/mandos/trunk : revision 130

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 14:02:37 UTC
Revision ID: teddy@fukt.bsnet.se-20080831140237-oz9knd88esz8cj4y

* plugin-runner.xml: Removed <?xml-stylesheet>.
* plugins.d/password-request.xml: - '' -

files added:
.bzrignore

files modified:
Makefile

TODO

clients.conf

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-08-31">

<title>&COMMANDNAME;</title>

<title>Mandos Manual</title>

<productname>&COMMANDNAME;</productname>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<refname><command>&COMMANDNAME;</command></refname>

Generate keys for <citerefentry><refentrytitle>password-request

</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>

Generate key and password for Mandos client and server.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<replaceable>directory</replaceable></arg>

</group>

</group>

<arg choice="plain"><option>--length</option>

</group>

<arg choice="plain"><option>--subtype</option>

</group>

<arg choice="plain"><option>--sublength</option>

</group>

</group>

100

101

<arg choice="plain"><option>--email</option>

102

<replaceable>EMAIL</replaceable></arg>

103

</group>

104

105

<arg choice="plain"><option>--comment</option>

106

<replaceable>COMMENT</replaceable></arg>

107

</group>

108

109

<arg choice="plain"><option>--expire</option>

110

111

</group>

112

113

<arg choice="plain"><option>--force</option></arg>

114

</group>

115

</cmdsynopsis>

116

117

<command>&COMMANDNAME;</command>

118

119

120

<replaceable>directory</replaceable></arg>

121

</group>

122

123

124

125

</group>

126

127

128

129

</group>

130

131

132

133

</group>

134

135

136

137

</group>

138

139

140

141

</group>

142

143

144

<replaceable>EMAIL</replaceable></arg>

145

</group>

146

147

148

<replaceable>COMMENT</replaceable></arg>

149

</group>

150

151

152

153

</group>

154

155

156

</group>

<group>

<arg choice="plain"><option>--dir

<replaceable>DIRECTORY</replaceable></option></arg>

<arg choice="plain"><option>-d

<replaceable>DIRECTORY</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--type

<replaceable>KEYTYPE</replaceable></option></arg>

<arg choice="plain"><option>-t

<replaceable>KEYTYPE</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--length

<arg choice="plain"><option>-l

</group>

<sbr/>

<group>

<arg choice="plain"><option>--subtype

100

<replaceable>KEYTYPE</replaceable></option></arg>

101

<arg choice="plain"><option>-s

102

<replaceable>KEYTYPE</replaceable></option></arg>

103

</group>

104

<sbr/>

105

<group>

106

<arg choice="plain"><option>--sublength

107

108

<arg choice="plain"><option>-L

109

110

</group>

111

<sbr/>

112

<group>

113

<arg choice="plain"><option>--name

114

115

<arg choice="plain"><option>-n

116

117

</group>

118

<sbr/>

119

<group>

120

<arg choice="plain"><option>--email

121

<replaceable>ADDRESS</replaceable></option></arg>

122

<arg choice="plain"><option>-e

123

<replaceable>ADDRESS</replaceable></option></arg>

124

</group>

125

<sbr/>

126

<group>

127

<arg choice="plain"><option>--comment

128

129

<arg choice="plain"><option>-c

130

131

</group>

132

<sbr/>

133

<group>

134

<arg choice="plain"><option>--expire

135

136

<arg choice="plain"><option>-x

137

138

</group>

139

<sbr/>

140

<arg><option>--force</option></arg>

157

141

</cmdsynopsis>

158

142

159

143

<command>&COMMANDNAME;</command>

160

144

145

<arg choice="plain"><option>--password</option></arg>

161

146

162

<arg choice="plain"><option>--password</option></arg>

163

</group>

164

165

166

<replaceable>directory</replaceable></arg>

167

</group>

168

169

170

147

</group>

148

<sbr/>

149

<group>

150

<arg choice="plain"><option>--dir

151

<replaceable>DIRECTORY</replaceable></option></arg>

152

<arg choice="plain"><option>-d

153

<replaceable>DIRECTORY</replaceable></option></arg>

154

</group>

155

<sbr/>

156

<group>

157

<arg choice="plain"><option>--name

158

159

<arg choice="plain"><option>-n

160

171

161

</group>

172

162

</cmdsynopsis>

173

163

174

164

<command>&COMMANDNAME;</command>

175

165

166

176

167

177

178

168

</group>

179

169

</cmdsynopsis>

180

170

181

171

<command>&COMMANDNAME;</command>

182

172

173

<arg choice="plain"><option>--version</option></arg>

183

174

184

<arg choice="plain"><option>--version</option></arg>

185

175

</group>

186

176

</cmdsynopsis>

187

177

</refsynopsisdiv>

188

178

189

179

190

180

<title>DESCRIPTION</title>

191

181

<para>

192

182

<command>&COMMANDNAME;</command> is a program to generate the

193

OpenPGP keys used by

183

OpenPGP key used by

194

184

<citerefentry><refentrytitle>password-request</refentrytitle>

195

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

185

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

196

186

normally written to /etc/mandos for later installation into the

197

initrd image, but this, like most things, can be changed with

198

command line options.

187

initrd image, but this, and most other things, can be changed

188

with command line options.

199

189

</para>

200

190

<para>

201

It can also be used to generate ready-made sections for

191

This program can also be used with the

192

<option>--password</option> option to generate a ready-made

193

section for <filename>clients.conf</filename> (see

202

194

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

203

<manvolnum>5</manvolnum></citerefentry> using the

204

<option>--password</option> option.

195

<manvolnum>5</manvolnum></citerefentry>).

205

196

</para>

206

197

</refsect1>

207

198

208

199

209

200

<title>PURPOSE</title>

210

211

201

<para>

212

202

The purpose of this is to enable <emphasis>remote and unattended

213

203

rebooting</emphasis> of client host computer with an

214

204

<emphasis>encrypted root file system</emphasis>. See <xref

215

205

linkend="overview"/> for details.

216

206

</para>

217

218

207

</refsect1>

219

208

220

209

221

210

<title>OPTIONS</title>

222

211

223

212

224

213

225

214

215

226

216

227

217

<para>

228

218

Show a help message and exit

231

221

</varlistentry>

232

222

233

223

234

<term><literal>-d</literal>, <literal>--dir

235

<replaceable>directory</replaceable></literal></term>

224

<term><option>--dir

225

<replaceable>DIRECTORY</replaceable></option></term>

226

<term><option>-d

227

<replaceable>DIRECTORY</replaceable></option></term>

236

228

237

229

<para>

238

230

Target directory for key files. Default is

242

234

</varlistentry>

243

235

244

236

245

<term><literal>-t</literal>, <literal>--type

246

237

<term><option>--type

238

239

<term><option>-t

240

247

241

248

242

<para>

249

243

Key type. Default is <quote>DSA</quote>.

252

246

</varlistentry>

253

247

254

248

255

<term><literal>-l</literal>, <literal>--length

256

249

<term><option>--length

250

251

<term><option>-l

252

257

253

258

254

<para>

259

Key length in bits. Default is 1024.

255

Key length in bits. Default is 2048.

260

256

</para>

261

257

</listitem>

262

258

</varlistentry>

263

259

264

260

265

<term><literal>-s</literal>, <literal>--subtype

266

261

<term><option>--subtype

262

<replaceable>KEYTYPE</replaceable></option></term>

263

<term><option>-s

264

<replaceable>KEYTYPE</replaceable></option></term>

267

265

268

266

<para>

269

267

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

273

271

</varlistentry>

274

272

275

273

276

<term><literal>-L</literal>, <literal>--sublength

277

274

<term><option>--sublength

275

276

<term><option>-L

277

278

279

<para>

280

Subkey length in bits. Default is 2048.

283

</varlistentry>

284

285

286

<term><literal>-e</literal>, <literal>--email</literal>

287

<replaceable>address</replaceable></term>

286

<term><option>--email

287

<replaceable>ADDRESS</replaceable></option></term>

288

<term><option>-e

289

<replaceable>ADDRESS</replaceable></option></term>

288

290

289

291

<para>

290

292

Email address of key. Default is empty.

293

295

</varlistentry>

294

296

295

297

296

<term><literal>-c</literal>, <literal>--comment</literal>

297

<replaceable>comment</replaceable></term>

298

<term><option>--comment

299

300

<term><option>-c

301

298

302

299

303

<para>

300

304

Comment field for key. The default value is

304

308

</varlistentry>

305

309

306

310

307

<term><literal>-x</literal>, <literal>--expire</literal>

308

311

<term><option>--expire

312

313

<term><option>-x

314

309

315

310

316

<para>

311

317

Key expire time. Default is no expiration. See

316

322

</varlistentry>

317

323

318

324

319

<term><literal>-f</literal>, <literal>--force</literal></term>

325

<term><option>--force</option></term>

326

320

327

321

328

<para>

322

Force overwriting old keys.

329

Force overwriting old key.

323

330

</para>

324

331

</listitem>

325

332

</varlistentry>

326

333

327

<term><literal>-p</literal>, <literal>--password</literal

328

></term>

334

<term><option>--password</option></term>

335

329

336

330

337

<para>

331

338

Prompt for a password and encrypt it with the key already

337

344

>8</manvolnum></citerefentry>. The host name or the name

338

345

specified with the <option>--name</option> option is used

339

346

for the section header. All other options are ignored,

340

and no keys are created.

347

and no key is created.

341

348

</para>

342

349

</listitem>

343

350

</varlistentry>

349

356

<xi:include href="overview.xml"/>

350

357

<para>

351

358

This program is a small utility to generate new OpenPGP keys for

352

new Mandos clients.

359

new Mandos clients, and to generate sections for inclusion in

360

<filename>clients.conf</filename> on the server.

353

361

</para>

354

362

</refsect1>

355

363

356

364

357

365

<title>EXIT STATUS</title>

358

366

<para>

359

The exit status will be 0 if new keys were successfully created,

360

otherwise not.

367

The exit status will be 0 if a new key (or password, if the

368

<option>--password</option> option was used) was successfully

369

created, otherwise not.

361

370

</para>

362

371

</refsect1>

363

372

365

374

<title>ENVIRONMENT</title>

366

375

367

376

368

<term><varname>TMPDIR</varname></term>

377

<term><envar>TMPDIR</envar></term>

369

378

370

379

<para>

371

380

If set, temporary files will be created here. See

429

438

Normal invocation needs no options:

430

439

</para>

431

440

<para>

432

<userinput>mandos-keygen</userinput>

441

<userinput>&COMMANDNAME;</userinput>

433

442

</para>

434

443

</informalexample>

435

444

436

445

<para>

437

Create keys in another directory and of another type. Force

446

Create key in another directory and of another type. Force

438

447

overwriting old key files:

439

448

</para>

440

449

<para>

441

450

442

451

443

<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>

452

<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>

453

454

</para>

455

</informalexample>

456

457

<para>

458

Prompt for a password, encrypt it with the key in

459

<filename>/etc/mandos</filename> and output a section suitable

460

for <filename>clients.conf</filename>.

461

</para>

462

<para>

463

<userinput>&COMMANDNAME; --password</userinput>

464

</para>

465

</informalexample>

466

467

<para>

468

Prompt for a password, encrypt it with the key in the

469

<filename>client-key</filename> directory and output a section

470

suitable for <filename>clients.conf</filename>.

471

</para>

472

<para>

473

474

475

<userinput>&COMMANDNAME; --password --dir client-key</userinput>

444

476

445

477

</para>

446

478

</informalexample>

451

483

<para>

452

484

The <option>--type</option>, <option>--length</option>,

453

485

<option>--subtype</option>, and <option>--sublength</option>

454

options can be used to create keys of insufficient security. If

455

in doubt, leave them to the default values.

486

options can be used to create keys of low security. If in

487

doubt, leave them to the default values.

456

488

</para>

457

489

<para>

458

The key expire time is not guaranteed to be honored by

459

<citerefentry><refentrytitle>mandos</refentrytitle>

490

The key expire time is <emphasis>not</emphasis> guaranteed to be

491

honored by <citerefentry><refentrytitle>mandos</refentrytitle>

460

492

<manvolnum>8</manvolnum></citerefentry>.

461

493

</para>

462

494

</refsect1>

464

496

465

497

466

498

<para>

467

<citerefentry><refentrytitle>password-request</refentrytitle>

468

<manvolnum>8mandos</manvolnum></citerefentry>,

499

500

<manvolnum>1</manvolnum></citerefentry>,

501

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

502

<manvolnum>5</manvolnum></citerefentry>,

469

503

<citerefentry><refentrytitle>mandos</refentrytitle>

470

504

<manvolnum>8</manvolnum></citerefentry>,

471

472

505

<citerefentry><refentrytitle>password-request</refentrytitle>

506

<manvolnum>8mandos</manvolnum></citerefentry>

473

507

</para>

474

508

</refsect1>

475

509

476

510

</refentry>

511

512

513

514

515

Older »