/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-29 05:53:59 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2015-07-20">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
20
17
        <surname>Påhlsson</surname>
21
18
        <address>
22
 
          <email>belorn@recompile.se</email>
 
19
          <email>belorn@fukt.bsnet.se</email>
23
20
        </address>
24
21
      </author>
25
22
      <author>
26
23
        <firstname>Teddy</firstname>
27
24
        <surname>Hogeborn</surname>
28
25
        <address>
29
 
          <email>teddy@recompile.se</email>
 
26
          <email>teddy@fukt.bsnet.se</email>
30
27
        </address>
31
28
      </author>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
32
      <holder>Teddy Hogeborn</holder>
43
33
      <holder>Björn Påhlsson</holder>
44
34
    </copyright>
45
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
46
58
  </refentryinfo>
47
 
  
 
59
 
48
60
  <refmeta>
49
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
50
62
    <manvolnum>8</manvolnum>
53
65
  <refnamediv>
54
66
    <refname><command>&COMMANDNAME;</command></refname>
55
67
    <refpurpose>
56
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
57
70
    </refpurpose>
58
71
  </refnamediv>
59
 
  
 
72
 
60
73
  <refsynopsisdiv>
61
74
    <cmdsynopsis>
62
75
      <command>&COMMANDNAME;</command>
63
 
      <group>
64
 
        <arg choice="plain"><option>--dir
65
 
        <replaceable>DIRECTORY</replaceable></option></arg>
66
 
        <arg choice="plain"><option>-d
67
 
        <replaceable>DIRECTORY</replaceable></option></arg>
68
 
      </group>
69
 
      <sbr/>
70
 
      <group>
71
 
        <arg choice="plain"><option>--type
72
 
        <replaceable>KEYTYPE</replaceable></option></arg>
73
 
        <arg choice="plain"><option>-t
74
 
        <replaceable>KEYTYPE</replaceable></option></arg>
75
 
      </group>
76
 
      <sbr/>
77
 
      <group>
78
 
        <arg choice="plain"><option>--length
79
 
        <replaceable>BITS</replaceable></option></arg>
80
 
        <arg choice="plain"><option>-l
81
 
        <replaceable>BITS</replaceable></option></arg>
82
 
      </group>
83
 
      <sbr/>
84
 
      <group>
85
 
        <arg choice="plain"><option>--subtype
86
 
        <replaceable>KEYTYPE</replaceable></option></arg>
87
 
        <arg choice="plain"><option>-s
88
 
        <replaceable>KEYTYPE</replaceable></option></arg>
89
 
      </group>
90
 
      <sbr/>
91
 
      <group>
92
 
        <arg choice="plain"><option>--sublength
93
 
        <replaceable>BITS</replaceable></option></arg>
94
 
        <arg choice="plain"><option>-L
95
 
        <replaceable>BITS</replaceable></option></arg>
96
 
      </group>
97
 
      <sbr/>
98
 
      <group>
99
 
        <arg choice="plain"><option>--name
100
 
        <replaceable>NAME</replaceable></option></arg>
101
 
        <arg choice="plain"><option>-n
102
 
        <replaceable>NAME</replaceable></option></arg>
103
 
      </group>
104
 
      <sbr/>
105
 
      <group>
106
 
        <arg choice="plain"><option>--email
107
 
        <replaceable>ADDRESS</replaceable></option></arg>
108
 
        <arg choice="plain"><option>-e
109
 
        <replaceable>ADDRESS</replaceable></option></arg>
110
 
      </group>
111
 
      <sbr/>
112
 
      <group>
113
 
        <arg choice="plain"><option>--comment
114
 
        <replaceable>TEXT</replaceable></option></arg>
115
 
        <arg choice="plain"><option>-c
116
 
        <replaceable>TEXT</replaceable></option></arg>
117
 
      </group>
118
 
      <sbr/>
119
 
      <group>
120
 
        <arg choice="plain"><option>--expire
121
 
        <replaceable>TIME</replaceable></option></arg>
122
 
        <arg choice="plain"><option>-x
123
 
        <replaceable>TIME</replaceable></option></arg>
124
 
      </group>
125
 
      <sbr/>
126
 
      <group>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
127
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
128
155
        <arg choice="plain"><option>-f</option></arg>
129
156
      </group>
130
157
    </cmdsynopsis>
131
158
    <cmdsynopsis>
132
159
      <command>&COMMANDNAME;</command>
133
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
134
162
        <arg choice="plain"><option>--password</option></arg>
135
 
        <arg choice="plain"><option>-p</option></arg>
136
 
        <arg choice="plain"><option>--passfile
137
 
        <replaceable>FILE</replaceable></option></arg>
138
 
        <arg choice="plain"><option>-F</option>
139
 
        <replaceable>FILE</replaceable></arg>
140
 
      </group>
141
 
      <sbr/>
142
 
      <group>
143
 
        <arg choice="plain"><option>--dir
144
 
        <replaceable>DIRECTORY</replaceable></option></arg>
145
 
        <arg choice="plain"><option>-d
146
 
        <replaceable>DIRECTORY</replaceable></option></arg>
147
 
      </group>
148
 
      <sbr/>
149
 
      <group>
150
 
        <arg choice="plain"><option>--name
151
 
        <replaceable>NAME</replaceable></option></arg>
152
 
        <arg choice="plain"><option>-n
153
 
        <replaceable>NAME</replaceable></option></arg>
154
 
      </group>
155
 
      <group>
156
 
        <arg choice="plain"><option>--no-ssh</option></arg>
157
 
        <arg choice="plain"><option>-S</option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
158
171
      </group>
159
172
    </cmdsynopsis>
160
173
    <cmdsynopsis>
161
174
      <command>&COMMANDNAME;</command>
162
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
163
177
        <arg choice="plain"><option>--help</option></arg>
164
 
        <arg choice="plain"><option>-h</option></arg>
165
178
      </group>
166
179
    </cmdsynopsis>
167
180
    <cmdsynopsis>
168
181
      <command>&COMMANDNAME;</command>
169
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
170
184
        <arg choice="plain"><option>--version</option></arg>
171
 
        <arg choice="plain"><option>-v</option></arg>
172
185
      </group>
173
186
    </cmdsynopsis>
174
187
  </refsynopsisdiv>
175
 
  
 
188
 
176
189
  <refsect1 id="description">
177
190
    <title>DESCRIPTION</title>
178
191
    <para>
179
192
      <command>&COMMANDNAME;</command> is a program to generate the
180
 
      OpenPGP key used by
181
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
182
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
183
196
      normally written to /etc/mandos for later installation into the
184
 
      initrd image, but this, and most other things, can be changed
185
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
186
199
    </para>
187
200
    <para>
188
 
      This program can also be used with the
189
 
      <option>--password</option> or <option>--passfile</option>
190
 
      options to generate a ready-made section for
191
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
192
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
193
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
194
205
    </para>
195
206
  </refsect1>
196
207
  
197
208
  <refsect1 id="purpose">
198
209
    <title>PURPOSE</title>
 
210
 
199
211
    <para>
200
212
      The purpose of this is to enable <emphasis>remote and unattended
201
213
      rebooting</emphasis> of client host computer with an
202
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
203
215
      linkend="overview"/> for details.
204
216
    </para>
 
217
 
205
218
  </refsect1>
206
219
  
207
220
  <refsect1 id="options">
208
221
    <title>OPTIONS</title>
209
 
    
 
222
 
210
223
    <variablelist>
211
224
      <varlistentry>
212
 
        <term><option>--help</option></term>
213
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
214
226
        <listitem>
215
227
          <para>
216
228
            Show a help message and exit
217
229
          </para>
218
230
        </listitem>
219
231
      </varlistentry>
220
 
      
 
232
 
221
233
      <varlistentry>
222
 
        <term><option>--dir
223
 
        <replaceable>DIRECTORY</replaceable></option></term>
224
 
        <term><option>-d
225
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
226
236
        <listitem>
227
237
          <para>
228
238
            Target directory for key files.  Default is
229
 
            <filename class="directory">/etc/mandos</filename>.
230
 
          </para>
231
 
        </listitem>
232
 
      </varlistentry>
233
 
      
234
 
      <varlistentry>
235
 
        <term><option>--type
236
 
        <replaceable>TYPE</replaceable></option></term>
237
 
        <term><option>-t
238
 
        <replaceable>TYPE</replaceable></option></term>
239
 
        <listitem>
240
 
          <para>
241
 
            Key type.  Default is <quote>RSA</quote>.
242
 
          </para>
243
 
        </listitem>
244
 
      </varlistentry>
245
 
      
246
 
      <varlistentry>
247
 
        <term><option>--length
248
 
        <replaceable>BITS</replaceable></option></term>
249
 
        <term><option>-l
250
 
        <replaceable>BITS</replaceable></option></term>
251
 
        <listitem>
252
 
          <para>
253
 
            Key length in bits.  Default is 4096.
254
 
          </para>
255
 
        </listitem>
256
 
      </varlistentry>
257
 
      
258
 
      <varlistentry>
259
 
        <term><option>--subtype
260
 
        <replaceable>KEYTYPE</replaceable></option></term>
261
 
        <term><option>-s
262
 
        <replaceable>KEYTYPE</replaceable></option></term>
263
 
        <listitem>
264
 
          <para>
265
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
239
            <filename>/etc/mandos</filename>.
 
240
          </para>
 
241
        </listitem>
 
242
      </varlistentry>
 
243
 
 
244
      <varlistentry>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
 
247
        <listitem>
 
248
          <para>
 
249
            Key type.  Default is <quote>DSA</quote>.
 
250
          </para>
 
251
        </listitem>
 
252
      </varlistentry>
 
253
 
 
254
      <varlistentry>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
 
257
        <listitem>
 
258
          <para>
 
259
            Key length in bits.  Default is 2048.
 
260
          </para>
 
261
        </listitem>
 
262
      </varlistentry>
 
263
 
 
264
      <varlistentry>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
 
267
        <listitem>
 
268
          <para>
 
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
266
270
            encryption-only).
267
271
          </para>
268
272
        </listitem>
269
273
      </varlistentry>
270
 
      
 
274
 
271
275
      <varlistentry>
272
 
        <term><option>--sublength
273
 
        <replaceable>BITS</replaceable></option></term>
274
 
        <term><option>-L
275
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
276
278
        <listitem>
277
279
          <para>
278
 
            Subkey length in bits.  Default is 4096.
 
280
            Subkey length in bits.  Default is 2048.
279
281
          </para>
280
282
        </listitem>
281
283
      </varlistentry>
282
 
      
 
284
 
283
285
      <varlistentry>
284
 
        <term><option>--email
285
 
        <replaceable>ADDRESS</replaceable></option></term>
286
 
        <term><option>-e
287
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
288
288
        <listitem>
289
289
          <para>
290
290
            Email address of key.  Default is empty.
291
291
          </para>
292
292
        </listitem>
293
293
      </varlistentry>
294
 
      
 
294
 
295
295
      <varlistentry>
296
 
        <term><option>--comment
297
 
        <replaceable>TEXT</replaceable></option></term>
298
 
        <term><option>-c
299
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
300
298
        <listitem>
301
299
          <para>
302
 
            Comment field for key.  Default is empty.
 
300
            Comment field for key.  The default value is
 
301
            <quote><literal>Mandos client key</literal></quote>.
303
302
          </para>
304
303
        </listitem>
305
304
      </varlistentry>
306
 
      
 
305
 
307
306
      <varlistentry>
308
 
        <term><option>--expire
309
 
        <replaceable>TIME</replaceable></option></term>
310
 
        <term><option>-x
311
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
312
309
        <listitem>
313
310
          <para>
314
311
            Key expire time.  Default is no expiration.  See
317
314
          </para>
318
315
        </listitem>
319
316
      </varlistentry>
320
 
      
 
317
 
321
318
      <varlistentry>
322
 
        <term><option>--force</option></term>
323
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
324
320
        <listitem>
325
321
          <para>
326
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
327
323
          </para>
328
324
        </listitem>
329
325
      </varlistentry>
330
326
      <varlistentry>
331
 
        <term><option>--password</option></term>
332
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
333
329
        <listitem>
334
330
          <para>
335
331
            Prompt for a password and encrypt it with the key already
341
337
            >8</manvolnum></citerefentry>.  The host name or the name
342
338
            specified with the <option>--name</option> option is used
343
339
            for the section header.  All other options are ignored,
344
 
            and no key is created.
345
 
          </para>
346
 
        </listitem>
347
 
      </varlistentry>
348
 
      <varlistentry>
349
 
        <term><option>--passfile
350
 
        <replaceable>FILE</replaceable></option></term>
351
 
        <term><option>-F
352
 
        <replaceable>FILE</replaceable></option></term>
353
 
        <listitem>
354
 
          <para>
355
 
            The same as <option>--password</option>, but read from
356
 
            <replaceable>FILE</replaceable>, not the terminal.
357
 
          </para>
358
 
        </listitem>
359
 
      </varlistentry>
360
 
      <varlistentry>
361
 
        <term><option>--no-ssh</option></term>
362
 
        <term><option>-S</option></term>
363
 
        <listitem>
364
 
          <para>
365
 
            When <option>--password</option> or
366
 
            <option>--passfile</option> is given, this option will
367
 
            prevent <command>&COMMANDNAME;</command> from calling
368
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
369
 
            for this host and, if successful, output suitable config
370
 
            options to use this fingerprint as a
371
 
            <option>checker</option> option in the output.  This is
372
 
            otherwise the default behavior.
 
340
            and no keys are created.
373
341
          </para>
374
342
        </listitem>
375
343
      </varlistentry>
376
344
    </variablelist>
377
345
  </refsect1>
378
 
  
 
346
 
379
347
  <refsect1 id="overview">
380
348
    <title>OVERVIEW</title>
381
349
    <xi:include href="overview.xml"/>
382
350
    <para>
383
351
      This program is a small utility to generate new OpenPGP keys for
384
 
      new Mandos clients, and to generate sections for inclusion in
385
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
386
353
    </para>
387
354
  </refsect1>
388
 
  
 
355
 
389
356
  <refsect1 id="exit_status">
390
357
    <title>EXIT STATUS</title>
391
358
    <para>
392
 
      The exit status will be 0 if a new key (or password, if the
393
 
      <option>--password</option> option was used) was successfully
394
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
395
361
    </para>
396
362
  </refsect1>
397
363
  
399
365
    <title>ENVIRONMENT</title>
400
366
    <variablelist>
401
367
      <varlistentry>
402
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
403
369
        <listitem>
404
370
          <para>
405
371
            If set, temporary files will be created here. See
411
377
    </variablelist>
412
378
  </refsect1>
413
379
  
414
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
415
381
    <title>FILES</title>
416
382
    <para>
417
383
      Use the <option>--dir</option> option to change where
438
404
        </listitem>
439
405
      </varlistentry>
440
406
      <varlistentry>
441
 
        <term><filename class="directory">/tmp</filename></term>
 
407
        <term><filename>/tmp</filename></term>
442
408
        <listitem>
443
409
          <para>
444
410
            Temporary files will be written here if
448
414
      </varlistentry>
449
415
    </variablelist>
450
416
  </refsect1>
451
 
  
452
 
<!--   <refsect1 id="bugs"> -->
453
 
<!--     <title>BUGS</title> -->
454
 
<!--     <para> -->
455
 
<!--     </para> -->
456
 
<!--   </refsect1> -->
457
 
  
 
417
 
 
418
  <refsect1 id="bugs">
 
419
    <title>BUGS</title>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
 
423
  </refsect1>
 
424
 
458
425
  <refsect1 id="example">
459
426
    <title>EXAMPLE</title>
460
427
    <informalexample>
462
429
        Normal invocation needs no options:
463
430
      </para>
464
431
      <para>
465
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
466
433
      </para>
467
434
    </informalexample>
468
435
    <informalexample>
469
436
      <para>
470
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
471
438
        overwriting old key files:
472
439
      </para>
473
440
      <para>
474
441
 
475
442
<!-- do not wrap this line -->
476
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
477
 
 
478
 
      </para>
479
 
    </informalexample>
480
 
    <informalexample>
481
 
      <para>
482
 
        Prompt for a password, encrypt it with the key in <filename
483
 
        class="directory">/etc/mandos</filename> and output a section
484
 
        suitable for <filename>clients.conf</filename>.
485
 
      </para>
486
 
      <para>
487
 
        <userinput>&COMMANDNAME; --password</userinput>
488
 
      </para>
489
 
    </informalexample>
490
 
    <informalexample>
491
 
      <para>
492
 
        Prompt for a password, encrypt it with the key in the
493
 
        <filename>client-key</filename> directory and output a section
494
 
        suitable for <filename>clients.conf</filename>.
495
 
      </para>
496
 
      <para>
497
 
 
498
 
<!-- do not wrap this line -->
499
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
500
444
 
501
445
      </para>
502
446
    </informalexample>
503
447
  </refsect1>
504
 
  
 
448
 
505
449
  <refsect1 id="security">
506
450
    <title>SECURITY</title>
507
451
    <para>
508
452
      The <option>--type</option>, <option>--length</option>,
509
453
      <option>--subtype</option>, and <option>--sublength</option>
510
 
      options can be used to create keys of low security.  If in
511
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
512
456
    </para>
513
457
    <para>
514
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
515
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
516
460
      <manvolnum>8</manvolnum></citerefentry>.
517
461
    </para>
518
462
  </refsect1>
519
 
  
 
463
 
520
464
  <refsect1 id="see_also">
521
465
    <title>SEE ALSO</title>
522
466
    <para>
523
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
524
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
525
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
526
 
      <manvolnum>1</manvolnum></citerefentry>,
527
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
528
 
      <manvolnum>5</manvolnum></citerefentry>,
529
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
530
 
      <manvolnum>8</manvolnum></citerefentry>,
531
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
532
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
533
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
534
472
      <manvolnum>1</manvolnum></citerefentry>
535
473
    </para>
536
474
  </refsect1>
537
475
  
538
476
</refentry>
539
 
<!-- Local Variables: -->
540
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
541
 
<!-- time-stamp-end: "[\"']>" -->
542
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
543
 
<!-- End: -->