/mandos/trunk : revision 110

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-29 05:53:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus

* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

files added:
.bzrignore

mandos-options.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version='1.0' encoding='UTF-8'?>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY OVERVIEW SYSTEM "overview.xml">

<title>&COMMANDNAME;</title>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

</authorgroup>

<holder>Teddy Hogeborn & Björn Påhlsson</holder>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

</group>

<arg choice="plain"><option>--subtype</option>

</group>

<arg choice="plain"><option>--sublength</option>

</group>

</group>

120

128

121

129

</group>

122

130

131

132

133

</group>

134

135

136

137

</group>

138

123

139

124

140

125

141

</group>

142

158

143

159

<command>&COMMANDNAME;</command>

144

160

145

146

147

</group>

148

</cmdsynopsis>

149

150

<command>&COMMANDNAME;</command>

151

152

153

<arg choice='plain'><option>--version</option></arg>

161

162

<arg choice="plain"><option>--password</option></arg>

163

</group>

164

165

166

<replaceable>directory</replaceable></arg>

167

</group>

168

169

170

171

</group>

172

</cmdsynopsis>

173

174

<command>&COMMANDNAME;</command>

175

176

177

178

</group>

179

</cmdsynopsis>

180

181

<command>&COMMANDNAME;</command>

182

183

184

<arg choice="plain"><option>--version</option></arg>

154

185

</group>

155

186

</cmdsynopsis>

156

187

</refsynopsisdiv>

166

197

initrd image, but this, like most things, can be changed with

167

198

command line options.

168

199

</para>

200

<para>

201

It can also be used to generate ready-made sections for

202

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

203

<manvolnum>5</manvolnum></citerefentry> using the

204

<option>--password</option> option.

205

</para>

169

206

</refsect1>

170

207

171

208

198

235

<replaceable>directory</replaceable></literal></term>

199

236

200

237

<para>

201

Target directory for key files.

238

Target directory for key files. Default is

239

<filename>/etc/mandos</filename>.

202

240

</para>

203

241

</listitem>

204

242

</varlistentry>

208

246

209

247

210

248

<para>

211

Key type. Default is DSA.

249

Key type. Default is <quote>DSA</quote>.

212

250

</para>

213

251

</listitem>

214

252

</varlistentry>

218

256

219

257

220

258

<para>

221

Key length in bits. Default is 1024.

259

Key length in bits. Default is 2048.

260

</para>

261

</listitem>

262

</varlistentry>

263

264

265

<term><literal>-s</literal>, <literal>--subtype

266

267

268

<para>

269

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

270

encryption-only).

271

</para>

272

</listitem>

273

</varlistentry>

274

275

276

<term><literal>-L</literal>, <literal>--sublength

277

278

279

<para>

280

Subkey length in bits. Default is 2048.

222

281

</para>

223

282

</listitem>

224

283

</varlistentry>

239

298

240

299

<para>

241

300

Comment field for key. The default value is

242

"<literal>Mandos client key</literal>".

301

<quote><literal>Mandos client key</literal></quote>.

243

302

</para>

244

303

</listitem>

245

304

</varlistentry>

264

323

</para>

265

324

</listitem>

266

325

</varlistentry>

326

327

<term><literal>-p</literal>, <literal>--password</literal

328

></term>

329

330

<para>

331

Prompt for a password and encrypt it with the key already

332

present in either <filename>/etc/mandos</filename> or the

333

directory specified with the <option>--dir</option>

334

option. Outputs, on standard output, a section suitable

335

for inclusion in <citerefentry><refentrytitle

336

>mandos-clients.conf</refentrytitle><manvolnum

337

>8</manvolnum></citerefentry>. The host name or the name

338

specified with the <option>--name</option> option is used

339

for the section header. All other options are ignored,

340

and no keys are created.

341

</para>

342

</listitem>

343

</varlistentry>

267

344

</variablelist>

268

345

</refsect1>

269

346

270

347

271

348

<title>OVERVIEW</title>

272

&OVERVIEW;

349

<xi:include href="overview.xml"/>

273

350

<para>

274

This program is a small program to generate new OpenPGP keys for

351

This program is a small utility to generate new OpenPGP keys for

275

352

new Mandos clients.

276

353

</para>

277

354

</refsect1>

279

356

280

357

<title>EXIT STATUS</title>

281

358

<para>

359

The exit status will be 0 if new keys were successfully created,

360

otherwise not.

282

361

</para>

283

362

</refsect1>

284

363

364

365

<title>ENVIRONMENT</title>

366

367

368

<term><varname>TMPDIR</varname></term>

369

370

<para>

371

If set, temporary files will be created here. See

372

<citerefentry><refentrytitle>mktemp</refentrytitle>

373

<manvolnum>1</manvolnum></citerefentry>.

374

</para>

375

</listitem>

376

</varlistentry>

377

</variablelist>

378

</refsect1>

379

285

380

286

381

<title>FILES</title>

287

382

<para>

383

Use the <option>--dir</option> option to change where

384

<command>&COMMANDNAME;</command> will write the key files. The

385

default file names are shown here.

288

386

</para>

387

388

389

<term><filename>/etc/mandos/seckey.txt</filename></term>

390

391

<para>

392

OpenPGP secret key file which will be created or

393

overwritten.

394

</para>

395

</listitem>

396

</varlistentry>

397

398

<term><filename>/etc/mandos/pubkey.txt</filename></term>

399

400

<para>

401

OpenPGP public key file which will be created or

402

overwritten.

403

</para>

404

</listitem>

405

</varlistentry>

406

407

408

409

<para>

410

Temporary files will be written here if

411

<varname>TMPDIR</varname> is not set.

412

</para>

413

</listitem>

414

</varlistentry>

415

</variablelist>

289

416

</refsect1>

290

417

291

418

292

419

293

420

<para>

421

None are known at this time.

294

422

</para>

295

423

</refsect1>

296

424

297

425

298

426

<title>EXAMPLE</title>

299

<para>

300

</para>

427

428

<para>

429

Normal invocation needs no options:

430

</para>

431

<para>

432

<userinput>mandos-keygen</userinput>

433

</para>

434

</informalexample>

435

436

<para>

437

Create keys in another directory and of another type. Force

438

overwriting old key files:

439

</para>

440

<para>

441

442

443

<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>

444

445

</para>

446

</informalexample>

301

447

</refsect1>

302

448

303

449

304

450

<title>SECURITY</title>

305

451

<para>

452

The <option>--type</option>, <option>--length</option>,

453

<option>--subtype</option>, and <option>--sublength</option>

454

options can be used to create keys of insufficient security. If

455

in doubt, leave them to the default values.

456

</para>

457

<para>

458

The key expire time is not guaranteed to be honored by

459

<citerefentry><refentrytitle>mandos</refentrytitle>

460

<manvolnum>8</manvolnum></citerefentry>.

306

461

</para>

307

462

</refsect1>

308

463

312

467

<citerefentry><refentrytitle>password-request</refentrytitle>

313

468

<manvolnum>8mandos</manvolnum></citerefentry>,

314

469

<citerefentry><refentrytitle>mandos</refentrytitle>

315

<manvolnum>8</manvolnum></citerefentry>, and

470

<manvolnum>8</manvolnum></citerefentry>,

316

471

317

472

318

473

</para>

Older »