/mandos/trunk : revision 128

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 13:55:04 UTC
Revision ID: teddy@fukt.bsnet.se-20080831135504-2ka1cccglsghslxy

* plugin-runner.xml (/refentry/refentryinfo/copyright): Split
                                                        copyright
                                                        holders.
* plugins.d/password-request.xml (/refentry/refentryinfo/copyright):
                                 Split copyright holders.

files added:
.bzrignore

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version='1.0' encoding='UTF-8'?>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY OVERVIEW SYSTEM "overview.xml">

<!ENTITY TIMESTAMP "2008-08-31">

<title>&COMMANDNAME;</title>

<productname>&COMMANDNAME;</productname>

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

</authorgroup>

<holder>Teddy Hogeborn & Björn Påhlsson</holder>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

<refname><command>&COMMANDNAME;</command></refname>

Generate keys for <citerefentry><refentrytitle>password-request

</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>

Generate key and password for Mandos client and server.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<replaceable>directory</replaceable></arg>

</group>

</group>

<arg choice="plain"><option>--length</option>

</group>

</group>

<arg choice="plain"><option>--email</option>

<replaceable>EMAIL</replaceable></arg>

</group>

<arg choice="plain"><option>--comment</option>

<replaceable>COMMENT</replaceable></arg>

</group>

100

101

<arg choice="plain"><option>--expire</option>

102

103

</group>

104

105

<arg choice="plain"><option>--force</option></arg>

106

</group>

107

</cmdsynopsis>

108

109

<command>&COMMANDNAME;</command>

110

111

112

<replaceable>directory</replaceable></arg>

113

</group>

114

115

116

117

</group>

118

119

120

121

</group>

122

123

124

125

</group>

126

127

128

<replaceable>EMAIL</replaceable></arg>

129

</group>

130

131

132

<replaceable>COMMENT</replaceable></arg>

133

</group>

134

135

136

137

</group>

138

139

140

</group>

141

</cmdsynopsis>

142

143

<command>&COMMANDNAME;</command>

144

145

146

147

</group>

148

</cmdsynopsis>

149

150

<command>&COMMANDNAME;</command>

151

152

153

<arg choice='plain'><option>--version</option></arg>

<group>

<arg choice="plain"><option>--dir

<replaceable>DIRECTORY</replaceable></option></arg>

<arg choice="plain"><option>-d

<replaceable>DIRECTORY</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--type

<replaceable>KEYTYPE</replaceable></option></arg>

<arg choice="plain"><option>-t

<replaceable>KEYTYPE</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--length

<arg choice="plain"><option>-l

</group>

<sbr/>

<group>

<arg choice="plain"><option>--subtype

100

<replaceable>KEYTYPE</replaceable></option></arg>

101

<arg choice="plain"><option>-s

102

<replaceable>KEYTYPE</replaceable></option></arg>

103

</group>

104

<sbr/>

105

<group>

106

<arg choice="plain"><option>--sublength

107

108

<arg choice="plain"><option>-L

109

110

</group>

111

<sbr/>

112

<group>

113

<arg choice="plain"><option>--name

114

115

<arg choice="plain"><option>-n

116

117

</group>

118

<sbr/>

119

<group>

120

<arg choice="plain"><option>--email

121

<replaceable>ADDRESS</replaceable></option></arg>

122

<arg choice="plain"><option>-e

123

<replaceable>ADDRESS</replaceable></option></arg>

124

</group>

125

<sbr/>

126

<group>

127

<arg choice="plain"><option>--comment

128

129

<arg choice="plain"><option>-c

130

131

</group>

132

<sbr/>

133

<group>

134

<arg choice="plain"><option>--expire

135

136

<arg choice="plain"><option>-x

137

138

</group>

139

<sbr/>

140

<arg><option>--force</option></arg>

141

</cmdsynopsis>

142

143

<command>&COMMANDNAME;</command>

144

145

<arg choice="plain"><option>--password</option></arg>

146

147

</group>

148

<sbr/>

149

<group>

150

<arg choice="plain"><option>--dir

151

<replaceable>DIRECTORY</replaceable></option></arg>

152

<arg choice="plain"><option>-d

153

<replaceable>DIRECTORY</replaceable></option></arg>

154

</group>

155

<sbr/>

156

<group>

157

<arg choice="plain"><option>--name

158

159

<arg choice="plain"><option>-n

160

161

</group>

162

</cmdsynopsis>

163

164

<command>&COMMANDNAME;</command>

165

166

167

168

</group>

169

</cmdsynopsis>

170

171

<command>&COMMANDNAME;</command>

172

173

<arg choice="plain"><option>--version</option></arg>

174

154

175

</group>

155

176

</cmdsynopsis>

156

177

</refsynopsisdiv>

157

178

158

179

159

180

<title>DESCRIPTION</title>

160

181

<para>

161

182

<command>&COMMANDNAME;</command> is a program to generate the

162

OpenPGP keys used by

183

OpenPGP key used by

163

184

<citerefentry><refentrytitle>password-request</refentrytitle>

164

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

185

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

165

186

normally written to /etc/mandos for later installation into the

166

initrd image, but this, like most things, can be changed with

167

command line options.

187

initrd image, but this, and most other things, can be changed

188

with command line options.

189

</para>

190

<para>

191

This program can also be used with the

192

<option>--password</option> option to generate a ready-made

193

section for <filename>clients.conf</filename> (see

194

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

195

<manvolnum>5</manvolnum></citerefentry>).

168

196

</para>

169

197

</refsect1>

170

198

171

199

172

200

<title>PURPOSE</title>

173

174

201

<para>

175

202

The purpose of this is to enable <emphasis>remote and unattended

176

203

rebooting</emphasis> of client host computer with an

177

204

<emphasis>encrypted root file system</emphasis>. See <xref

178

205

linkend="overview"/> for details.

179

206

</para>

180

181

207

</refsect1>

182

208

183

209

184

210

<title>OPTIONS</title>

185

211

186

212

187

213

188

214

215

189

216

190

217

<para>

191

218

Show a help message and exit

194

221

</varlistentry>

195

222

196

223

197

<term><literal>-d</literal>, <literal>--dir

198

<replaceable>directory</replaceable></literal></term>

199

200

<para>

201

Target directory for key files.

202

</para>

203

</listitem>

204

</varlistentry>

205

206

207

<term><literal>-t</literal>, <literal>--type

208

209

210

<para>

211

Key type. Default is DSA.

212

</para>

213

</listitem>

214

</varlistentry>

215

216

217

<term><literal>-l</literal>, <literal>--length

218

219

220

<para>

221

Key length in bits. Default is 1024.

222

</para>

223

</listitem>

224

</varlistentry>

225

226

227

<term><literal>-e</literal>, <literal>--email</literal>

228

<replaceable>address</replaceable></term>

224

<term><option>--dir

225

<replaceable>DIRECTORY</replaceable></option></term>

226

<term><option>-d

227

<replaceable>DIRECTORY</replaceable></option></term>

228

229

<para>

230

Target directory for key files. Default is

231

<filename>/etc/mandos</filename>.

232

</para>

233

</listitem>

234

</varlistentry>

235

236

237

<term><option>--type

238

239

<term><option>-t

240

241

242

<para>

243

Key type. Default is <quote>DSA</quote>.

244

</para>

245

</listitem>

246

</varlistentry>

247

248

249

<term><option>--length

250

251

<term><option>-l

252

253

254

<para>

255

Key length in bits. Default is 2048.

256

</para>

257

</listitem>

258

</varlistentry>

259

260

261

<term><option>--subtype

262

<replaceable>KEYTYPE</replaceable></option></term>

263

<term><option>-s

264

<replaceable>KEYTYPE</replaceable></option></term>

265

266

<para>

267

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

268

encryption-only).

269

</para>

270

</listitem>

271

</varlistentry>

272

273

274

<term><option>--sublength

275

276

<term><option>-L

277

278

279

<para>

280

Subkey length in bits. Default is 2048.

281

</para>

282

</listitem>

283

</varlistentry>

284

285

286

<term><option>--email

287

<replaceable>ADDRESS</replaceable></option></term>

288

<term><option>-e

289

<replaceable>ADDRESS</replaceable></option></term>

229

290

230

291

<para>

231

292

Email address of key. Default is empty.

234

295

</varlistentry>

235

296

236

297

237

<term><literal>-c</literal>, <literal>--comment</literal>

238

<replaceable>comment</replaceable></term>

298

<term><option>--comment

299

300

<term><option>-c

301

239

302

240

303

<para>

241

304

Comment field for key. The default value is

242

"<literal>Mandos client key</literal>".

305

<quote><literal>Mandos client key</literal></quote>.

243

306

</para>

244

307

</listitem>

245

308

</varlistentry>

246

309

247

310

248

<term><literal>-x</literal>, <literal>--expire</literal>

249

311

<term><option>--expire

312

313

<term><option>-x

314

250

315

251

316

<para>

252

317

Key expire time. Default is no expiration. See

257

322

</varlistentry>

258

323

259

324

260

<term><literal>-f</literal>, <literal>--force</literal></term>

261

262

<para>

263

Force overwriting old keys.

325

<term><option>--force</option></term>

326

327

328

<para>

329

Force overwriting old key.

330

</para>

331

</listitem>

332

</varlistentry>

333

334

<term><option>--password</option></term>

335

336

337

<para>

338

Prompt for a password and encrypt it with the key already

339

present in either <filename>/etc/mandos</filename> or the

340

directory specified with the <option>--dir</option>

341

option. Outputs, on standard output, a section suitable

342

for inclusion in <citerefentry><refentrytitle

343

>mandos-clients.conf</refentrytitle><manvolnum

344

>8</manvolnum></citerefentry>. The host name or the name

345

specified with the <option>--name</option> option is used

346

for the section header. All other options are ignored,

347

and no key is created.

264

348

</para>

265

349

</listitem>

266

350

</varlistentry>

269

353

270

354

271

355

<title>OVERVIEW</title>

272

&OVERVIEW;

356

<xi:include href="overview.xml"/>

273

357

<para>

274

This program is a small program to generate new OpenPGP keys for

275

new Mandos clients.

358

This program is a small utility to generate new OpenPGP keys for

359

new Mandos clients, and to generate sections for inclusion in

360

<filename>clients.conf</filename> on the server.

276

361

</para>

277

362

</refsect1>

278

363

279

364

280

365

<title>EXIT STATUS</title>

281

366

<para>

282

The exit status will be 0 if new keys were successfully created,

283

otherwise not.

367

The exit status will be 0 if a new key (or password, if the

368

<option>--password</option> option was used) was successfully

369

created, otherwise not.

284

370

</para>

285

371

</refsect1>

286

372

288

374

<title>ENVIRONMENT</title>

289

375

290

376

291

<term><varname>TMPDIR</varname></term>

377

<term><envar>TMPDIR</envar></term>

292

378

293

379

<para>

294

380

If set, temporary files will be created here. See

352

438

Normal invocation needs no options:

353

439

</para>

354

440

<para>

355

<userinput>mandos-keygen</userinput>

441

<userinput>&COMMANDNAME;</userinput>

356

442

</para>

357

443

</informalexample>

358

444

359

445

<para>

360

Create keys in another directory and of another type. Force

446

Create key in another directory and of another type. Force

361

447

overwriting old key files:

362

448

</para>

363

449

<para>

364

450

365

451

366

<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>

452

<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>

453

454

</para>

455

</informalexample>

456

457

<para>

458

Prompt for a password, encrypt it with the key in

459

<filename>/etc/mandos</filename> and output a section suitable

460

for <filename>clients.conf</filename>.

461

</para>

462

<para>

463

<userinput>&COMMANDNAME; --password</userinput>

464

</para>

465

</informalexample>

466

467

<para>

468

Prompt for a password, encrypt it with the key in the

469

<filename>client-key</filename> directory and output a section

470

suitable for <filename>clients.conf</filename>.

471

</para>

472

<para>

473

474

475

<userinput>&COMMANDNAME; --password --dir client-key</userinput>

367

476

368

477

</para>

369

478

</informalexample>

372

481

373

482

<title>SECURITY</title>

374

483

<para>

375

The <option>--type</option> and <option>--length</option>

376

options can be used to create keys of insufficient security. If

377

in doubt, leave them to the default values.

484

The <option>--type</option>, <option>--length</option>,

485

<option>--subtype</option>, and <option>--sublength</option>

486

options can be used to create keys of low security. If in

487

doubt, leave them to the default values.

378

488

</para>

379

489

<para>

380

The key expire time is not guaranteed to be honored by

381

<citerefentry><refentrytitle>mandos</refentrytitle>

490

The key expire time is <emphasis>not</emphasis> guaranteed to be

491

honored by <citerefentry><refentrytitle>mandos</refentrytitle>

382

492

<manvolnum>8</manvolnum></citerefentry>.

383

493

</para>

384

494

</refsect1>

386

496

387

497

388

498

<para>

389

<citerefentry><refentrytitle>password-request</refentrytitle>

390

<manvolnum>8mandos</manvolnum></citerefentry>,

391

<citerefentry><refentrytitle>mandos</refentrytitle>

392

<manvolnum>8</manvolnum></citerefentry>, and

393

499

394

500

<manvolnum>1</manvolnum></citerefentry>,

501

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

502

<manvolnum>5</manvolnum></citerefentry>,

503

<citerefentry><refentrytitle>mandos</refentrytitle>

504

<manvolnum>8</manvolnum></citerefentry>,

505

<citerefentry><refentrytitle>password-request</refentrytitle>

506

<manvolnum>8mandos</manvolnum></citerefentry>

395

507

</para>

396

508

</refsect1>

397

509

398

510

</refentry>

511

512

513

514

515

Older »