/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-29 05:53:59 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2009-01-04">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
32
      <holder>Teddy Hogeborn</holder>
37
33
      <holder>Björn Påhlsson</holder>
38
34
    </copyright>
39
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
40
58
  </refentryinfo>
41
 
  
 
59
 
42
60
  <refmeta>
43
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
44
62
    <manvolnum>8</manvolnum>
47
65
  <refnamediv>
48
66
    <refname><command>&COMMANDNAME;</command></refname>
49
67
    <refpurpose>
50
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
51
70
    </refpurpose>
52
71
  </refnamediv>
53
 
  
 
72
 
54
73
  <refsynopsisdiv>
55
74
    <cmdsynopsis>
56
75
      <command>&COMMANDNAME;</command>
57
 
      <group>
58
 
        <arg choice="plain"><option>--dir
59
 
        <replaceable>DIRECTORY</replaceable></option></arg>
60
 
        <arg choice="plain"><option>-d
61
 
        <replaceable>DIRECTORY</replaceable></option></arg>
62
 
      </group>
63
 
      <sbr/>
64
 
      <group>
65
 
        <arg choice="plain"><option>--type
66
 
        <replaceable>KEYTYPE</replaceable></option></arg>
67
 
        <arg choice="plain"><option>-t
68
 
        <replaceable>KEYTYPE</replaceable></option></arg>
69
 
      </group>
70
 
      <sbr/>
71
 
      <group>
72
 
        <arg choice="plain"><option>--length
73
 
        <replaceable>BITS</replaceable></option></arg>
74
 
        <arg choice="plain"><option>-l
75
 
        <replaceable>BITS</replaceable></option></arg>
76
 
      </group>
77
 
      <sbr/>
78
 
      <group>
79
 
        <arg choice="plain"><option>--subtype
80
 
        <replaceable>KEYTYPE</replaceable></option></arg>
81
 
        <arg choice="plain"><option>-s
82
 
        <replaceable>KEYTYPE</replaceable></option></arg>
83
 
      </group>
84
 
      <sbr/>
85
 
      <group>
86
 
        <arg choice="plain"><option>--sublength
87
 
        <replaceable>BITS</replaceable></option></arg>
88
 
        <arg choice="plain"><option>-L
89
 
        <replaceable>BITS</replaceable></option></arg>
90
 
      </group>
91
 
      <sbr/>
92
 
      <group>
93
 
        <arg choice="plain"><option>--name
94
 
        <replaceable>NAME</replaceable></option></arg>
95
 
        <arg choice="plain"><option>-n
96
 
        <replaceable>NAME</replaceable></option></arg>
97
 
      </group>
98
 
      <sbr/>
99
 
      <group>
100
 
        <arg choice="plain"><option>--email
101
 
        <replaceable>ADDRESS</replaceable></option></arg>
102
 
        <arg choice="plain"><option>-e
103
 
        <replaceable>ADDRESS</replaceable></option></arg>
104
 
      </group>
105
 
      <sbr/>
106
 
      <group>
107
 
        <arg choice="plain"><option>--comment
108
 
        <replaceable>TEXT</replaceable></option></arg>
109
 
        <arg choice="plain"><option>-c
110
 
        <replaceable>TEXT</replaceable></option></arg>
111
 
      </group>
112
 
      <sbr/>
113
 
      <group>
114
 
        <arg choice="plain"><option>--expire
115
 
        <replaceable>TIME</replaceable></option></arg>
116
 
        <arg choice="plain"><option>-x
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
      </group>
119
 
      <sbr/>
120
 
      <arg><option>--force</option></arg>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
 
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
 
155
        <arg choice="plain"><option>-f</option></arg>
 
156
      </group>
121
157
    </cmdsynopsis>
122
158
    <cmdsynopsis>
123
159
      <command>&COMMANDNAME;</command>
124
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
125
162
        <arg choice="plain"><option>--password</option></arg>
126
 
        <arg choice="plain"><option>-p</option></arg>
127
 
        <arg choice="plain"><option>--passfile
128
 
        <replaceable>FILE</replaceable></option></arg>
129
 
        <arg choice="plain"><option>-F</option>
130
 
        <replaceable>FILE</replaceable></arg>
131
 
      </group>
132
 
      <sbr/>
133
 
      <group>
134
 
        <arg choice="plain"><option>--dir
135
 
        <replaceable>DIRECTORY</replaceable></option></arg>
136
 
        <arg choice="plain"><option>-d
137
 
        <replaceable>DIRECTORY</replaceable></option></arg>
138
 
      </group>
139
 
      <sbr/>
140
 
      <group>
141
 
        <arg choice="plain"><option>--name
142
 
        <replaceable>NAME</replaceable></option></arg>
143
 
        <arg choice="plain"><option>-n
144
 
        <replaceable>NAME</replaceable></option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
145
171
      </group>
146
172
    </cmdsynopsis>
147
173
    <cmdsynopsis>
148
174
      <command>&COMMANDNAME;</command>
149
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
150
177
        <arg choice="plain"><option>--help</option></arg>
151
 
        <arg choice="plain"><option>-h</option></arg>
152
178
      </group>
153
179
    </cmdsynopsis>
154
180
    <cmdsynopsis>
155
181
      <command>&COMMANDNAME;</command>
156
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
157
184
        <arg choice="plain"><option>--version</option></arg>
158
 
        <arg choice="plain"><option>-v</option></arg>
159
185
      </group>
160
186
    </cmdsynopsis>
161
187
  </refsynopsisdiv>
162
 
  
 
188
 
163
189
  <refsect1 id="description">
164
190
    <title>DESCRIPTION</title>
165
191
    <para>
166
192
      <command>&COMMANDNAME;</command> is a program to generate the
167
 
      OpenPGP key used by
168
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
169
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
170
196
      normally written to /etc/mandos for later installation into the
171
 
      initrd image, but this, and most other things, can be changed
172
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
173
199
    </para>
174
200
    <para>
175
 
      This program can also be used with the
176
 
      <option>--password</option> or <option>--passfile</option>
177
 
      options to generate a ready-made section for
178
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
179
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
180
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
181
205
    </para>
182
206
  </refsect1>
183
207
  
184
208
  <refsect1 id="purpose">
185
209
    <title>PURPOSE</title>
 
210
 
186
211
    <para>
187
212
      The purpose of this is to enable <emphasis>remote and unattended
188
213
      rebooting</emphasis> of client host computer with an
189
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
190
215
      linkend="overview"/> for details.
191
216
    </para>
 
217
 
192
218
  </refsect1>
193
219
  
194
220
  <refsect1 id="options">
195
221
    <title>OPTIONS</title>
196
 
    
 
222
 
197
223
    <variablelist>
198
224
      <varlistentry>
199
 
        <term><option>--help</option></term>
200
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
201
226
        <listitem>
202
227
          <para>
203
228
            Show a help message and exit
204
229
          </para>
205
230
        </listitem>
206
231
      </varlistentry>
207
 
      
 
232
 
208
233
      <varlistentry>
209
 
        <term><option>--dir
210
 
        <replaceable>DIRECTORY</replaceable></option></term>
211
 
        <term><option>-d
212
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
213
236
        <listitem>
214
237
          <para>
215
238
            Target directory for key files.  Default is
217
240
          </para>
218
241
        </listitem>
219
242
      </varlistentry>
220
 
      
 
243
 
221
244
      <varlistentry>
222
 
        <term><option>--type
223
 
        <replaceable>TYPE</replaceable></option></term>
224
 
        <term><option>-t
225
 
        <replaceable>TYPE</replaceable></option></term>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
226
247
        <listitem>
227
248
          <para>
228
249
            Key type.  Default is <quote>DSA</quote>.
229
250
          </para>
230
251
        </listitem>
231
252
      </varlistentry>
232
 
      
 
253
 
233
254
      <varlistentry>
234
 
        <term><option>--length
235
 
        <replaceable>BITS</replaceable></option></term>
236
 
        <term><option>-l
237
 
        <replaceable>BITS</replaceable></option></term>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
238
257
        <listitem>
239
258
          <para>
240
259
            Key length in bits.  Default is 2048.
241
260
          </para>
242
261
        </listitem>
243
262
      </varlistentry>
244
 
      
 
263
 
245
264
      <varlistentry>
246
 
        <term><option>--subtype
247
 
        <replaceable>KEYTYPE</replaceable></option></term>
248
 
        <term><option>-s
249
 
        <replaceable>KEYTYPE</replaceable></option></term>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
250
267
        <listitem>
251
268
          <para>
252
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
254
271
          </para>
255
272
        </listitem>
256
273
      </varlistentry>
257
 
      
 
274
 
258
275
      <varlistentry>
259
 
        <term><option>--sublength
260
 
        <replaceable>BITS</replaceable></option></term>
261
 
        <term><option>-L
262
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
263
278
        <listitem>
264
279
          <para>
265
280
            Subkey length in bits.  Default is 2048.
266
281
          </para>
267
282
        </listitem>
268
283
      </varlistentry>
269
 
      
 
284
 
270
285
      <varlistentry>
271
 
        <term><option>--email
272
 
        <replaceable>ADDRESS</replaceable></option></term>
273
 
        <term><option>-e
274
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
275
288
        <listitem>
276
289
          <para>
277
290
            Email address of key.  Default is empty.
278
291
          </para>
279
292
        </listitem>
280
293
      </varlistentry>
281
 
      
 
294
 
282
295
      <varlistentry>
283
 
        <term><option>--comment
284
 
        <replaceable>TEXT</replaceable></option></term>
285
 
        <term><option>-c
286
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
287
298
        <listitem>
288
299
          <para>
289
300
            Comment field for key.  The default value is
291
302
          </para>
292
303
        </listitem>
293
304
      </varlistentry>
294
 
      
 
305
 
295
306
      <varlistentry>
296
 
        <term><option>--expire
297
 
        <replaceable>TIME</replaceable></option></term>
298
 
        <term><option>-x
299
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
300
309
        <listitem>
301
310
          <para>
302
311
            Key expire time.  Default is no expiration.  See
305
314
          </para>
306
315
        </listitem>
307
316
      </varlistentry>
308
 
      
 
317
 
309
318
      <varlistentry>
310
 
        <term><option>--force</option></term>
311
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
312
320
        <listitem>
313
321
          <para>
314
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
315
323
          </para>
316
324
        </listitem>
317
325
      </varlistentry>
318
326
      <varlistentry>
319
 
        <term><option>--password</option></term>
320
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
321
329
        <listitem>
322
330
          <para>
323
331
            Prompt for a password and encrypt it with the key already
329
337
            >8</manvolnum></citerefentry>.  The host name or the name
330
338
            specified with the <option>--name</option> option is used
331
339
            for the section header.  All other options are ignored,
332
 
            and no key is created.
333
 
          </para>
334
 
        </listitem>
335
 
      </varlistentry>
336
 
      <varlistentry>
337
 
        <term><option>--passfile
338
 
        <replaceable>FILE</replaceable></option></term>
339
 
        <term><option>-F
340
 
        <replaceable>FILE</replaceable></option></term>
341
 
        <listitem>
342
 
          <para>
343
 
            The same as <option>--password</option>, but read from
344
 
            <replaceable>FILE</replaceable>, not the terminal.
 
340
            and no keys are created.
345
341
          </para>
346
342
        </listitem>
347
343
      </varlistentry>
348
344
    </variablelist>
349
345
  </refsect1>
350
 
  
 
346
 
351
347
  <refsect1 id="overview">
352
348
    <title>OVERVIEW</title>
353
349
    <xi:include href="overview.xml"/>
354
350
    <para>
355
351
      This program is a small utility to generate new OpenPGP keys for
356
 
      new Mandos clients, and to generate sections for inclusion in
357
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
358
353
    </para>
359
354
  </refsect1>
360
 
  
 
355
 
361
356
  <refsect1 id="exit_status">
362
357
    <title>EXIT STATUS</title>
363
358
    <para>
364
 
      The exit status will be 0 if a new key (or password, if the
365
 
      <option>--password</option> option was used) was successfully
366
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
367
361
    </para>
368
362
  </refsect1>
369
363
  
371
365
    <title>ENVIRONMENT</title>
372
366
    <variablelist>
373
367
      <varlistentry>
374
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
375
369
        <listitem>
376
370
          <para>
377
371
            If set, temporary files will be created here. See
383
377
    </variablelist>
384
378
  </refsect1>
385
379
  
386
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
387
381
    <title>FILES</title>
388
382
    <para>
389
383
      Use the <option>--dir</option> option to change where
420
414
      </varlistentry>
421
415
    </variablelist>
422
416
  </refsect1>
423
 
  
424
 
<!--   <refsect1 id="bugs"> -->
425
 
<!--     <title>BUGS</title> -->
426
 
<!--     <para> -->
427
 
<!--     </para> -->
428
 
<!--   </refsect1> -->
429
 
  
 
417
 
 
418
  <refsect1 id="bugs">
 
419
    <title>BUGS</title>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
 
423
  </refsect1>
 
424
 
430
425
  <refsect1 id="example">
431
426
    <title>EXAMPLE</title>
432
427
    <informalexample>
434
429
        Normal invocation needs no options:
435
430
      </para>
436
431
      <para>
437
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
438
433
      </para>
439
434
    </informalexample>
440
435
    <informalexample>
441
436
      <para>
442
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
443
438
        overwriting old key files:
444
439
      </para>
445
440
      <para>
446
441
 
447
442
<!-- do not wrap this line -->
448
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
449
 
 
450
 
      </para>
451
 
    </informalexample>
452
 
    <informalexample>
453
 
      <para>
454
 
        Prompt for a password, encrypt it with the key in
455
 
        <filename>/etc/mandos</filename> and output a section suitable
456
 
        for <filename>clients.conf</filename>.
457
 
      </para>
458
 
      <para>
459
 
        <userinput>&COMMANDNAME; --password</userinput>
460
 
      </para>
461
 
    </informalexample>
462
 
    <informalexample>
463
 
      <para>
464
 
        Prompt for a password, encrypt it with the key in the
465
 
        <filename>client-key</filename> directory and output a section
466
 
        suitable for <filename>clients.conf</filename>.
467
 
      </para>
468
 
      <para>
469
 
 
470
 
<!-- do not wrap this line -->
471
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
472
444
 
473
445
      </para>
474
446
    </informalexample>
475
447
  </refsect1>
476
 
  
 
448
 
477
449
  <refsect1 id="security">
478
450
    <title>SECURITY</title>
479
451
    <para>
480
452
      The <option>--type</option>, <option>--length</option>,
481
453
      <option>--subtype</option>, and <option>--sublength</option>
482
 
      options can be used to create keys of low security.  If in
483
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
484
456
    </para>
485
457
    <para>
486
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
487
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
488
460
      <manvolnum>8</manvolnum></citerefentry>.
489
461
    </para>
490
462
  </refsect1>
491
 
  
 
463
 
492
464
  <refsect1 id="see_also">
493
465
    <title>SEE ALSO</title>
494
466
    <para>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
495
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
496
 
      <manvolnum>1</manvolnum></citerefentry>,
497
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
498
 
      <manvolnum>5</manvolnum></citerefentry>,
499
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
500
 
      <manvolnum>8</manvolnum></citerefentry>,
501
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
502
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
472
      <manvolnum>1</manvolnum></citerefentry>
503
473
    </para>
504
474
  </refsect1>
505
475
  
506
476
</refentry>
507
 
<!-- Local Variables: -->
508
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
509
 
<!-- time-stamp-end: "[\"']>" -->
510
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
511
 
<!-- End: -->