/mandos/trunk : revision 1055

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2019-03-12 20:13:34 UTC
Revision ID: teddy@recompile.se-20190312201334-my3htrprewjosuw5

mandos-ctl: Refactor

* mandos-ctl: Reorder everything into logical order; put main() first,
              and put every subsequent definition as soon as possible
              after its first use, except superclasses which need to
              be placed before the classes inheriting from them.
              Reorder all tests to match.

files added:
DBUS-API

NEWS

bugs.xml

common.ent

dbus-mandos.conf

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files removed:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

initramfs-tools-hook-conf

plugins.d/usplash

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-09-20">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

115

127

116

128

</group>

117

129

<sbr/>

118

<arg><option>--force</option></arg>

130

<group>

131

<arg choice="plain"><option>--tls-keytype

132

<replaceable>KEYTYPE</replaceable></option></arg>

133

<arg choice="plain"><option>-T

134

<replaceable>KEYTYPE</replaceable></option></arg>

135

</group>

136

<sbr/>

137

<group>

138

<arg choice="plain"><option>--force</option></arg>

139

140

</group>

119

141

</cmdsynopsis>

120

142

121

143

<command>&COMMANDNAME;</command>

141

163

<arg choice="plain"><option>-n

142

164

143

165

</group>

166

<group>

167

168

169

</group>

144

170

</cmdsynopsis>

145

171

146

172

<command>&COMMANDNAME;</command>

162

188

<title>DESCRIPTION</title>

163

189

<para>

164

190

<command>&COMMANDNAME;</command> is a program to generate the

165

OpenPGP key used by

191

TLS and OpenPGP keys used by

166

192

<citerefentry><refentrytitle>mandos-client</refentrytitle>

167

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

168

normally written to /etc/mandos for later installation into the

169

initrd image, but this, and most other things, can be changed

170

with command line options.

193

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

194

normally written to /etc/keys/mandos for later installation into

195

the initrd image, but this, and most other things, can be

196

changed with command line options.

171

197

</para>

172

198

<para>

173

199

This program can also be used with the

210

236

<replaceable>DIRECTORY</replaceable></option></term>

211

237

212

238

<para>

213

Target directory for key files. Default is

214

<filename>/etc/mandos</filename>.

239

Target directory for key files. Default is <filename

240

class="directory">/etc/keys/mandos</filename>.

215

241

</para>

216

242

</listitem>

217

243

</varlistentry>

223

249

224

250

225

251

<para>

226

Key type. Default is <quote>DSA</quote>.

252

OpenPGP key type. Default is <quote>RSA</quote>.

227

253

</para>

228

254

</listitem>

229

255

</varlistentry>

235

261

236

262

237

263

<para>

238

Key length in bits. Default is 2048.

264

OpenPGP key length in bits. Default is 4096.

239

265

</para>

240

266

</listitem>

241

267

</varlistentry>

247

273

<replaceable>KEYTYPE</replaceable></option></term>

248

274

249

275

<para>

250

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

251

encryption-only).

276

OpenPGP subkey type. Default is <quote>RSA</quote>

252

277

</para>

253

278

</listitem>

254

279

</varlistentry>

260

285

261

286

262

287

<para>

263

Subkey length in bits. Default is 2048.

288

OpenPGP subkey length in bits. Default is 4096.

264

289

</para>

265

290

</listitem>

266

291

</varlistentry>

284

309

285

310

286

311

<para>

287

Comment field for key. The default value is

288

<quote><literal>Mandos client key</literal></quote>.

312

Comment field for key. Default is empty.

289

313

</para>

290

314

</listitem>

291

315

</varlistentry>

305

329

</varlistentry>

306

330

307

331

332

<term><option>--tls-keytype

333

<replaceable>KEYTYPE</replaceable></option></term>

334

<term><option>-T

335

<replaceable>KEYTYPE</replaceable></option></term>

336

337

<para>

338

TLS key type. Default is <quote>ed25519</quote>

339

</para>

340

</listitem>

341

</varlistentry>

342

343

308

344

<term><option>--force</option></term>

309

345

310

346

319

355

320

356

<para>

321

357

Prompt for a password and encrypt it with the key already

322

present in either <filename>/etc/mandos</filename> or the

323

directory specified with the <option>--dir</option>

358

present in either <filename>/etc/keys/mandos</filename> or

359

the directory specified with the <option>--dir</option>

324

360

option. Outputs, on standard output, a section suitable

325

361

for inclusion in <citerefentry><refentrytitle

326

362

>mandos-clients.conf</refentrytitle><manvolnum

343

379

</para>

344

380

</listitem>

345

381

</varlistentry>

382

383

384

385

386

<para>

387

When <option>--password</option> or

388

<option>--passfile</option> is given, this option will

389

prevent <command>&COMMANDNAME;</command> from calling

390

<command>ssh-keyscan</command> to get an SSH fingerprint

391

for this host and, if successful, output suitable config

392

options to use this fingerprint as a

393

<option>checker</option> option in the output. This is

394

otherwise the default behavior.

395

</para>

396

</listitem>

397

</varlistentry>

346

398

</variablelist>

347

399

</refsect1>

348

400

350

402

<title>OVERVIEW</title>

351

403

<xi:include href="overview.xml"/>

352

404

<para>

353

This program is a small utility to generate new OpenPGP keys for

354

new Mandos clients, and to generate sections for inclusion in

355

<filename>clients.conf</filename> on the server.

405

This program is a small utility to generate new TLS and OpenPGP

406

keys for new Mandos clients, and to generate sections for

407

inclusion in <filename>clients.conf</filename> on the server.

356

408

</para>

357

409

</refsect1>

358

410

381

433

</variablelist>

382

434

</refsect1>

383

435

384

436

385

437

<title>FILES</title>

386

438

<para>

387

439

Use the <option>--dir</option> option to change where

390

442

</para>

391

443

392

444

393

<term><filename>/etc/mandos/seckey.txt</filename></term>

445

<term><filename>/etc/keys/mandos/seckey.txt</filename></term>

394

446

395

447

<para>

396

448

OpenPGP secret key file which will be created or

399

451

</listitem>

400

452

</varlistentry>

401

453

402

<term><filename>/etc/mandos/pubkey.txt</filename></term>

454

<term><filename>/etc/keys/mandos/pubkey.txt</filename></term>

403

455

404

456

<para>

405

457

OpenPGP public key file which will be created or

408

460

</listitem>

409

461

</varlistentry>

410

462

411

463

<term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>

464

465

<para>

466

Private key file which will be created or overwritten.

467

</para>

468

</listitem>

469

</varlistentry>

470

471

<term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>

472

473

<para>

474

Public key file which will be created or overwritten.

475

</para>

476

</listitem>

477

</varlistentry>

478

479

412

480

413

481

<para>

414

482

Temporary files will be written here if

419

487

</variablelist>

420

488

</refsect1>

421

489

422

423

424

425

426

490

491

492

<xi:include href="bugs.xml"/>

493

</refsect1>

427

494

428

495

429

496

<title>EXAMPLE</title>

449

516

</informalexample>

450

517

451

518

<para>

452

Prompt for a password, encrypt it with the key in

453

<filename>/etc/mandos</filename> and output a section suitable

454

for <filename>clients.conf</filename>.

519

Prompt for a password, encrypt it with the keys in <filename

520

class="directory">/etc/keys/mandos</filename> and output a

521

section suitable for <filename>clients.conf</filename>.

455

522

</para>

456

523

<para>

457

524

<userinput>&COMMANDNAME; --password</userinput>

459

526

</informalexample>

460

527

461

528

<para>

462

Prompt for a password, encrypt it with the key in the

529

Prompt for a password, encrypt it with the keys in the

463

530

<filename>client-key</filename> directory and output a section

464

531

suitable for <filename>clients.conf</filename>.

465

532

</para>

490

557

491

558

492

559

<para>

560

<citerefentry><refentrytitle>intro</refentrytitle>

561

<manvolnum>8mandos</manvolnum></citerefentry>,

493

562

494

563

<manvolnum>1</manvolnum></citerefentry>,

495

564

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

497

566

<citerefentry><refentrytitle>mandos</refentrytitle>

498

567

<manvolnum>8</manvolnum></citerefentry>,

499

568

<citerefentry><refentrytitle>mandos-client</refentrytitle>

500

<manvolnum>8mandos</manvolnum></citerefentry>

569

<manvolnum>8mandos</manvolnum></citerefentry>,

570

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

571

501

572

</para>

502

573

</refsect1>

503

574

Older »