68
46
<refname><command>&COMMANDNAME;</command></refname>
70
Generate keys for <citerefentry><refentrytitle>password-request
71
</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
48
Generate key and password for Mandos client and server.
77
54
<command>&COMMANDNAME;</command>
79
<arg choice="plain"><option>--dir</option>
80
<replaceable>directory</replaceable></arg>
83
<arg choice="plain"><option>--type</option>
84
<replaceable>type</replaceable></arg>
87
<arg choice="plain"><option>--length</option>
88
<replaceable>bits</replaceable></arg>
91
<arg choice="plain"><option>--subtype</option>
92
<replaceable>type</replaceable></arg>
95
<arg choice="plain"><option>--sublength</option>
96
<replaceable>bits</replaceable></arg>
99
<arg choice="plain"><option>--name</option>
100
<replaceable>NAME</replaceable></arg>
103
<arg choice="plain"><option>--email</option>
104
<replaceable>EMAIL</replaceable></arg>
107
<arg choice="plain"><option>--comment</option>
108
<replaceable>COMMENT</replaceable></arg>
111
<arg choice="plain"><option>--expire</option>
112
<replaceable>TIME</replaceable></arg>
115
<arg choice="plain"><option>--force</option></arg>
119
<command>&COMMANDNAME;</command>
121
<arg choice="plain"><option>-d</option>
122
<replaceable>directory</replaceable></arg>
125
<arg choice="plain"><option>-t</option>
126
<replaceable>type</replaceable></arg>
129
<arg choice="plain"><option>-l</option>
130
<replaceable>bits</replaceable></arg>
133
<arg choice="plain"><option>-s</option>
134
<replaceable>type</replaceable></arg>
137
<arg choice="plain"><option>-L</option>
138
<replaceable>bits</replaceable></arg>
141
<arg choice="plain"><option>-n</option>
142
<replaceable>NAME</replaceable></arg>
145
<arg choice="plain"><option>-e</option>
146
<replaceable>EMAIL</replaceable></arg>
149
<arg choice="plain"><option>-c</option>
150
<replaceable>COMMENT</replaceable></arg>
153
<arg choice="plain"><option>-x</option>
154
<replaceable>TIME</replaceable></arg>
157
<arg choice="plain"><option>-f</option></arg>
56
<arg choice="plain"><option>--dir
57
<replaceable>DIRECTORY</replaceable></option></arg>
58
<arg choice="plain"><option>-d
59
<replaceable>DIRECTORY</replaceable></option></arg>
63
<arg choice="plain"><option>--type
64
<replaceable>KEYTYPE</replaceable></option></arg>
65
<arg choice="plain"><option>-t
66
<replaceable>KEYTYPE</replaceable></option></arg>
70
<arg choice="plain"><option>--length
71
<replaceable>BITS</replaceable></option></arg>
72
<arg choice="plain"><option>-l
73
<replaceable>BITS</replaceable></option></arg>
77
<arg choice="plain"><option>--subtype
78
<replaceable>KEYTYPE</replaceable></option></arg>
79
<arg choice="plain"><option>-s
80
<replaceable>KEYTYPE</replaceable></option></arg>
84
<arg choice="plain"><option>--sublength
85
<replaceable>BITS</replaceable></option></arg>
86
<arg choice="plain"><option>-L
87
<replaceable>BITS</replaceable></option></arg>
91
<arg choice="plain"><option>--name
92
<replaceable>NAME</replaceable></option></arg>
93
<arg choice="plain"><option>-n
94
<replaceable>NAME</replaceable></option></arg>
98
<arg choice="plain"><option>--email
99
<replaceable>ADDRESS</replaceable></option></arg>
100
<arg choice="plain"><option>-e
101
<replaceable>ADDRESS</replaceable></option></arg>
105
<arg choice="plain"><option>--comment
106
<replaceable>TEXT</replaceable></option></arg>
107
<arg choice="plain"><option>-c
108
<replaceable>TEXT</replaceable></option></arg>
112
<arg choice="plain"><option>--expire
113
<replaceable>TIME</replaceable></option></arg>
114
<arg choice="plain"><option>-x
115
<replaceable>TIME</replaceable></option></arg>
118
<arg><option>--force</option></arg>
161
121
<command>&COMMANDNAME;</command>
162
122
<group choice="req">
123
<arg choice="plain"><option>--password</option></arg>
163
124
<arg choice="plain"><option>-p</option></arg>
164
<arg choice="plain"><option>--password</option></arg>
167
<arg choice="plain"><option>--dir</option>
168
<replaceable>directory</replaceable></arg>
171
<arg choice="plain"><option>--name</option>
172
<replaceable>NAME</replaceable></arg>
125
<arg choice="plain"><option>--passfile
126
<replaceable>FILE</replaceable></option></arg>
127
<arg choice="plain"><option>-F</option>
128
<replaceable>FILE</replaceable></arg>
132
<arg choice="plain"><option>--dir
133
<replaceable>DIRECTORY</replaceable></option></arg>
134
<arg choice="plain"><option>-d
135
<replaceable>DIRECTORY</replaceable></option></arg>
139
<arg choice="plain"><option>--name
140
<replaceable>NAME</replaceable></option></arg>
141
<arg choice="plain"><option>-n
142
<replaceable>NAME</replaceable></option></arg>
176
146
<command>&COMMANDNAME;</command>
177
147
<group choice="req">
148
<arg choice="plain"><option>--help</option></arg>
178
149
<arg choice="plain"><option>-h</option></arg>
179
<arg choice="plain"><option>--help</option></arg>
183
153
<command>&COMMANDNAME;</command>
184
154
<group choice="req">
155
<arg choice="plain"><option>--version</option></arg>
185
156
<arg choice="plain"><option>-v</option></arg>
186
<arg choice="plain"><option>--version</option></arg>
189
159
</refsynopsisdiv>
191
161
<refsect1 id="description">
192
162
<title>DESCRIPTION</title>
194
164
<command>&COMMANDNAME;</command> is a program to generate the
196
<citerefentry><refentrytitle>password-request</refentrytitle>
197
<manvolnum>8mandos</manvolnum></citerefentry>. The keys are
166
<citerefentry><refentrytitle>mandos-client</refentrytitle>
167
<manvolnum>8mandos</manvolnum></citerefentry>. The key is
198
168
normally written to /etc/mandos for later installation into the
199
initrd image, but this, like most things, can be changed with
200
command line options.
169
initrd image, but this, and most other things, can be changed
170
with command line options.
203
It can also be used to generate ready-made sections for
173
This program can also be used with the
174
<option>--password</option> or <option>--passfile</option>
175
options to generate a ready-made section for
176
<filename>clients.conf</filename> (see
204
177
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
205
<manvolnum>5</manvolnum></citerefentry> using the
206
<option>--password</option> option.
178
<manvolnum>5</manvolnum></citerefentry>).
210
182
<refsect1 id="purpose">
211
183
<title>PURPOSE</title>
214
185
The purpose of this is to enable <emphasis>remote and unattended
215
186
rebooting</emphasis> of client host computer with an
216
187
<emphasis>encrypted root file system</emphasis>. See <xref
217
188
linkend="overview"/> for details.
222
192
<refsect1 id="options">
223
193
<title>OPTIONS</title>
227
<term><literal>-h</literal>, <literal>--help</literal></term>
197
<term><option>--help</option></term>
198
<term><option>-h</option></term>
230
201
Show a help message and exit
236
<term><literal>-d</literal>, <literal>--dir
237
<replaceable>directory</replaceable></literal></term>
208
<replaceable>DIRECTORY</replaceable></option></term>
210
<replaceable>DIRECTORY</replaceable></option></term>
240
213
Target directory for key files. Default is
431
432
Normal invocation needs no options:
434
<userinput>mandos-keygen</userinput>
435
<userinput>&COMMANDNAME;</userinput>
436
437
</informalexample>
437
438
<informalexample>
439
Create keys in another directory and of another type. Force
440
Create key in another directory and of another type. Force
440
441
overwriting old key files:
444
445
<!-- do not wrap this line -->
445
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
446
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
452
Prompt for a password, encrypt it with the key in
453
<filename>/etc/mandos</filename> and output a section suitable
454
for <filename>clients.conf</filename>.
457
<userinput>&COMMANDNAME; --password</userinput>
462
Prompt for a password, encrypt it with the key in the
463
<filename>client-key</filename> directory and output a section
464
suitable for <filename>clients.conf</filename>.
468
<!-- do not wrap this line -->
469
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
448
472
</informalexample>
451
475
<refsect1 id="security">
452
476
<title>SECURITY</title>
454
478
The <option>--type</option>, <option>--length</option>,
455
479
<option>--subtype</option>, and <option>--sublength</option>
456
options can be used to create keys of insufficient security. If
457
in doubt, leave them to the default values.
480
options can be used to create keys of low security. If in
481
doubt, leave them to the default values.
460
The key expire time is not guaranteed to be honored by
461
<citerefentry><refentrytitle>mandos</refentrytitle>
484
The key expire time is <emphasis>not</emphasis> guaranteed to be
485
honored by <citerefentry><refentrytitle>mandos</refentrytitle>
462
486
<manvolnum>8</manvolnum></citerefentry>.
466
490
<refsect1 id="see_also">
467
491
<title>SEE ALSO</title>
469
<citerefentry><refentrytitle>password-request</refentrytitle>
470
<manvolnum>8mandos</manvolnum></citerefentry>,
493
<citerefentry><refentrytitle>gpg</refentrytitle>
494
<manvolnum>1</manvolnum></citerefentry>,
495
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
496
<manvolnum>5</manvolnum></citerefentry>,
471
497
<citerefentry><refentrytitle>mandos</refentrytitle>
472
498
<manvolnum>8</manvolnum></citerefentry>,
473
<citerefentry><refentrytitle>gpg</refentrytitle>
474
<manvolnum>1</manvolnum></citerefentry>
499
<citerefentry><refentrytitle>mandos-client</refentrytitle>
500
<manvolnum>8mandos</manvolnum></citerefentry>