/mandos/trunk : revision 110

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-29 05:53:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus

* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

files added:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-keygen

mandos-keygen.xml

mandos-options.xml

overview.xml

plugins.d/usplash

files removed:
network-protocol.txt

files renamed:
mandos-client.c => plugin-runner.c

mandos-client.xml => plugin-runner.xml

files modified:
Makefile

TODO

clients.conf

mandos

mandos-clients.conf.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<title>&COMMANDNAME;</title>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Generate keys for <citerefentry><refentrytitle>password-request

</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<replaceable>directory</replaceable></arg>

</group>

</group>

<arg choice="plain"><option>--length</option>

</group>

<arg choice="plain"><option>--subtype</option>

</group>

<arg choice="plain"><option>--sublength</option>

</group>

</group>

100

101

<arg choice="plain"><option>--email</option>

102

<replaceable>EMAIL</replaceable></arg>

103

</group>

104

105

<arg choice="plain"><option>--comment</option>

106

<replaceable>COMMENT</replaceable></arg>

107

</group>

108

109

<arg choice="plain"><option>--expire</option>

110

111

</group>

112

113

<arg choice="plain"><option>--force</option></arg>

114

</group>

115

</cmdsynopsis>

116

117

<command>&COMMANDNAME;</command>

118

119

120

<replaceable>directory</replaceable></arg>

121

</group>

122

123

124

125

</group>

126

127

128

129

</group>

130

131

132

133

</group>

134

135

136

137

</group>

138

139

140

141

</group>

142

143

144

<replaceable>EMAIL</replaceable></arg>

145

</group>

146

147

148

<replaceable>COMMENT</replaceable></arg>

149

</group>

150

151

152

153

</group>

154

155

156

</group>

157

</cmdsynopsis>

158

159

<command>&COMMANDNAME;</command>

160

161

162

<arg choice="plain"><option>--password</option></arg>

163

</group>

164

165

166

<replaceable>directory</replaceable></arg>

167

</group>

168

169

170

171

</group>

172

</cmdsynopsis>

173

174

<command>&COMMANDNAME;</command>

175

176

177

178

</group>

179

</cmdsynopsis>

180

181

<command>&COMMANDNAME;</command>

182

183

184

<arg choice="plain"><option>--version</option></arg>

185

</group>

186

</cmdsynopsis>

187

</refsynopsisdiv>

188

189

190

<title>DESCRIPTION</title>

191

<para>

192

<command>&COMMANDNAME;</command> is a program to generate the

193

OpenPGP keys used by

194

<citerefentry><refentrytitle>password-request</refentrytitle>

195

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

196

normally written to /etc/mandos for later installation into the

197

initrd image, but this, like most things, can be changed with

198

command line options.

199

</para>

200

<para>

201

It can also be used to generate ready-made sections for

202

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

203

<manvolnum>5</manvolnum></citerefentry> using the

204

<option>--password</option> option.

205

</para>

206

</refsect1>

207

208

209

<title>PURPOSE</title>

210

211

<para>

212

The purpose of this is to enable <emphasis>remote and unattended

213

rebooting</emphasis> of client host computer with an

214

<emphasis>encrypted root file system</emphasis>. See <xref

215

linkend="overview"/> for details.

216

</para>

217

218

</refsect1>

219

220

221

<title>OPTIONS</title>

222

223

224

225

226

227

<para>

228

Show a help message and exit

229

</para>

230

</listitem>

231

</varlistentry>

232

233

234

<term><literal>-d</literal>, <literal>--dir

235

<replaceable>directory</replaceable></literal></term>

236

237

<para>

238

Target directory for key files. Default is

239

<filename>/etc/mandos</filename>.

240

</para>

241

</listitem>

242

</varlistentry>

243

244

245

<term><literal>-t</literal>, <literal>--type

246

247

248

<para>

249

Key type. Default is <quote>DSA</quote>.

250

</para>

251

</listitem>

252

</varlistentry>

253

254

255

<term><literal>-l</literal>, <literal>--length

256

257

258

<para>

259

Key length in bits. Default is 2048.

260

</para>

261

</listitem>

262

</varlistentry>

263

264

265

<term><literal>-s</literal>, <literal>--subtype

266

267

268

<para>

269

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

270

encryption-only).

271

</para>

272

</listitem>

273

</varlistentry>

274

275

276

<term><literal>-L</literal>, <literal>--sublength

277

278

279

<para>

280

Subkey length in bits. Default is 2048.

281

</para>

282

</listitem>

283

</varlistentry>

284

285

286

<term><literal>-e</literal>, <literal>--email</literal>

287

<replaceable>address</replaceable></term>

288

289

<para>

290

Email address of key. Default is empty.

291

</para>

292

</listitem>

293

</varlistentry>

294

295

296

<term><literal>-c</literal>, <literal>--comment</literal>

297

<replaceable>comment</replaceable></term>

298

299

<para>

300

Comment field for key. The default value is

301

<quote><literal>Mandos client key</literal></quote>.

302

</para>

303

</listitem>

304

</varlistentry>

305

306

307

<term><literal>-x</literal>, <literal>--expire</literal>

308

309

310

<para>

311

Key expire time. Default is no expiration. See

312

313

<manvolnum>1</manvolnum></citerefentry> for syntax.

314

</para>

315

</listitem>

316

</varlistentry>

317

318

319

<term><literal>-f</literal>, <literal>--force</literal></term>

320

321

<para>

322

Force overwriting old keys.

323

</para>

324

</listitem>

325

</varlistentry>

326

327

<term><literal>-p</literal>, <literal>--password</literal

328

></term>

329

330

<para>

331

Prompt for a password and encrypt it with the key already

332

present in either <filename>/etc/mandos</filename> or the

333

directory specified with the <option>--dir</option>

334

option. Outputs, on standard output, a section suitable

335

for inclusion in <citerefentry><refentrytitle

336

>mandos-clients.conf</refentrytitle><manvolnum

337

>8</manvolnum></citerefentry>. The host name or the name

338

specified with the <option>--name</option> option is used

339

for the section header. All other options are ignored,

340

and no keys are created.

341

</para>

342

</listitem>

343

</varlistentry>

344

</variablelist>

345

</refsect1>

346

347

348

<title>OVERVIEW</title>

349

<xi:include href="overview.xml"/>

350

<para>

351

This program is a small utility to generate new OpenPGP keys for

352

new Mandos clients.

353

</para>

354

</refsect1>

355

356

357

<title>EXIT STATUS</title>

358

<para>

359

The exit status will be 0 if new keys were successfully created,

360

otherwise not.

361

</para>

362

</refsect1>

363

364

365

<title>ENVIRONMENT</title>

366

367

368

<term><varname>TMPDIR</varname></term>

369

370

<para>

371

If set, temporary files will be created here. See

372

<citerefentry><refentrytitle>mktemp</refentrytitle>

373

<manvolnum>1</manvolnum></citerefentry>.

374

</para>

375

</listitem>

376

</varlistentry>

377

</variablelist>

378

</refsect1>

379

380

381

<title>FILES</title>

382

<para>

383

Use the <option>--dir</option> option to change where

384

<command>&COMMANDNAME;</command> will write the key files. The

385

default file names are shown here.

386

</para>

387

388

389

<term><filename>/etc/mandos/seckey.txt</filename></term>

390

391

<para>

392

OpenPGP secret key file which will be created or

393

overwritten.

394

</para>

395

</listitem>

396

</varlistentry>

397

398

<term><filename>/etc/mandos/pubkey.txt</filename></term>

399

400

<para>

401

OpenPGP public key file which will be created or

402

overwritten.

403

</para>

404

</listitem>

405

</varlistentry>

406

407

408

409

<para>

410

Temporary files will be written here if

411

<varname>TMPDIR</varname> is not set.

412

</para>

413

</listitem>

414

</varlistentry>

415

</variablelist>

416

</refsect1>

417

418

419

420

<para>

421

None are known at this time.

422

</para>

423

</refsect1>

424

425

426

<title>EXAMPLE</title>

427

428

<para>

429

Normal invocation needs no options:

430

</para>

431

<para>

432

<userinput>mandos-keygen</userinput>

433

</para>

434

</informalexample>

435

436

<para>

437

Create keys in another directory and of another type. Force

438

overwriting old key files:

439

</para>

440

<para>

441

442

443

<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>

444

445

</para>

446

</informalexample>

447

</refsect1>

448

449

450

<title>SECURITY</title>

451

<para>

452

The <option>--type</option>, <option>--length</option>,

453

<option>--subtype</option>, and <option>--sublength</option>

454

options can be used to create keys of insufficient security. If

455

in doubt, leave them to the default values.

456

</para>

457

<para>

458

The key expire time is not guaranteed to be honored by

459

<citerefentry><refentrytitle>mandos</refentrytitle>

460

<manvolnum>8</manvolnum></citerefentry>.

461

</para>

462

</refsect1>

463

464

465

466

<para>

467

<citerefentry><refentrytitle>password-request</refentrytitle>

468

<manvolnum>8mandos</manvolnum></citerefentry>,

469

<citerefentry><refentrytitle>mandos</refentrytitle>

470

<manvolnum>8</manvolnum></citerefentry>,

471

472

473

</para>

474

</refsect1>

475

476

</refentry>

Older »