/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-29 05:53:59 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2016-02-28">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
20
17
        <surname>Påhlsson</surname>
21
18
        <address>
22
 
          <email>belorn@recompile.se</email>
 
19
          <email>belorn@fukt.bsnet.se</email>
23
20
        </address>
24
21
      </author>
25
22
      <author>
26
23
        <firstname>Teddy</firstname>
27
24
        <surname>Hogeborn</surname>
28
25
        <address>
29
 
          <email>teddy@recompile.se</email>
 
26
          <email>teddy@fukt.bsnet.se</email>
30
27
        </address>
31
28
      </author>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
32
      <holder>Teddy Hogeborn</holder>
44
33
      <holder>Björn Påhlsson</holder>
45
34
    </copyright>
46
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
47
58
  </refentryinfo>
48
 
  
 
59
 
49
60
  <refmeta>
50
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
51
62
    <manvolnum>8</manvolnum>
54
65
  <refnamediv>
55
66
    <refname><command>&COMMANDNAME;</command></refname>
56
67
    <refpurpose>
57
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
58
70
    </refpurpose>
59
71
  </refnamediv>
60
 
  
 
72
 
61
73
  <refsynopsisdiv>
62
74
    <cmdsynopsis>
63
75
      <command>&COMMANDNAME;</command>
64
 
      <group>
65
 
        <arg choice="plain"><option>--dir
66
 
        <replaceable>DIRECTORY</replaceable></option></arg>
67
 
        <arg choice="plain"><option>-d
68
 
        <replaceable>DIRECTORY</replaceable></option></arg>
69
 
      </group>
70
 
      <sbr/>
71
 
      <group>
72
 
        <arg choice="plain"><option>--type
73
 
        <replaceable>KEYTYPE</replaceable></option></arg>
74
 
        <arg choice="plain"><option>-t
75
 
        <replaceable>KEYTYPE</replaceable></option></arg>
76
 
      </group>
77
 
      <sbr/>
78
 
      <group>
79
 
        <arg choice="plain"><option>--length
80
 
        <replaceable>BITS</replaceable></option></arg>
81
 
        <arg choice="plain"><option>-l
82
 
        <replaceable>BITS</replaceable></option></arg>
83
 
      </group>
84
 
      <sbr/>
85
 
      <group>
86
 
        <arg choice="plain"><option>--subtype
87
 
        <replaceable>KEYTYPE</replaceable></option></arg>
88
 
        <arg choice="plain"><option>-s
89
 
        <replaceable>KEYTYPE</replaceable></option></arg>
90
 
      </group>
91
 
      <sbr/>
92
 
      <group>
93
 
        <arg choice="plain"><option>--sublength
94
 
        <replaceable>BITS</replaceable></option></arg>
95
 
        <arg choice="plain"><option>-L
96
 
        <replaceable>BITS</replaceable></option></arg>
97
 
      </group>
98
 
      <sbr/>
99
 
      <group>
100
 
        <arg choice="plain"><option>--name
101
 
        <replaceable>NAME</replaceable></option></arg>
102
 
        <arg choice="plain"><option>-n
103
 
        <replaceable>NAME</replaceable></option></arg>
104
 
      </group>
105
 
      <sbr/>
106
 
      <group>
107
 
        <arg choice="plain"><option>--email
108
 
        <replaceable>ADDRESS</replaceable></option></arg>
109
 
        <arg choice="plain"><option>-e
110
 
        <replaceable>ADDRESS</replaceable></option></arg>
111
 
      </group>
112
 
      <sbr/>
113
 
      <group>
114
 
        <arg choice="plain"><option>--comment
115
 
        <replaceable>TEXT</replaceable></option></arg>
116
 
        <arg choice="plain"><option>-c
117
 
        <replaceable>TEXT</replaceable></option></arg>
118
 
      </group>
119
 
      <sbr/>
120
 
      <group>
121
 
        <arg choice="plain"><option>--expire
122
 
        <replaceable>TIME</replaceable></option></arg>
123
 
        <arg choice="plain"><option>-x
124
 
        <replaceable>TIME</replaceable></option></arg>
125
 
      </group>
126
 
      <sbr/>
127
 
      <group>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
128
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
129
155
        <arg choice="plain"><option>-f</option></arg>
130
156
      </group>
131
157
    </cmdsynopsis>
132
158
    <cmdsynopsis>
133
159
      <command>&COMMANDNAME;</command>
134
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
135
162
        <arg choice="plain"><option>--password</option></arg>
136
 
        <arg choice="plain"><option>-p</option></arg>
137
 
        <arg choice="plain"><option>--passfile
138
 
        <replaceable>FILE</replaceable></option></arg>
139
 
        <arg choice="plain"><option>-F</option>
140
 
        <replaceable>FILE</replaceable></arg>
141
 
      </group>
142
 
      <sbr/>
143
 
      <group>
144
 
        <arg choice="plain"><option>--dir
145
 
        <replaceable>DIRECTORY</replaceable></option></arg>
146
 
        <arg choice="plain"><option>-d
147
 
        <replaceable>DIRECTORY</replaceable></option></arg>
148
 
      </group>
149
 
      <sbr/>
150
 
      <group>
151
 
        <arg choice="plain"><option>--name
152
 
        <replaceable>NAME</replaceable></option></arg>
153
 
        <arg choice="plain"><option>-n
154
 
        <replaceable>NAME</replaceable></option></arg>
155
 
      </group>
156
 
      <group>
157
 
        <arg choice="plain"><option>--no-ssh</option></arg>
158
 
        <arg choice="plain"><option>-S</option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
159
171
      </group>
160
172
    </cmdsynopsis>
161
173
    <cmdsynopsis>
162
174
      <command>&COMMANDNAME;</command>
163
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
164
177
        <arg choice="plain"><option>--help</option></arg>
165
 
        <arg choice="plain"><option>-h</option></arg>
166
178
      </group>
167
179
    </cmdsynopsis>
168
180
    <cmdsynopsis>
169
181
      <command>&COMMANDNAME;</command>
170
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
171
184
        <arg choice="plain"><option>--version</option></arg>
172
 
        <arg choice="plain"><option>-v</option></arg>
173
185
      </group>
174
186
    </cmdsynopsis>
175
187
  </refsynopsisdiv>
176
 
  
 
188
 
177
189
  <refsect1 id="description">
178
190
    <title>DESCRIPTION</title>
179
191
    <para>
180
192
      <command>&COMMANDNAME;</command> is a program to generate the
181
 
      OpenPGP key used by
182
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
183
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
184
196
      normally written to /etc/mandos for later installation into the
185
 
      initrd image, but this, and most other things, can be changed
186
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
187
199
    </para>
188
200
    <para>
189
 
      This program can also be used with the
190
 
      <option>--password</option> or <option>--passfile</option>
191
 
      options to generate a ready-made section for
192
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
193
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
194
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
195
205
    </para>
196
206
  </refsect1>
197
207
  
198
208
  <refsect1 id="purpose">
199
209
    <title>PURPOSE</title>
 
210
 
200
211
    <para>
201
212
      The purpose of this is to enable <emphasis>remote and unattended
202
213
      rebooting</emphasis> of client host computer with an
203
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
204
215
      linkend="overview"/> for details.
205
216
    </para>
 
217
 
206
218
  </refsect1>
207
219
  
208
220
  <refsect1 id="options">
209
221
    <title>OPTIONS</title>
210
 
    
 
222
 
211
223
    <variablelist>
212
224
      <varlistentry>
213
 
        <term><option>--help</option></term>
214
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
215
226
        <listitem>
216
227
          <para>
217
228
            Show a help message and exit
218
229
          </para>
219
230
        </listitem>
220
231
      </varlistentry>
221
 
      
 
232
 
222
233
      <varlistentry>
223
 
        <term><option>--dir
224
 
        <replaceable>DIRECTORY</replaceable></option></term>
225
 
        <term><option>-d
226
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
227
236
        <listitem>
228
237
          <para>
229
238
            Target directory for key files.  Default is
230
 
            <filename class="directory">/etc/mandos</filename>.
231
 
          </para>
232
 
        </listitem>
233
 
      </varlistentry>
234
 
      
235
 
      <varlistentry>
236
 
        <term><option>--type
237
 
        <replaceable>TYPE</replaceable></option></term>
238
 
        <term><option>-t
239
 
        <replaceable>TYPE</replaceable></option></term>
240
 
        <listitem>
241
 
          <para>
242
 
            Key type.  Default is <quote>RSA</quote>.
243
 
          </para>
244
 
        </listitem>
245
 
      </varlistentry>
246
 
      
247
 
      <varlistentry>
248
 
        <term><option>--length
249
 
        <replaceable>BITS</replaceable></option></term>
250
 
        <term><option>-l
251
 
        <replaceable>BITS</replaceable></option></term>
252
 
        <listitem>
253
 
          <para>
254
 
            Key length in bits.  Default is 4096.
255
 
          </para>
256
 
        </listitem>
257
 
      </varlistentry>
258
 
      
259
 
      <varlistentry>
260
 
        <term><option>--subtype
261
 
        <replaceable>KEYTYPE</replaceable></option></term>
262
 
        <term><option>-s
263
 
        <replaceable>KEYTYPE</replaceable></option></term>
264
 
        <listitem>
265
 
          <para>
266
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
239
            <filename>/etc/mandos</filename>.
 
240
          </para>
 
241
        </listitem>
 
242
      </varlistentry>
 
243
 
 
244
      <varlistentry>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
 
247
        <listitem>
 
248
          <para>
 
249
            Key type.  Default is <quote>DSA</quote>.
 
250
          </para>
 
251
        </listitem>
 
252
      </varlistentry>
 
253
 
 
254
      <varlistentry>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
 
257
        <listitem>
 
258
          <para>
 
259
            Key length in bits.  Default is 2048.
 
260
          </para>
 
261
        </listitem>
 
262
      </varlistentry>
 
263
 
 
264
      <varlistentry>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
 
267
        <listitem>
 
268
          <para>
 
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
267
270
            encryption-only).
268
271
          </para>
269
272
        </listitem>
270
273
      </varlistentry>
271
 
      
 
274
 
272
275
      <varlistentry>
273
 
        <term><option>--sublength
274
 
        <replaceable>BITS</replaceable></option></term>
275
 
        <term><option>-L
276
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
277
278
        <listitem>
278
279
          <para>
279
 
            Subkey length in bits.  Default is 4096.
 
280
            Subkey length in bits.  Default is 2048.
280
281
          </para>
281
282
        </listitem>
282
283
      </varlistentry>
283
 
      
 
284
 
284
285
      <varlistentry>
285
 
        <term><option>--email
286
 
        <replaceable>ADDRESS</replaceable></option></term>
287
 
        <term><option>-e
288
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
289
288
        <listitem>
290
289
          <para>
291
290
            Email address of key.  Default is empty.
292
291
          </para>
293
292
        </listitem>
294
293
      </varlistentry>
295
 
      
 
294
 
296
295
      <varlistentry>
297
 
        <term><option>--comment
298
 
        <replaceable>TEXT</replaceable></option></term>
299
 
        <term><option>-c
300
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
301
298
        <listitem>
302
299
          <para>
303
 
            Comment field for key.  Default is empty.
 
300
            Comment field for key.  The default value is
 
301
            <quote><literal>Mandos client key</literal></quote>.
304
302
          </para>
305
303
        </listitem>
306
304
      </varlistentry>
307
 
      
 
305
 
308
306
      <varlistentry>
309
 
        <term><option>--expire
310
 
        <replaceable>TIME</replaceable></option></term>
311
 
        <term><option>-x
312
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
313
309
        <listitem>
314
310
          <para>
315
311
            Key expire time.  Default is no expiration.  See
318
314
          </para>
319
315
        </listitem>
320
316
      </varlistentry>
321
 
      
 
317
 
322
318
      <varlistentry>
323
 
        <term><option>--force</option></term>
324
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
325
320
        <listitem>
326
321
          <para>
327
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
328
323
          </para>
329
324
        </listitem>
330
325
      </varlistentry>
331
326
      <varlistentry>
332
 
        <term><option>--password</option></term>
333
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
334
329
        <listitem>
335
330
          <para>
336
331
            Prompt for a password and encrypt it with the key already
342
337
            >8</manvolnum></citerefentry>.  The host name or the name
343
338
            specified with the <option>--name</option> option is used
344
339
            for the section header.  All other options are ignored,
345
 
            and no key is created.
346
 
          </para>
347
 
        </listitem>
348
 
      </varlistentry>
349
 
      <varlistentry>
350
 
        <term><option>--passfile
351
 
        <replaceable>FILE</replaceable></option></term>
352
 
        <term><option>-F
353
 
        <replaceable>FILE</replaceable></option></term>
354
 
        <listitem>
355
 
          <para>
356
 
            The same as <option>--password</option>, but read from
357
 
            <replaceable>FILE</replaceable>, not the terminal.
358
 
          </para>
359
 
        </listitem>
360
 
      </varlistentry>
361
 
      <varlistentry>
362
 
        <term><option>--no-ssh</option></term>
363
 
        <term><option>-S</option></term>
364
 
        <listitem>
365
 
          <para>
366
 
            When <option>--password</option> or
367
 
            <option>--passfile</option> is given, this option will
368
 
            prevent <command>&COMMANDNAME;</command> from calling
369
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
370
 
            for this host and, if successful, output suitable config
371
 
            options to use this fingerprint as a
372
 
            <option>checker</option> option in the output.  This is
373
 
            otherwise the default behavior.
 
340
            and no keys are created.
374
341
          </para>
375
342
        </listitem>
376
343
      </varlistentry>
377
344
    </variablelist>
378
345
  </refsect1>
379
 
  
 
346
 
380
347
  <refsect1 id="overview">
381
348
    <title>OVERVIEW</title>
382
349
    <xi:include href="overview.xml"/>
383
350
    <para>
384
351
      This program is a small utility to generate new OpenPGP keys for
385
 
      new Mandos clients, and to generate sections for inclusion in
386
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
387
353
    </para>
388
354
  </refsect1>
389
 
  
 
355
 
390
356
  <refsect1 id="exit_status">
391
357
    <title>EXIT STATUS</title>
392
358
    <para>
393
 
      The exit status will be 0 if a new key (or password, if the
394
 
      <option>--password</option> option was used) was successfully
395
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
396
361
    </para>
397
362
  </refsect1>
398
363
  
400
365
    <title>ENVIRONMENT</title>
401
366
    <variablelist>
402
367
      <varlistentry>
403
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
404
369
        <listitem>
405
370
          <para>
406
371
            If set, temporary files will be created here. See
412
377
    </variablelist>
413
378
  </refsect1>
414
379
  
415
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
416
381
    <title>FILES</title>
417
382
    <para>
418
383
      Use the <option>--dir</option> option to change where
439
404
        </listitem>
440
405
      </varlistentry>
441
406
      <varlistentry>
442
 
        <term><filename class="directory">/tmp</filename></term>
 
407
        <term><filename>/tmp</filename></term>
443
408
        <listitem>
444
409
          <para>
445
410
            Temporary files will be written here if
449
414
      </varlistentry>
450
415
    </variablelist>
451
416
  </refsect1>
452
 
  
453
 
<!--   <refsect1 id="bugs"> -->
454
 
<!--     <title>BUGS</title> -->
455
 
<!--     <para> -->
456
 
<!--     </para> -->
457
 
<!--   </refsect1> -->
458
 
  
 
417
 
 
418
  <refsect1 id="bugs">
 
419
    <title>BUGS</title>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
 
423
  </refsect1>
 
424
 
459
425
  <refsect1 id="example">
460
426
    <title>EXAMPLE</title>
461
427
    <informalexample>
463
429
        Normal invocation needs no options:
464
430
      </para>
465
431
      <para>
466
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
467
433
      </para>
468
434
    </informalexample>
469
435
    <informalexample>
470
436
      <para>
471
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
472
438
        overwriting old key files:
473
439
      </para>
474
440
      <para>
475
441
 
476
442
<!-- do not wrap this line -->
477
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
478
 
 
479
 
      </para>
480
 
    </informalexample>
481
 
    <informalexample>
482
 
      <para>
483
 
        Prompt for a password, encrypt it with the key in <filename
484
 
        class="directory">/etc/mandos</filename> and output a section
485
 
        suitable for <filename>clients.conf</filename>.
486
 
      </para>
487
 
      <para>
488
 
        <userinput>&COMMANDNAME; --password</userinput>
489
 
      </para>
490
 
    </informalexample>
491
 
    <informalexample>
492
 
      <para>
493
 
        Prompt for a password, encrypt it with the key in the
494
 
        <filename>client-key</filename> directory and output a section
495
 
        suitable for <filename>clients.conf</filename>.
496
 
      </para>
497
 
      <para>
498
 
 
499
 
<!-- do not wrap this line -->
500
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
501
444
 
502
445
      </para>
503
446
    </informalexample>
504
447
  </refsect1>
505
 
  
 
448
 
506
449
  <refsect1 id="security">
507
450
    <title>SECURITY</title>
508
451
    <para>
509
452
      The <option>--type</option>, <option>--length</option>,
510
453
      <option>--subtype</option>, and <option>--sublength</option>
511
 
      options can be used to create keys of low security.  If in
512
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
513
456
    </para>
514
457
    <para>
515
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
516
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
517
460
      <manvolnum>8</manvolnum></citerefentry>.
518
461
    </para>
519
462
  </refsect1>
520
 
  
 
463
 
521
464
  <refsect1 id="see_also">
522
465
    <title>SEE ALSO</title>
523
466
    <para>
524
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
525
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
526
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
527
 
      <manvolnum>1</manvolnum></citerefentry>,
528
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
529
 
      <manvolnum>5</manvolnum></citerefentry>,
530
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
531
 
      <manvolnum>8</manvolnum></citerefentry>,
532
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
533
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
534
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
535
472
      <manvolnum>1</manvolnum></citerefentry>
536
473
    </para>
537
474
  </refsect1>
538
475
  
539
476
</refentry>
540
 
<!-- Local Variables: -->
541
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
542
 
<!-- time-stamp-end: "[\"']>" -->
543
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
544
 
<!-- End: -->