/mandos/release : revision 96

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-24 06:17:02 UTC
Revision ID: teddy@fukt.bsnet.se-20080824061702-zxrru4r1vxmx4tuq

* Makefile (PREFIX, CONFDIR, MANDIR): Use $(DESTDIR).
  (install-server, install-client): Use "install --directory" instead
                                    of mkdir.

* mandos-keygen: New options --subtype and --sublength.
  (trap): Added semicolons and backslashes.
  (gpg): Added "--enable-dsa2" to all invocations.

* mandos-keygen.xml: Changed single quotes to double quotes for
                     consistency.
  (/refentry/refentryinfo/copyright) Split copyright holders.
  (SYNOPSIS): Added "--subtype", "--sublength", "-s", and "-L".
  (OPTIONS): Document the subtype and sublength options.
  (SECURITY): Also note the "--subtype" and "--sublength" options.

files added:
mandos-options.xml

overview.xml

files modified:
Makefile

TODO

clients.conf

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version='1.0' encoding='UTF-8'?>

<?xml-stylesheet type="text/xsl"

href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<title>&COMMANDNAME;</title>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

</authorgroup>

<holder>Teddy Hogeborn & Björn Påhlsson</holder>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

</group>

<arg choice="plain"><option>--subtype</option>

</group>

<arg choice="plain"><option>--sublength</option>

</group>

</group>

121

128

122

129

</group>

123

130

131

132

133

</group>

134

135

136

137

</group>

138

124

139

125

140

126

141

</group>

143

158

144

159

<command>&COMMANDNAME;</command>

145

160

146

147

161

162

148

163

</group>

149

164

</cmdsynopsis>

150

165

151

166

<command>&COMMANDNAME;</command>

152

167

153

154

<arg choice='plain'><option>--version</option></arg>

168

169

<arg choice="plain"><option>--version</option></arg>

155

170

</group>

156

171

</cmdsynopsis>

157

172

</refsynopsisdiv>

169

184

</para>

170

185

</refsect1>

171

186

187

188

<title>PURPOSE</title>

189

190

<para>

191

The purpose of this is to enable <emphasis>remote and unattended

192

rebooting</emphasis> of client host computer with an

193

<emphasis>encrypted root file system</emphasis>. See <xref

194

linkend="overview"/> for details.

195

</para>

196

197

</refsect1>

198

172

199

173

200

<title>OPTIONS</title>

174

201

197

224

198

225

199

226

<para>

200

Key type. Default is DSA.

227

Key type. Default is <quote>DSA</quote>.

201

228

</para>

202

229

</listitem>

203

230

</varlistentry>

213

240

</varlistentry>

214

241

215

242

243

<term><literal>-s</literal>, <literal>--subtype

244

245

246

<para>

247

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

248

encryption-only).

249

</para>

250

</listitem>

251

</varlistentry>

252

253

254

<term><literal>-L</literal>, <literal>--sublength

255

256

257

<para>

258

Subkey length in bits. Default is 2048.

259

</para>

260

</listitem>

261

</varlistentry>

262

263

216

264

<term><literal>-e</literal>, <literal>--email</literal>

217

265

<replaceable>address</replaceable></term>

218

266

228

276

229

277

<para>

230

278

Comment field for key. The default value is

231

"<literal>Mandos client key</literal>".

279

<quote><literal>Mandos client key</literal></quote>.

232

280

</para>

233

281

</listitem>

234

282

</varlistentry>

256

304

</variablelist>

257

305

</refsect1>

258

306

307

308

<title>OVERVIEW</title>

309

<xi:include href="overview.xml"/>

310

<para>

311

This program is a small utility to generate new OpenPGP keys for

312

new Mandos clients.

313

</para>

314

</refsect1>

315

259

316

260

317

<title>EXIT STATUS</title>

261

318

<para>

319

The exit status will be 0 if new keys were successfully created,

320

otherwise not.

262

321

</para>

263

322

</refsect1>

264

323

324

325

<title>ENVIRONMENT</title>

326

327

328

<term><varname>TMPDIR</varname></term>

329

330

<para>

331

If set, temporary files will be created here. See

332

<citerefentry><refentrytitle>mktemp</refentrytitle>

333

<manvolnum>1</manvolnum></citerefentry>.

334

</para>

335

</listitem>

336

</varlistentry>

337

</variablelist>

338

</refsect1>

339

265

340

266

341

<title>FILES</title>

267

342

<para>

343

Use the <option>--dir</option> option to change where

344

<command>&COMMANDNAME;</command> will write the key files. The

345

default file names are shown here.

268

346

</para>

347

348

349

<term><filename>/etc/mandos/seckey.txt</filename></term>

350

351

<para>

352

OpenPGP secret key file which will be created or

353

overwritten.

354

</para>

355

</listitem>

356

</varlistentry>

357

358

<term><filename>/etc/mandos/pubkey.txt</filename></term>

359

360

<para>

361

OpenPGP public key file which will be created or

362

overwritten.

363

</para>

364

</listitem>

365

</varlistentry>

366

367

368

369

<para>

370

Temporary files will be written here if

371

<varname>TMPDIR</varname> is not set.

372

</para>

373

</listitem>

374

</varlistentry>

375

</variablelist>

269

376

</refsect1>

270

377

271

378

272

379

273

380

<para>

381

None are known at this time.

274

382

</para>

275

383

</refsect1>

276

384

277

278

<title>EXAMPLES</title>

279

<para>

280

</para>

385

386

<title>EXAMPLE</title>

387

388

<para>

389

Normal invocation needs no options:

390

</para>

391

<para>

392

<userinput>mandos-keygen</userinput>

393

</para>

394

</informalexample>

395

396

<para>

397

Create keys in another directory and of another type. Force

398

overwriting old key files:

399

</para>

400

<para>

401

402

403

<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>

404

405

</para>

406

</informalexample>

281

407

</refsect1>

282

408

283

409

284

410

<title>SECURITY</title>

285

411

<para>

412

The <option>--type</option>, <option>--length</option>,

413

<option>--subtype</option>, and <option>--sublength</option>

414

options can be used to create keys of insufficient security. If

415

in doubt, leave them to the default values.

416

</para>

417

<para>

418

The key expire time is not guaranteed to be honored by

419

<citerefentry><refentrytitle>mandos</refentrytitle>

420

<manvolnum>8</manvolnum></citerefentry>.

286

421

</para>

287

422

</refsect1>

288

423

292

427

<citerefentry><refentrytitle>password-request</refentrytitle>

293

428

<manvolnum>8mandos</manvolnum></citerefentry>,

294

429

<citerefentry><refentrytitle>mandos</refentrytitle>

295

<manvolnum>8</manvolnum></citerefentry>, and

430

<manvolnum>8</manvolnum></citerefentry>,

296

431

297

432

298

433

</para>

Older »