para>
187
191
      The purpose of this is to enable <emphasis>remote and unattended
188
192
      rebooting</emphasis> of client host computer with an
189
193
      <emphasis>encrypted root file system</emphasis>.  See <xref
190
194
      linkend="overview"/> for details.
191
195
    </para>
 
196
 
192
197
  </refsect1>
193
198
  
194
199
  <refsect1 id="options">
195
200
    <title>OPTIONS</title>
196
 
    
 
201
 
197
202
    <variablelist>
198
203
      <varlistentry>
199
 
        <term><option>--help</option></term>
200
 
        <term><option>-h</option></term>
 
204
        <term><literal>-h</literal>, <literal>--help</literal></term>
201
205
        <listitem>
202
206
          <para>
203
207
            Show a help message and exit
204
208
          </para>
205
209
        </listitem>
206
210
      </varlistentry>
207
 
      
 
211
 
208
212
      <varlistentry>
209
 
        <term><option>--dir
210
 
        <replaceable>DIRECTORY</replaceable></option></term>
211
 
        <term><option>-d
212
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
213
        <term><literal>-d</literal>, <literal>--dir
 
214
        <replaceable>directory</replaceable></literal></term>
213
215
        <listitem>
214
216
          <para>
215
 
            Target directory for key files.  Default is
216
 
            <filename>/etc/mandos</filename>.
 
217
            Target directory for key files.
217
218
          </para>
218
219
        </listitem>
219
220
      </varlistentry>
220
 
      
 
221
 
221
222
      <varlistentry>
222
 
        <term><option>--type
223
 
        <replaceable>TYPE</replaceable></option></term>
224
 
        <term><option>-t
225
 
        <replaceable>TYPE</replaceable></option></term>
 
223
        <term><literal>-t</literal>, <literal>--type
 
224
        <replaceable>type</replaceable></literal></term>
226
225
        <listitem>
227
226
          <para>
228
227
            Key type.  Default is <quote>DSA</quote>.
229
228
          </para>
230
229
        </listitem>
231
230
      </varlistentry>
232
 
      
 
231
 
233
232
      <varlistentry>
234
 
        <term><option>--length
235
 
        <replaceable>BITS</replaceable></option></term>
236
 
        <term><option>-l
237
 
        <replaceable>BITS</replaceable></option></term>
 
233
        <term><literal>-l</literal>, <literal>--length
 
234
        <replaceable>bits</replaceable></literal></term>
238
235
        <listitem>
239
236
          <para>
240
 
            Key length in bits.  Default is 2048.
 
237
            Key length in bits.  Default is 1024.
241
238
          </para>
242
239
        </listitem>
243
240
      </varlistentry>
244
 
      
 
241
 
245
242
      <varlistentry>
246
 
        <term><option>--subtype
247
 
        <replaceable>KEYTYPE</replaceable></option></term>
248
 
        <term><option>-s
249
 
        <replaceable>KEYTYPE</replaceable></option></term>
 
243
        <term><literal>-s</literal>, <literal>--subtype
 
244
        <replaceable>type</replaceable></literal></term>
250
245
        <listitem>
251
246
          <para>
252
247
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
254
249
          </para>
255
250
        </listitem>
256
251
      </varlistentry>
257
 
      
 
252
 
258
253
      <varlistentry>
259
 
        <term><option>--sublength
260
 
        <replaceable>BITS</replaceable></option></term>
261
 
        <term><option>-L
262
 
        <replaceable>BITS</replaceable></option></term>
 
254
        <term><literal>-L</literal>, <literal>--sublength
 
255
        <replaceable>bits</replaceable></literal></term>
263
256
        <listitem>
264
257
          <para>
265
258
            Subkey length in bits.  Default is 2048.
266
259
          </para>
267
260
        </listitem>
268
261
      </varlistentry>
269
 
      
 
262
 
270
263
      <varlistentry>
271
 
        <term><option>--email
272
 
        <replaceable>ADDRESS</replaceable></option></term>
273
 
        <term><option>-e
274
 
        <replaceable>ADDRESS</replaceable></option></term>
 
264
        <term><literal>-e</literal>, <literal>--email</literal>
 
265
        <replaceable>address</replaceable></term>
275
266
        <listitem>
276
267
          <para>
277
268
            Email address of key.  Default is empty.
278
269
          </para>
279
270
        </listitem>
280
271
      </varlistentry>
281
 
      
 
272
 
282
273
      <varlistentry>
283
 
        <term><option>--comment
284
 
        <replaceable>TEXT</replaceable></option></term>
285
 
        <term><option>-c
286
 
        <replaceable>TEXT</replaceable></option></term>
 
274
        <term><literal>-c</literal>, <literal>--comment</literal>
 
275
        <replaceable>comment</replaceable></term>
287
276
        <listitem>
288
277
          <para>
289
278
            Comment field for key.  The default value is
291
280
          </para>
292
281
        </listitem>
293
282
      </varlistentry>
294
 
      
 
283
 
295
284
      <varlistentry>
296
 
        <term><option>--expire
297
 
        <replaceable>TIME</replaceable></option></term>
298
 
        <term><option>-x
299
 
        <replaceable>TIME</replaceable></option></term>
 
285
        <term><literal>-x</literal>, <literal>--expire</literal>
 
286
        <replaceable>time</replaceable></term>
300
287
        <listitem>
301
288
          <para>
302
289
            Key expire time.  Default is no expiration.  See
305
292
          </para>
306
293
        </listitem>
307
294
      </varlistentry>
308
 
      
309
 
      <varlistentry>
310
 
        <term><option>--force</option></term>
311
 
        <term><option>-f</option></term>
312
 
        <listitem>
313
 
          <para>
314
 
            Force overwriting old key.
315
 
          </para>
316
 
        </listitem>
317
 
      </varlistentry>
318
 
      <varlistentry>
319
 
        <term><option>--password</option></term>
320
 
        <term><option>-p</option></term>
321
 
        <listitem>
322
 
          <para>
323
 
            Prompt for a password and encrypt it with the key already
324
 
            present in either <filename>/etc/mandos</filename> or the
325
 
            directory specified with the <option>--dir</option>
326
 
            option.  Outputs, on standard output, a section suitable
327
 
            for inclusion in <citerefentry><refentrytitle
328
 
            >mandos-clients.conf</refentrytitle><manvolnum
329
 
            >8</manvolnum></citerefentry>.  The host name or the name
330
 
            specified with the <option>--name</option> option is used
331
 
            for the section header.  All other options are ignored,
332
 
            and no key is created.
333
 
          </para>
334
 
        </listitem>
335
 
      </varlistentry>
336
 
      <varlistentry>
337
 
        <term><option>--passfile
338
 
        <replaceable>FILE</replaceable></option></term>
339
 
        <term><option>-F
340
 
        <replaceable>FILE</replaceable></option></term>
341
 
        <listitem>
342
 
          <para>
343
 
            The same as <option>--password</option>, but read from
344
 
            <replaceable>FILE</replaceable>, not the terminal.
 
295
 
 
296
      <varlistentry>
 
297
        <term><literal>-f</literal>, <literal>--force</literal></term>
 
298
        <listitem>
 
299
          <para>
 
300
            Force overwriting old keys.
345
301
          </para>
346
302
        </listitem>
347
303
      </varlistentry>
348
304
    </variablelist>
349
305
  </refsect1>
350
 
  
 
306
 
351
307
  <refsect1 id="overview">
352
308
    <title>OVERVIEW</title>
353
309
    <xi:include href="overview.xml"/>
354
310
    <para>
355
311
      This program is a small utility to generate new OpenPGP keys for
356
 
      new Mandos clients, and to generate sections for inclusion in
357
 
      <filename>clients.conf</filename> on the server.
 
312
      new Mandos clients.
358
313
    </para>
359
314
  </refsect1>
360
 
  
 
315
 
361
316
  <refsect1 id="exit_status">
362
317
    <title>EXIT STATUS</title>
363
318
    <para>
364
 
      The exit status will be 0 if a new key (or password, if the
365
 
      <option>--password</option> option was used) was successfully
366
 
      created, otherwise not.
 
319
      The exit status will be 0 if new keys were successfully created,
 
320
      otherwise not.
367
321
    </para>
368
322
  </refsect1>
369
323
  
371
325
    <title>ENVIRONMENT</title>
372
326
    <variablelist>
373
327
      <varlistentry>
374
 
        <term><envar>TMPDIR</envar></term>
 
328
        <term><varname>TMPDIR</varname></term>
375
329
        <listitem>
376
330
          <para>
377
331
            If set, temporary files will be created here. See
383
337
    </variablelist>
384
338
  </refsect1>
385
339
  
386
 
  <refsect1 id="files">
 
340
  <refsect1 id="file">
387
341
    <title>FILES</title>
388
342
    <para>
389
343
      Use the <option>--dir</option> option to change where
420
374
      </varlistentry>
421
375
    </variablelist>
422
376
  </refsect1>
423
 
  
424
 
<!--   <refsect1 id="bugs"> -->
425
 
<!--     <title>BUGS</title> -->
426
 
<!--     <para> -->
427
 
<!--     </para> -->
428
 
<!--   </refsect1> -->
429
 
  
 
377
 
 
378
  <refsect1 id="bugs">
 
379
    <title>BUGS</title>
 
380
    <para>
 
381
      None are known at this time.
 
382
    </para>
 
383
  </refsect1>
 
384
 
430
385
  <refsect1 id="example">
431
386
    <title>EXAMPLE</title>
432
387
    <informalexample>
434
389
        Normal invocation needs no options:
435
390
      </para>
436
391
      <para>
437
 
        <userinput>&COMMANDNAME;</userinput>
 
392
        <userinput>mandos-keygen</userinput>
438
393
      </para>
439
394
    </informalexample>
440
395
    <informalexample>
441
396
      <para>
442
 
        Create key in another directory and of another type.  Force
 
397
        Create keys in another directory and of another type.  Force
443
398
        overwriting old key files:
444
399
      </para>
445
400
      <para>
446
401
 
447
402
<!-- do not wrap this line -->
448
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
449
 
 
450
 
      </para>
451
 
    </informalexample>
452
 
    <informalexample>
453
 
      <para>
454
 
        Prompt for a password, encrypt it with the key in
455
 
        <filename>/etc/mandos</filename> and output a section suitable
456
 
        for <filename>clients.conf</filename>.
457
 
      </para>
458
 
      <para>
459
 
        <userinput>&COMMANDNAME; --password</userinput>
460
 
      </para>
461
 
    </informalexample>
462
 
    <informalexample>
463
 
      <para>
464
 
        Prompt for a password, encrypt it with the key in the
465
 
        <filename>client-key</filename> directory and output a section
466
 
        suitable for <filename>clients.conf</filename>.
467
 
      </para>
468
 
      <para>
469
 
 
470
 
<!-- do not wrap this line -->
471
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
403
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
472
404
 
473
405
      </para>
474
406
    </informalexample>
475
407
  </refsect1>
476
 
  
 
408
 
477
409
  <refsect1 id="security">
478
410
    <title>SECURITY</title>
479
411
    <para>
480
412
      The <option>--type</option>, <option>--length</option>,
481
413
      <option>--subtype</option>, and <option>--sublength</option>
482
 
      options can be used to create keys of low security.  If in
483
 
      doubt, leave them to the default values.
 
414
      options can be used to create keys of insufficient security.  If
 
415
      in doubt, leave them to the default values.
484
416
    </para>
485
417
    <para>
486
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
487
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
418
      The key expire time is not guaranteed to be honored by
 
419
      <citerefentry><refentrytitle>mandos</refentrytitle>
488
420
      <manvolnum>8</manvolnum></citerefentry>.
489
421
    </para>
490
422
  </refsect1>
491
 
  
 
423
 
492
424
  <refsect1 id="see_also">
493
425
    <title>SEE ALSO</title>
494
426
    <para>
 
427
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
428
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
429
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
430
      <manvolnum>8</manvolnum></citerefentry>,
495
431
      <citerefentry><refentrytitle>gpg</refentrytitle>
496
 
      <manvolnum>1</manvolnum></citerefentry>,
497
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
498
 
      <manvolnum>5</manvolnum></citerefentry>,
499
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
500
 
      <manvolnum>8</manvolnum></citerefentry>,
501
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
502
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
432
      <manvolnum>1</manvolnum></citerefentry>
503
433
    </para>
504
434
  </refsect1>
505
435
  
506
436
</refentry>
507
 
<!-- Local Variables: -->
508
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
509
 
<!-- time-stamp-end: "[\"']>" -->
510
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
511
 
<!-- End: -->