/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-25 01:16:38 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080825011638-zgqej2cafhne05ay
* mandos-keygen: Strip 24-bit checksum of Radix-64 from output to make
                 output strictly base64.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2011-10-03">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
20
17
        <surname>Påhlsson</surname>
21
18
        <address>
22
 
          <email>belorn@recompile.se</email>
 
19
          <email>belorn@fukt.bsnet.se</email>
23
20
        </address>
24
21
      </author>
25
22
      <author>
26
23
        <firstname>Teddy</firstname>
27
24
        <surname>Hogeborn</surname>
28
25
        <address>
29
 
          <email>teddy@recompile.se</email>
 
26
          <email>teddy@fukt.bsnet.se</email>
30
27
        </address>
31
28
      </author>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
32
      <holder>Teddy Hogeborn</holder>
38
33
      <holder>Björn Påhlsson</holder>
39
34
    </copyright>
40
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
41
58
  </refentryinfo>
42
 
  
 
59
 
43
60
  <refmeta>
44
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
45
62
    <manvolnum>8</manvolnum>
48
65
  <refnamediv>
49
66
    <refname><command>&COMMANDNAME;</command></refname>
50
67
    <refpurpose>
51
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
52
70
    </refpurpose>
53
71
  </refnamediv>
54
 
  
 
72
 
55
73
  <refsynopsisdiv>
56
74
    <cmdsynopsis>
57
75
      <command>&COMMANDNAME;</command>
58
 
      <group>
59
 
        <arg choice="plain"><option>--dir
60
 
        <replaceable>DIRECTORY</replaceable></option></arg>
61
 
        <arg choice="plain"><option>-d
62
 
        <replaceable>DIRECTORY</replaceable></option></arg>
63
 
      </group>
64
 
      <sbr/>
65
 
      <group>
66
 
        <arg choice="plain"><option>--type
67
 
        <replaceable>KEYTYPE</replaceable></option></arg>
68
 
        <arg choice="plain"><option>-t
69
 
        <replaceable>KEYTYPE</replaceable></option></arg>
70
 
      </group>
71
 
      <sbr/>
72
 
      <group>
73
 
        <arg choice="plain"><option>--length
74
 
        <replaceable>BITS</replaceable></option></arg>
75
 
        <arg choice="plain"><option>-l
76
 
        <replaceable>BITS</replaceable></option></arg>
77
 
      </group>
78
 
      <sbr/>
79
 
      <group>
80
 
        <arg choice="plain"><option>--subtype
81
 
        <replaceable>KEYTYPE</replaceable></option></arg>
82
 
        <arg choice="plain"><option>-s
83
 
        <replaceable>KEYTYPE</replaceable></option></arg>
84
 
      </group>
85
 
      <sbr/>
86
 
      <group>
87
 
        <arg choice="plain"><option>--sublength
88
 
        <replaceable>BITS</replaceable></option></arg>
89
 
        <arg choice="plain"><option>-L
90
 
        <replaceable>BITS</replaceable></option></arg>
91
 
      </group>
92
 
      <sbr/>
93
 
      <group>
94
 
        <arg choice="plain"><option>--name
95
 
        <replaceable>NAME</replaceable></option></arg>
96
 
        <arg choice="plain"><option>-n
97
 
        <replaceable>NAME</replaceable></option></arg>
98
 
      </group>
99
 
      <sbr/>
100
 
      <group>
101
 
        <arg choice="plain"><option>--email
102
 
        <replaceable>ADDRESS</replaceable></option></arg>
103
 
        <arg choice="plain"><option>-e
104
 
        <replaceable>ADDRESS</replaceable></option></arg>
105
 
      </group>
106
 
      <sbr/>
107
 
      <group>
108
 
        <arg choice="plain"><option>--comment
109
 
        <replaceable>TEXT</replaceable></option></arg>
110
 
        <arg choice="plain"><option>-c
111
 
        <replaceable>TEXT</replaceable></option></arg>
112
 
      </group>
113
 
      <sbr/>
114
 
      <group>
115
 
        <arg choice="plain"><option>--expire
116
 
        <replaceable>TIME</replaceable></option></arg>
117
 
        <arg choice="plain"><option>-x
118
 
        <replaceable>TIME</replaceable></option></arg>
119
 
      </group>
120
 
      <sbr/>
121
 
      <arg><option>--force</option></arg>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
 
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
 
155
        <arg choice="plain"><option>-f</option></arg>
 
156
      </group>
122
157
    </cmdsynopsis>
123
158
    <cmdsynopsis>
124
159
      <command>&COMMANDNAME;</command>
125
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
126
162
        <arg choice="plain"><option>--password</option></arg>
127
 
        <arg choice="plain"><option>-p</option></arg>
128
 
        <arg choice="plain"><option>--passfile
129
 
        <replaceable>FILE</replaceable></option></arg>
130
 
        <arg choice="plain"><option>-F</option>
131
 
        <replaceable>FILE</replaceable></arg>
132
 
      </group>
133
 
      <sbr/>
134
 
      <group>
135
 
        <arg choice="plain"><option>--dir
136
 
        <replaceable>DIRECTORY</replaceable></option></arg>
137
 
        <arg choice="plain"><option>-d
138
 
        <replaceable>DIRECTORY</replaceable></option></arg>
139
 
      </group>
140
 
      <sbr/>
141
 
      <group>
142
 
        <arg choice="plain"><option>--name
143
 
        <replaceable>NAME</replaceable></option></arg>
144
 
        <arg choice="plain"><option>-n
145
 
        <replaceable>NAME</replaceable></option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
146
171
      </group>
147
172
    </cmdsynopsis>
148
173
    <cmdsynopsis>
149
174
      <command>&COMMANDNAME;</command>
150
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
151
177
        <arg choice="plain"><option>--help</option></arg>
152
 
        <arg choice="plain"><option>-h</option></arg>
153
178
      </group>
154
179
    </cmdsynopsis>
155
180
    <cmdsynopsis>
156
181
      <command>&COMMANDNAME;</command>
157
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
158
184
        <arg choice="plain"><option>--version</option></arg>
159
 
        <arg choice="plain"><option>-v</option></arg>
160
185
      </group>
161
186
    </cmdsynopsis>
162
187
  </refsynopsisdiv>
163
 
  
 
188
 
164
189
  <refsect1 id="description">
165
190
    <title>DESCRIPTION</title>
166
191
    <para>
167
192
      <command>&COMMANDNAME;</command> is a program to generate the
168
 
      OpenPGP key used by
169
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
170
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
171
196
      normally written to /etc/mandos for later installation into the
172
 
      initrd image, but this, and most other things, can be changed
173
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
174
199
    </para>
175
200
    <para>
176
 
      This program can also be used with the
177
 
      <option>--password</option> or <option>--passfile</option>
178
 
      options to generate a ready-made section for
179
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
180
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
181
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
182
205
    </para>
183
206
  </refsect1>
184
207
  
185
208
  <refsect1 id="purpose">
186
209
    <title>PURPOSE</title>
 
210
 
187
211
    <para>
188
212
      The purpose of this is to enable <emphasis>remote and unattended
189
213
      rebooting</emphasis> of client host computer with an
190
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
191
215
      linkend="overview"/> for details.
192
216
    </para>
 
217
 
193
218
  </refsect1>
194
219
  
195
220
  <refsect1 id="options">
196
221
    <title>OPTIONS</title>
197
 
    
 
222
 
198
223
    <variablelist>
199
224
      <varlistentry>
200
 
        <term><option>--help</option></term>
201
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
202
226
        <listitem>
203
227
          <para>
204
228
            Show a help message and exit
205
229
          </para>
206
230
        </listitem>
207
231
      </varlistentry>
208
 
      
 
232
 
209
233
      <varlistentry>
210
 
        <term><option>--dir
211
 
        <replaceable>DIRECTORY</replaceable></option></term>
212
 
        <term><option>-d
213
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
214
236
        <listitem>
215
237
          <para>
216
238
            Target directory for key files.  Default is
218
240
          </para>
219
241
        </listitem>
220
242
      </varlistentry>
221
 
      
 
243
 
222
244
      <varlistentry>
223
 
        <term><option>--type
224
 
        <replaceable>TYPE</replaceable></option></term>
225
 
        <term><option>-t
226
 
        <replaceable>TYPE</replaceable></option></term>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
227
247
        <listitem>
228
248
          <para>
229
249
            Key type.  Default is <quote>DSA</quote>.
230
250
          </para>
231
251
        </listitem>
232
252
      </varlistentry>
233
 
      
 
253
 
234
254
      <varlistentry>
235
 
        <term><option>--length
236
 
        <replaceable>BITS</replaceable></option></term>
237
 
        <term><option>-l
238
 
        <replaceable>BITS</replaceable></option></term>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
239
257
        <listitem>
240
258
          <para>
241
 
            Key length in bits.  Default is 2048.
 
259
            Key length in bits.  Default is 1024.
242
260
          </para>
243
261
        </listitem>
244
262
      </varlistentry>
245
 
      
 
263
 
246
264
      <varlistentry>
247
 
        <term><option>--subtype
248
 
        <replaceable>KEYTYPE</replaceable></option></term>
249
 
        <term><option>-s
250
 
        <replaceable>KEYTYPE</replaceable></option></term>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
251
267
        <listitem>
252
268
          <para>
253
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
255
271
          </para>
256
272
        </listitem>
257
273
      </varlistentry>
258
 
      
 
274
 
259
275
      <varlistentry>
260
 
        <term><option>--sublength
261
 
        <replaceable>BITS</replaceable></option></term>
262
 
        <term><option>-L
263
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
264
278
        <listitem>
265
279
          <para>
266
280
            Subkey length in bits.  Default is 2048.
267
281
          </para>
268
282
        </listitem>
269
283
      </varlistentry>
270
 
      
 
284
 
271
285
      <varlistentry>
272
 
        <term><option>--email
273
 
        <replaceable>ADDRESS</replaceable></option></term>
274
 
        <term><option>-e
275
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
276
288
        <listitem>
277
289
          <para>
278
290
            Email address of key.  Default is empty.
279
291
          </para>
280
292
        </listitem>
281
293
      </varlistentry>
282
 
      
 
294
 
283
295
      <varlistentry>
284
 
        <term><option>--comment
285
 
        <replaceable>TEXT</replaceable></option></term>
286
 
        <term><option>-c
287
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
288
298
        <listitem>
289
299
          <para>
290
300
            Comment field for key.  The default value is
292
302
          </para>
293
303
        </listitem>
294
304
      </varlistentry>
295
 
      
 
305
 
296
306
      <varlistentry>
297
 
        <term><option>--expire
298
 
        <replaceable>TIME</replaceable></option></term>
299
 
        <term><option>-x
300
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
301
309
        <listitem>
302
310
          <para>
303
311
            Key expire time.  Default is no expiration.  See
306
314
          </para>
307
315
        </listitem>
308
316
      </varlistentry>
309
 
      
 
317
 
310
318
      <varlistentry>
311
 
        <term><option>--force</option></term>
312
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
313
320
        <listitem>
314
321
          <para>
315
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
316
323
          </para>
317
324
        </listitem>
318
325
      </varlistentry>
319
326
      <varlistentry>
320
 
        <term><option>--password</option></term>
321
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
322
329
        <listitem>
323
330
          <para>
324
331
            Prompt for a password and encrypt it with the key already
330
337
            >8</manvolnum></citerefentry>.  The host name or the name
331
338
            specified with the <option>--name</option> option is used
332
339
            for the section header.  All other options are ignored,
333
 
            and no key is created.
334
 
          </para>
335
 
        </listitem>
336
 
      </varlistentry>
337
 
      <varlistentry>
338
 
        <term><option>--passfile
339
 
        <replaceable>FILE</replaceable></option></term>
340
 
        <term><option>-F
341
 
        <replaceable>FILE</replaceable></option></term>
342
 
        <listitem>
343
 
          <para>
344
 
            The same as <option>--password</option>, but read from
345
 
            <replaceable>FILE</replaceable>, not the terminal.
 
340
            and no keys are created.
346
341
          </para>
347
342
        </listitem>
348
343
      </varlistentry>
349
344
    </variablelist>
350
345
  </refsect1>
351
 
  
 
346
 
352
347
  <refsect1 id="overview">
353
348
    <title>OVERVIEW</title>
354
349
    <xi:include href="overview.xml"/>
355
350
    <para>
356
351
      This program is a small utility to generate new OpenPGP keys for
357
 
      new Mandos clients, and to generate sections for inclusion in
358
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
359
353
    </para>
360
354
  </refsect1>
361
 
  
 
355
 
362
356
  <refsect1 id="exit_status">
363
357
    <title>EXIT STATUS</title>
364
358
    <para>
365
 
      The exit status will be 0 if a new key (or password, if the
366
 
      <option>--password</option> option was used) was successfully
367
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
368
361
    </para>
369
362
  </refsect1>
370
363
  
372
365
    <title>ENVIRONMENT</title>
373
366
    <variablelist>
374
367
      <varlistentry>
375
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
376
369
        <listitem>
377
370
          <para>
378
371
            If set, temporary files will be created here. See
384
377
    </variablelist>
385
378
  </refsect1>
386
379
  
387
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
388
381
    <title>FILES</title>
389
382
    <para>
390
383
      Use the <option>--dir</option> option to change where
421
414
      </varlistentry>
422
415
    </variablelist>
423
416
  </refsect1>
424
 
  
425
 
<!--   <refsect1 id="bugs"> -->
426
 
<!--     <title>BUGS</title> -->
427
 
<!--     <para> -->
428
 
<!--     </para> -->
429
 
<!--   </refsect1> -->
430
 
  
 
417
 
 
418
  <refsect1 id="bugs">
 
419
    <title>BUGS</title>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
 
423
  </refsect1>
 
424
 
431
425
  <refsect1 id="example">
432
426
    <title>EXAMPLE</title>
433
427
    <informalexample>
435
429
        Normal invocation needs no options:
436
430
      </para>
437
431
      <para>
438
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
439
433
      </para>
440
434
    </informalexample>
441
435
    <informalexample>
442
436
      <para>
443
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
444
438
        overwriting old key files:
445
439
      </para>
446
440
      <para>
447
441
 
448
442
<!-- do not wrap this line -->
449
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
450
 
 
451
 
      </para>
452
 
    </informalexample>
453
 
    <informalexample>
454
 
      <para>
455
 
        Prompt for a password, encrypt it with the key in
456
 
        <filename>/etc/mandos</filename> and output a section suitable
457
 
        for <filename>clients.conf</filename>.
458
 
      </para>
459
 
      <para>
460
 
        <userinput>&COMMANDNAME; --password</userinput>
461
 
      </para>
462
 
    </informalexample>
463
 
    <informalexample>
464
 
      <para>
465
 
        Prompt for a password, encrypt it with the key in the
466
 
        <filename>client-key</filename> directory and output a section
467
 
        suitable for <filename>clients.conf</filename>.
468
 
      </para>
469
 
      <para>
470
 
 
471
 
<!-- do not wrap this line -->
472
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
473
444
 
474
445
      </para>
475
446
    </informalexample>
476
447
  </refsect1>
477
 
  
 
448
 
478
449
  <refsect1 id="security">
479
450
    <title>SECURITY</title>
480
451
    <para>
481
452
      The <option>--type</option>, <option>--length</option>,
482
453
      <option>--subtype</option>, and <option>--sublength</option>
483
 
      options can be used to create keys of low security.  If in
484
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
485
456
    </para>
486
457
    <para>
487
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
488
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
489
460
      <manvolnum>8</manvolnum></citerefentry>.
490
461
    </para>
491
462
  </refsect1>
492
 
  
 
463
 
493
464
  <refsect1 id="see_also">
494
465
    <title>SEE ALSO</title>
495
466
    <para>
496
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
497
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
498
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
499
 
      <manvolnum>1</manvolnum></citerefentry>,
500
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
501
 
      <manvolnum>5</manvolnum></citerefentry>,
502
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
503
 
      <manvolnum>8</manvolnum></citerefentry>,
504
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
505
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
472
      <manvolnum>1</manvolnum></citerefentry>
506
473
    </para>
507
474
  </refsect1>
508
475
  
509
476
</refentry>
510
 
<!-- Local Variables: -->
511
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
512
 
<!-- time-stamp-end: "[\"']>" -->
513
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
514
 
<!-- End: -->