/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-29 06:38:27 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080829063827-hbjl6t92tyjl5305
* mandos-clients.conf.xml (ENTITY TIMESTAMP): New.  Automatically
                                              updated by Emacs
                                              time-stamp by using
                                              Emacs local variables.
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
* mandos-keygen.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.xml: - '' -
* plugins.d/password-request.xml: - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2009-01-04">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-08-29">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
10
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
11
    <title>&COMMANDNAME;</title>
13
12
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
13
    <productname>&COMMANDNAME;</productname>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
34
      <holder>Teddy Hogeborn</holder>
37
35
      <holder>Björn Påhlsson</holder>
38
36
    </copyright>
39
 
    <xi:include href="legalnotice.xml"/>
 
37
    <legalnotice>
 
38
      <para>
 
39
        This manual page is free software: you can redistribute it
 
40
        and/or modify it under the terms of the GNU General Public
 
41
        License as published by the Free Software Foundation,
 
42
        either version 3 of the License, or (at your option) any
 
43
        later version.
 
44
      </para>
 
45
 
 
46
      <para>
 
47
        This manual page is distributed in the hope that it will
 
48
        be useful, but WITHOUT ANY WARRANTY; without even the
 
49
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
50
        PARTICULAR PURPOSE.  See the GNU General Public License
 
51
        for more details.
 
52
      </para>
 
53
 
 
54
      <para>
 
55
        You should have received a copy of the GNU General Public
 
56
        License along with this program; If not, see
 
57
        <ulink url="http://www.gnu.org/licenses/"/>.
 
58
      </para>
 
59
    </legalnotice>
40
60
  </refentryinfo>
41
 
  
 
61
 
42
62
  <refmeta>
43
63
    <refentrytitle>&COMMANDNAME;</refentrytitle>
44
64
    <manvolnum>8</manvolnum>
47
67
  <refnamediv>
48
68
    <refname><command>&COMMANDNAME;</command></refname>
49
69
    <refpurpose>
50
 
      Generate key and password for Mandos client and server.
 
70
      Generate keys for <citerefentry><refentrytitle>password-request
 
71
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
51
72
    </refpurpose>
52
73
  </refnamediv>
53
 
  
 
74
 
54
75
  <refsynopsisdiv>
55
76
    <cmdsynopsis>
56
77
      <command>&COMMANDNAME;</command>
57
 
      <group>
58
 
        <arg choice="plain"><option>--dir
59
 
        <replaceable>DIRECTORY</replaceable></option></arg>
60
 
        <arg choice="plain"><option>-d
61
 
        <replaceable>DIRECTORY</replaceable></option></arg>
62
 
      </group>
63
 
      <sbr/>
64
 
      <group>
65
 
        <arg choice="plain"><option>--type
66
 
        <replaceable>KEYTYPE</replaceable></option></arg>
67
 
        <arg choice="plain"><option>-t
68
 
        <replaceable>KEYTYPE</replaceable></option></arg>
69
 
      </group>
70
 
      <sbr/>
71
 
      <group>
72
 
        <arg choice="plain"><option>--length
73
 
        <replaceable>BITS</replaceable></option></arg>
74
 
        <arg choice="plain"><option>-l
75
 
        <replaceable>BITS</replaceable></option></arg>
76
 
      </group>
77
 
      <sbr/>
78
 
      <group>
79
 
        <arg choice="plain"><option>--subtype
80
 
        <replaceable>KEYTYPE</replaceable></option></arg>
81
 
        <arg choice="plain"><option>-s
82
 
        <replaceable>KEYTYPE</replaceable></option></arg>
83
 
      </group>
84
 
      <sbr/>
85
 
      <group>
86
 
        <arg choice="plain"><option>--sublength
87
 
        <replaceable>BITS</replaceable></option></arg>
88
 
        <arg choice="plain"><option>-L
89
 
        <replaceable>BITS</replaceable></option></arg>
90
 
      </group>
91
 
      <sbr/>
92
 
      <group>
93
 
        <arg choice="plain"><option>--name
94
 
        <replaceable>NAME</replaceable></option></arg>
95
 
        <arg choice="plain"><option>-n
96
 
        <replaceable>NAME</replaceable></option></arg>
97
 
      </group>
98
 
      <sbr/>
99
 
      <group>
100
 
        <arg choice="plain"><option>--email
101
 
        <replaceable>ADDRESS</replaceable></option></arg>
102
 
        <arg choice="plain"><option>-e
103
 
        <replaceable>ADDRESS</replaceable></option></arg>
104
 
      </group>
105
 
      <sbr/>
106
 
      <group>
107
 
        <arg choice="plain"><option>--comment
108
 
        <replaceable>TEXT</replaceable></option></arg>
109
 
        <arg choice="plain"><option>-c
110
 
        <replaceable>TEXT</replaceable></option></arg>
111
 
      </group>
112
 
      <sbr/>
113
 
      <group>
114
 
        <arg choice="plain"><option>--expire
115
 
        <replaceable>TIME</replaceable></option></arg>
116
 
        <arg choice="plain"><option>-x
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
      </group>
119
 
      <sbr/>
120
 
      <arg><option>--force</option></arg>
 
78
      <group choice="opt">
 
79
        <arg choice="plain"><option>--dir</option>
 
80
        <replaceable>directory</replaceable></arg>
 
81
      </group>
 
82
      <group choice="opt">
 
83
        <arg choice="plain"><option>--type</option>
 
84
        <replaceable>type</replaceable></arg>
 
85
      </group>
 
86
      <group choice="opt">
 
87
        <arg choice="plain"><option>--length</option>
 
88
        <replaceable>bits</replaceable></arg>
 
89
      </group>
 
90
      <group choice="opt">
 
91
        <arg choice="plain"><option>--subtype</option>
 
92
        <replaceable>type</replaceable></arg>
 
93
      </group>
 
94
      <group choice="opt">
 
95
        <arg choice="plain"><option>--sublength</option>
 
96
        <replaceable>bits</replaceable></arg>
 
97
      </group>
 
98
      <group choice="opt">
 
99
        <arg choice="plain"><option>--name</option>
 
100
        <replaceable>NAME</replaceable></arg>
 
101
      </group>
 
102
      <group choice="opt">
 
103
        <arg choice="plain"><option>--email</option>
 
104
        <replaceable>EMAIL</replaceable></arg>
 
105
      </group>
 
106
      <group choice="opt">
 
107
        <arg choice="plain"><option>--comment</option>
 
108
        <replaceable>COMMENT</replaceable></arg>
 
109
      </group>
 
110
      <group choice="opt">
 
111
        <arg choice="plain"><option>--expire</option>
 
112
        <replaceable>TIME</replaceable></arg>
 
113
      </group>
 
114
      <group choice="opt">
 
115
        <arg choice="plain"><option>--force</option></arg>
 
116
      </group>
 
117
    </cmdsynopsis>
 
118
    <cmdsynopsis>
 
119
      <command>&COMMANDNAME;</command>
 
120
      <group choice="opt">
 
121
        <arg choice="plain"><option>-d</option>
 
122
        <replaceable>directory</replaceable></arg>
 
123
      </group>
 
124
      <group choice="opt">
 
125
        <arg choice="plain"><option>-t</option>
 
126
        <replaceable>type</replaceable></arg>
 
127
      </group>
 
128
      <group choice="opt">
 
129
        <arg choice="plain"><option>-l</option>
 
130
        <replaceable>bits</replaceable></arg>
 
131
      </group>
 
132
      <group choice="opt">
 
133
        <arg choice="plain"><option>-s</option>
 
134
        <replaceable>type</replaceable></arg>
 
135
      </group>
 
136
      <group choice="opt">
 
137
        <arg choice="plain"><option>-L</option>
 
138
        <replaceable>bits</replaceable></arg>
 
139
      </group>
 
140
      <group choice="opt">
 
141
        <arg choice="plain"><option>-n</option>
 
142
        <replaceable>NAME</replaceable></arg>
 
143
      </group>
 
144
      <group choice="opt">
 
145
        <arg choice="plain"><option>-e</option>
 
146
        <replaceable>EMAIL</replaceable></arg>
 
147
      </group>
 
148
      <group choice="opt">
 
149
        <arg choice="plain"><option>-c</option>
 
150
        <replaceable>COMMENT</replaceable></arg>
 
151
      </group>
 
152
      <group choice="opt">
 
153
        <arg choice="plain"><option>-x</option>
 
154
        <replaceable>TIME</replaceable></arg>
 
155
      </group>
 
156
      <group choice="opt">
 
157
        <arg choice="plain"><option>-f</option></arg>
 
158
      </group>
121
159
    </cmdsynopsis>
122
160
    <cmdsynopsis>
123
161
      <command>&COMMANDNAME;</command>
124
162
      <group choice="req">
 
163
        <arg choice="plain"><option>-p</option></arg>
125
164
        <arg choice="plain"><option>--password</option></arg>
126
 
        <arg choice="plain"><option>-p</option></arg>
127
 
        <arg choice="plain"><option>--passfile
128
 
        <replaceable>FILE</replaceable></option></arg>
129
 
        <arg choice="plain"><option>-F</option>
130
 
        <replaceable>FILE</replaceable></arg>
131
 
      </group>
132
 
      <sbr/>
133
 
      <group>
134
 
        <arg choice="plain"><option>--dir
135
 
        <replaceable>DIRECTORY</replaceable></option></arg>
136
 
        <arg choice="plain"><option>-d
137
 
        <replaceable>DIRECTORY</replaceable></option></arg>
138
 
      </group>
139
 
      <sbr/>
140
 
      <group>
141
 
        <arg choice="plain"><option>--name
142
 
        <replaceable>NAME</replaceable></option></arg>
143
 
        <arg choice="plain"><option>-n
144
 
        <replaceable>NAME</replaceable></option></arg>
 
165
      </group>
 
166
      <group choice="opt">
 
167
        <arg choice="plain"><option>--dir</option>
 
168
        <replaceable>directory</replaceable></arg>
 
169
      </group>
 
170
      <group choice="opt">
 
171
        <arg choice="plain"><option>--name</option>
 
172
        <replaceable>NAME</replaceable></arg>
145
173
      </group>
146
174
    </cmdsynopsis>
147
175
    <cmdsynopsis>
148
176
      <command>&COMMANDNAME;</command>
149
177
      <group choice="req">
 
178
        <arg choice="plain"><option>-h</option></arg>
150
179
        <arg choice="plain"><option>--help</option></arg>
151
 
        <arg choice="plain"><option>-h</option></arg>
152
180
      </group>
153
181
    </cmdsynopsis>
154
182
    <cmdsynopsis>
155
183
      <command>&COMMANDNAME;</command>
156
184
      <group choice="req">
 
185
        <arg choice="plain"><option>-v</option></arg>
157
186
        <arg choice="plain"><option>--version</option></arg>
158
 
        <arg choice="plain"><option>-v</option></arg>
159
187
      </group>
160
188
    </cmdsynopsis>
161
189
  </refsynopsisdiv>
162
 
  
 
190
 
163
191
  <refsect1 id="description">
164
192
    <title>DESCRIPTION</title>
165
193
    <para>
166
194
      <command>&COMMANDNAME;</command> is a program to generate the
167
 
      OpenPGP key used by
168
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
169
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
195
      OpenPGP keys used by
 
196
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
197
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
170
198
      normally written to /etc/mandos for later installation into the
171
 
      initrd image, but this, and most other things, can be changed
172
 
      with command line options.
 
199
      initrd image, but this, like most things, can be changed with
 
200
      command line options.
173
201
    </para>
174
202
    <para>
175
 
      This program can also be used with the
176
 
      <option>--password</option> or <option>--passfile</option>
177
 
      options to generate a ready-made section for
178
 
      <filename>clients.conf</filename> (see
 
203
      It can also be used to generate ready-made sections for
179
204
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
180
 
      <manvolnum>5</manvolnum></citerefentry>).
 
205
      <manvolnum>5</manvolnum></citerefentry> using the
 
206
      <option>--password</option> option.
181
207
    </para>
182
208
  </refsect1>
183
209
  
184
210
  <refsect1 id="purpose">
185
211
    <title>PURPOSE</title>
 
212
 
186
213
    <para>
187
214
      The purpose of this is to enable <emphasis>remote and unattended
188
215
      rebooting</emphasis> of client host computer with an
189
216
      <emphasis>encrypted root file system</emphasis>.  See <xref
190
217
      linkend="overview"/> for details.
191
218
    </para>
 
219
 
192
220
  </refsect1>
193
221
  
194
222
  <refsect1 id="options">
195
223
    <title>OPTIONS</title>
196
 
    
 
224
 
197
225
    <variablelist>
198
226
      <varlistentry>
199
 
        <term><option>--help</option></term>
200
 
        <term><option>-h</option></term>
 
227
        <term><literal>-h</literal>, <literal>--help</literal></term>
201
228
        <listitem>
202
229
          <para>
203
230
            Show a help message and exit
204
231
          </para>
205
232
        </listitem>
206
233
      </varlistentry>
207
 
      
 
234
 
208
235
      <varlistentry>
209
 
        <term><option>--dir
210
 
        <replaceable>DIRECTORY</replaceable></option></term>
211
 
        <term><option>-d
212
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
236
        <term><literal>-d</literal>, <literal>--dir
 
237
        <replaceable>directory</replaceable></literal></term>
213
238
        <listitem>
214
239
          <para>
215
240
            Target directory for key files.  Default is
217
242
          </para>
218
243
        </listitem>
219
244
      </varlistentry>
220
 
      
 
245
 
221
246
      <varlistentry>
222
 
        <term><option>--type
223
 
        <replaceable>TYPE</replaceable></option></term>
224
 
        <term><option>-t
225
 
        <replaceable>TYPE</replaceable></option></term>
 
247
        <term><literal>-t</literal>, <literal>--type
 
248
        <replaceable>type</replaceable></literal></term>
226
249
        <listitem>
227
250
          <para>
228
251
            Key type.  Default is <quote>DSA</quote>.
229
252
          </para>
230
253
        </listitem>
231
254
      </varlistentry>
232
 
      
 
255
 
233
256
      <varlistentry>
234
 
        <term><option>--length
235
 
        <replaceable>BITS</replaceable></option></term>
236
 
        <term><option>-l
237
 
        <replaceable>BITS</replaceable></option></term>
 
257
        <term><literal>-l</literal>, <literal>--length
 
258
        <replaceable>bits</replaceable></literal></term>
238
259
        <listitem>
239
260
          <para>
240
261
            Key length in bits.  Default is 2048.
241
262
          </para>
242
263
        </listitem>
243
264
      </varlistentry>
244
 
      
 
265
 
245
266
      <varlistentry>
246
 
        <term><option>--subtype
247
 
        <replaceable>KEYTYPE</replaceable></option></term>
248
 
        <term><option>-s
249
 
        <replaceable>KEYTYPE</replaceable></option></term>
 
267
        <term><literal>-s</literal>, <literal>--subtype
 
268
        <replaceable>type</replaceable></literal></term>
250
269
        <listitem>
251
270
          <para>
252
271
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
254
273
          </para>
255
274
        </listitem>
256
275
      </varlistentry>
257
 
      
 
276
 
258
277
      <varlistentry>
259
 
        <term><option>--sublength
260
 
        <replaceable>BITS</replaceable></option></term>
261
 
        <term><option>-L
262
 
        <replaceable>BITS</replaceable></option></term>
 
278
        <term><literal>-L</literal>, <literal>--sublength
 
279
        <replaceable>bits</replaceable></literal></term>
263
280
        <listitem>
264
281
          <para>
265
282
            Subkey length in bits.  Default is 2048.
266
283
          </para>
267
284
        </listitem>
268
285
      </varlistentry>
269
 
      
 
286
 
270
287
      <varlistentry>
271
 
        <term><option>--email
272
 
        <replaceable>ADDRESS</replaceable></option></term>
273
 
        <term><option>-e
274
 
        <replaceable>ADDRESS</replaceable></option></term>
 
288
        <term><literal>-e</literal>, <literal>--email</literal>
 
289
        <replaceable>address</replaceable></term>
275
290
        <listitem>
276
291
          <para>
277
292
            Email address of key.  Default is empty.
278
293
          </para>
279
294
        </listitem>
280
295
      </varlistentry>
281
 
      
 
296
 
282
297
      <varlistentry>
283
 
        <term><option>--comment
284
 
        <replaceable>TEXT</replaceable></option></term>
285
 
        <term><option>-c
286
 
        <replaceable>TEXT</replaceable></option></term>
 
298
        <term><literal>-c</literal>, <literal>--comment</literal>
 
299
        <replaceable>comment</replaceable></term>
287
300
        <listitem>
288
301
          <para>
289
302
            Comment field for key.  The default value is
291
304
          </para>
292
305
        </listitem>
293
306
      </varlistentry>
294
 
      
 
307
 
295
308
      <varlistentry>
296
 
        <term><option>--expire
297
 
        <replaceable>TIME</replaceable></option></term>
298
 
        <term><option>-x
299
 
        <replaceable>TIME</replaceable></option></term>
 
309
        <term><literal>-x</literal>, <literal>--expire</literal>
 
310
        <replaceable>time</replaceable></term>
300
311
        <listitem>
301
312
          <para>
302
313
            Key expire time.  Default is no expiration.  See
305
316
          </para>
306
317
        </listitem>
307
318
      </varlistentry>
308
 
      
 
319
 
309
320
      <varlistentry>
310
 
        <term><option>--force</option></term>
311
 
        <term><option>-f</option></term>
 
321
        <term><literal>-f</literal>, <literal>--force</literal></term>
312
322
        <listitem>
313
323
          <para>
314
 
            Force overwriting old key.
 
324
            Force overwriting old keys.
315
325
          </para>
316
326
        </listitem>
317
327
      </varlistentry>
318
328
      <varlistentry>
319
 
        <term><option>--password</option></term>
320
 
        <term><option>-p</option></term>
 
329
        <term><literal>-p</literal>, <literal>--password</literal
 
330
        ></term>
321
331
        <listitem>
322
332
          <para>
323
333
            Prompt for a password and encrypt it with the key already
329
339
            >8</manvolnum></citerefentry>.  The host name or the name
330
340
            specified with the <option>--name</option> option is used
331
341
            for the section header.  All other options are ignored,
332
 
            and no key is created.
333
 
          </para>
334
 
        </listitem>
335
 
      </varlistentry>
336
 
      <varlistentry>
337
 
        <term><option>--passfile
338
 
        <replaceable>FILE</replaceable></option></term>
339
 
        <term><option>-F
340
 
        <replaceable>FILE</replaceable></option></term>
341
 
        <listitem>
342
 
          <para>
343
 
            The same as <option>--password</option>, but read from
344
 
            <replaceable>FILE</replaceable>, not the terminal.
 
342
            and no keys are created.
345
343
          </para>
346
344
        </listitem>
347
345
      </varlistentry>
348
346
    </variablelist>
349
347
  </refsect1>
350
 
  
 
348
 
351
349
  <refsect1 id="overview">
352
350
    <title>OVERVIEW</title>
353
351
    <xi:include href="overview.xml"/>
354
352
    <para>
355
353
      This program is a small utility to generate new OpenPGP keys for
356
 
      new Mandos clients, and to generate sections for inclusion in
357
 
      <filename>clients.conf</filename> on the server.
 
354
      new Mandos clients.
358
355
    </para>
359
356
  </refsect1>
360
 
  
 
357
 
361
358
  <refsect1 id="exit_status">
362
359
    <title>EXIT STATUS</title>
363
360
    <para>
364
 
      The exit status will be 0 if a new key (or password, if the
365
 
      <option>--password</option> option was used) was successfully
366
 
      created, otherwise not.
 
361
      The exit status will be 0 if new keys were successfully created,
 
362
      otherwise not.
367
363
    </para>
368
364
  </refsect1>
369
365
  
371
367
    <title>ENVIRONMENT</title>
372
368
    <variablelist>
373
369
      <varlistentry>
374
 
        <term><envar>TMPDIR</envar></term>
 
370
        <term><varname>TMPDIR</varname></term>
375
371
        <listitem>
376
372
          <para>
377
373
            If set, temporary files will be created here. See
383
379
    </variablelist>
384
380
  </refsect1>
385
381
  
386
 
  <refsect1 id="files">
 
382
  <refsect1 id="file">
387
383
    <title>FILES</title>
388
384
    <para>
389
385
      Use the <option>--dir</option> option to change where
420
416
      </varlistentry>
421
417
    </variablelist>
422
418
  </refsect1>
423
 
  
424
 
<!--   <refsect1 id="bugs"> -->
425
 
<!--     <title>BUGS</title> -->
426
 
<!--     <para> -->
427
 
<!--     </para> -->
428
 
<!--   </refsect1> -->
429
 
  
 
419
 
 
420
  <refsect1 id="bugs">
 
421
    <title>BUGS</title>
 
422
    <para>
 
423
      None are known at this time.
 
424
    </para>
 
425
  </refsect1>
 
426
 
430
427
  <refsect1 id="example">
431
428
    <title>EXAMPLE</title>
432
429
    <informalexample>
434
431
        Normal invocation needs no options:
435
432
      </para>
436
433
      <para>
437
 
        <userinput>&COMMANDNAME;</userinput>
 
434
        <userinput>mandos-keygen</userinput>
438
435
      </para>
439
436
    </informalexample>
440
437
    <informalexample>
441
438
      <para>
442
 
        Create key in another directory and of another type.  Force
 
439
        Create keys in another directory and of another type.  Force
443
440
        overwriting old key files:
444
441
      </para>
445
442
      <para>
446
443
 
447
444
<!-- do not wrap this line -->
448
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
449
 
 
450
 
      </para>
451
 
    </informalexample>
452
 
    <informalexample>
453
 
      <para>
454
 
        Prompt for a password, encrypt it with the key in
455
 
        <filename>/etc/mandos</filename> and output a section suitable
456
 
        for <filename>clients.conf</filename>.
457
 
      </para>
458
 
      <para>
459
 
        <userinput>&COMMANDNAME; --password</userinput>
460
 
      </para>
461
 
    </informalexample>
462
 
    <informalexample>
463
 
      <para>
464
 
        Prompt for a password, encrypt it with the key in the
465
 
        <filename>client-key</filename> directory and output a section
466
 
        suitable for <filename>clients.conf</filename>.
467
 
      </para>
468
 
      <para>
469
 
 
470
 
<!-- do not wrap this line -->
471
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
445
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
472
446
 
473
447
      </para>
474
448
    </informalexample>
475
449
  </refsect1>
476
 
  
 
450
 
477
451
  <refsect1 id="security">
478
452
    <title>SECURITY</title>
479
453
    <para>
480
454
      The <option>--type</option>, <option>--length</option>,
481
455
      <option>--subtype</option>, and <option>--sublength</option>
482
 
      options can be used to create keys of low security.  If in
483
 
      doubt, leave them to the default values.
 
456
      options can be used to create keys of insufficient security.  If
 
457
      in doubt, leave them to the default values.
484
458
    </para>
485
459
    <para>
486
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
487
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
460
      The key expire time is not guaranteed to be honored by
 
461
      <citerefentry><refentrytitle>mandos</refentrytitle>
488
462
      <manvolnum>8</manvolnum></citerefentry>.
489
463
    </para>
490
464
  </refsect1>
491
 
  
 
465
 
492
466
  <refsect1 id="see_also">
493
467
    <title>SEE ALSO</title>
494
468
    <para>
 
469
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
470
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
471
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
472
      <manvolnum>8</manvolnum></citerefentry>,
495
473
      <citerefentry><refentrytitle>gpg</refentrytitle>
496
 
      <manvolnum>1</manvolnum></citerefentry>,
497
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
498
 
      <manvolnum>5</manvolnum></citerefentry>,
499
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
500
 
      <manvolnum>8</manvolnum></citerefentry>,
501
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
502
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
474
      <manvolnum>1</manvolnum></citerefentry>
503
475
    </para>
504
476
  </refsect1>
505
477