/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

merge

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2013-10-22">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
20
17
        <surname>Påhlsson</surname>
21
18
        <address>
22
 
          <email>belorn@recompile.se</email>
 
19
          <email>belorn@fukt.bsnet.se</email>
23
20
        </address>
24
21
      </author>
25
22
      <author>
26
23
        <firstname>Teddy</firstname>
27
24
        <surname>Hogeborn</surname>
28
25
        <address>
29
 
          <email>teddy@recompile.se</email>
 
26
          <email>teddy@fukt.bsnet.se</email>
30
27
        </address>
31
28
      </author>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
 
      <year>2012</year>
38
32
      <holder>Teddy Hogeborn</holder>
39
33
      <holder>Björn Påhlsson</holder>
40
34
    </copyright>
41
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
42
58
  </refentryinfo>
43
 
  
 
59
 
44
60
  <refmeta>
45
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
46
62
    <manvolnum>8</manvolnum>
49
65
  <refnamediv>
50
66
    <refname><command>&COMMANDNAME;</command></refname>
51
67
    <refpurpose>
52
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
53
70
    </refpurpose>
54
71
  </refnamediv>
55
 
  
 
72
 
56
73
  <refsynopsisdiv>
57
74
    <cmdsynopsis>
58
75
      <command>&COMMANDNAME;</command>
59
 
      <group>
60
 
        <arg choice="plain"><option>--dir
61
 
        <replaceable>DIRECTORY</replaceable></option></arg>
62
 
        <arg choice="plain"><option>-d
63
 
        <replaceable>DIRECTORY</replaceable></option></arg>
64
 
      </group>
65
 
      <sbr/>
66
 
      <group>
67
 
        <arg choice="plain"><option>--type
68
 
        <replaceable>KEYTYPE</replaceable></option></arg>
69
 
        <arg choice="plain"><option>-t
70
 
        <replaceable>KEYTYPE</replaceable></option></arg>
71
 
      </group>
72
 
      <sbr/>
73
 
      <group>
74
 
        <arg choice="plain"><option>--length
75
 
        <replaceable>BITS</replaceable></option></arg>
76
 
        <arg choice="plain"><option>-l
77
 
        <replaceable>BITS</replaceable></option></arg>
78
 
      </group>
79
 
      <sbr/>
80
 
      <group>
81
 
        <arg choice="plain"><option>--subtype
82
 
        <replaceable>KEYTYPE</replaceable></option></arg>
83
 
        <arg choice="plain"><option>-s
84
 
        <replaceable>KEYTYPE</replaceable></option></arg>
85
 
      </group>
86
 
      <sbr/>
87
 
      <group>
88
 
        <arg choice="plain"><option>--sublength
89
 
        <replaceable>BITS</replaceable></option></arg>
90
 
        <arg choice="plain"><option>-L
91
 
        <replaceable>BITS</replaceable></option></arg>
92
 
      </group>
93
 
      <sbr/>
94
 
      <group>
95
 
        <arg choice="plain"><option>--name
96
 
        <replaceable>NAME</replaceable></option></arg>
97
 
        <arg choice="plain"><option>-n
98
 
        <replaceable>NAME</replaceable></option></arg>
99
 
      </group>
100
 
      <sbr/>
101
 
      <group>
102
 
        <arg choice="plain"><option>--email
103
 
        <replaceable>ADDRESS</replaceable></option></arg>
104
 
        <arg choice="plain"><option>-e
105
 
        <replaceable>ADDRESS</replaceable></option></arg>
106
 
      </group>
107
 
      <sbr/>
108
 
      <group>
109
 
        <arg choice="plain"><option>--comment
110
 
        <replaceable>TEXT</replaceable></option></arg>
111
 
        <arg choice="plain"><option>-c
112
 
        <replaceable>TEXT</replaceable></option></arg>
113
 
      </group>
114
 
      <sbr/>
115
 
      <group>
116
 
        <arg choice="plain"><option>--expire
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
        <arg choice="plain"><option>-x
119
 
        <replaceable>TIME</replaceable></option></arg>
120
 
      </group>
121
 
      <sbr/>
122
 
      <arg><option>--force</option></arg>
123
 
    </cmdsynopsis>
124
 
    <cmdsynopsis>
125
 
      <command>&COMMANDNAME;</command>
126
 
      <group choice="req">
127
 
        <arg choice="plain"><option>--password</option></arg>
128
 
        <arg choice="plain"><option>-p</option></arg>
129
 
        <arg choice="plain"><option>--passfile
130
 
        <replaceable>FILE</replaceable></option></arg>
131
 
        <arg choice="plain"><option>-F</option>
132
 
        <replaceable>FILE</replaceable></arg>
133
 
      </group>
134
 
      <sbr/>
135
 
      <group>
136
 
        <arg choice="plain"><option>--dir
137
 
        <replaceable>DIRECTORY</replaceable></option></arg>
138
 
        <arg choice="plain"><option>-d
139
 
        <replaceable>DIRECTORY</replaceable></option></arg>
140
 
      </group>
141
 
      <sbr/>
142
 
      <group>
143
 
        <arg choice="plain"><option>--name
144
 
        <replaceable>NAME</replaceable></option></arg>
145
 
        <arg choice="plain"><option>-n
146
 
        <replaceable>NAME</replaceable></option></arg>
147
 
      </group>
148
 
    </cmdsynopsis>
149
 
    <cmdsynopsis>
150
 
      <command>&COMMANDNAME;</command>
151
 
      <group choice="req">
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
 
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
 
155
        <arg choice="plain"><option>-f</option></arg>
 
156
      </group>
 
157
    </cmdsynopsis>
 
158
    <cmdsynopsis>
 
159
      <command>&COMMANDNAME;</command>
 
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-h</option></arg>
152
162
        <arg choice="plain"><option>--help</option></arg>
153
 
        <arg choice="plain"><option>-h</option></arg>
154
163
      </group>
155
164
    </cmdsynopsis>
156
165
    <cmdsynopsis>
157
166
      <command>&COMMANDNAME;</command>
158
167
      <group choice="req">
 
168
        <arg choice="plain"><option>-v</option></arg>
159
169
        <arg choice="plain"><option>--version</option></arg>
160
 
        <arg choice="plain"><option>-v</option></arg>
161
170
      </group>
162
171
    </cmdsynopsis>
163
172
  </refsynopsisdiv>
164
 
  
 
173
 
165
174
  <refsect1 id="description">
166
175
    <title>DESCRIPTION</title>
167
176
    <para>
168
177
      <command>&COMMANDNAME;</command> is a program to generate the
169
 
      OpenPGP key used by
170
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
171
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
178
      OpenPGP keys used by
 
179
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
180
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
172
181
      normally written to /etc/mandos for later installation into the
173
 
      initrd image, but this, and most other things, can be changed
174
 
      with command line options.
175
 
    </para>
176
 
    <para>
177
 
      This program can also be used with the
178
 
      <option>--password</option> or <option>--passfile</option>
179
 
      options to generate a ready-made section for
180
 
      <filename>clients.conf</filename> (see
181
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
182
 
      <manvolnum>5</manvolnum></citerefentry>).
 
182
      initrd image, but this, like most things, can be changed with
 
183
      command line options.
183
184
    </para>
184
185
  </refsect1>
185
186
  
186
187
  <refsect1 id="purpose">
187
188
    <title>PURPOSE</title>
 
189
 
188
190
    <para>
189
191
      The purpose of this is to enable <emphasis>remote and unattended
190
192
      rebooting</emphasis> of client host computer with an
191
193
      <emphasis>encrypted root file system</emphasis>.  See <xref
192
194
      linkend="overview"/> for details.
193
195
    </para>
 
196
 
194
197
  </refsect1>
195
198
  
196
199
  <refsect1 id="options">
197
200
    <title>OPTIONS</title>
198
 
    
 
201
 
199
202
    <variablelist>
200
203
      <varlistentry>
201
 
        <term><option>--help</option></term>
202
 
        <term><option>-h</option></term>
 
204
        <term><literal>-h</literal>, <literal>--help</literal></term>
203
205
        <listitem>
204
206
          <para>
205
207
            Show a help message and exit
206
208
          </para>
207
209
        </listitem>
208
210
      </varlistentry>
209
 
      
210
 
      <varlistentry>
211
 
        <term><option>--dir
212
 
        <replaceable>DIRECTORY</replaceable></option></term>
213
 
        <term><option>-d
214
 
        <replaceable>DIRECTORY</replaceable></option></term>
215
 
        <listitem>
216
 
          <para>
217
 
            Target directory for key files.  Default is
218
 
            <filename class="directory">/etc/mandos</filename>.
219
 
          </para>
220
 
        </listitem>
221
 
      </varlistentry>
222
 
      
223
 
      <varlistentry>
224
 
        <term><option>--type
225
 
        <replaceable>TYPE</replaceable></option></term>
226
 
        <term><option>-t
227
 
        <replaceable>TYPE</replaceable></option></term>
228
 
        <listitem>
229
 
          <para>
230
 
            Key type.  Default is <quote>RSA</quote>.
231
 
          </para>
232
 
        </listitem>
233
 
      </varlistentry>
234
 
      
235
 
      <varlistentry>
236
 
        <term><option>--length
237
 
        <replaceable>BITS</replaceable></option></term>
238
 
        <term><option>-l
239
 
        <replaceable>BITS</replaceable></option></term>
240
 
        <listitem>
241
 
          <para>
242
 
            Key length in bits.  Default is 4096.
243
 
          </para>
244
 
        </listitem>
245
 
      </varlistentry>
246
 
      
247
 
      <varlistentry>
248
 
        <term><option>--subtype
249
 
        <replaceable>KEYTYPE</replaceable></option></term>
250
 
        <term><option>-s
251
 
        <replaceable>KEYTYPE</replaceable></option></term>
252
 
        <listitem>
253
 
          <para>
254
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
211
 
 
212
      <varlistentry>
 
213
        <term><literal>-d</literal>, <literal>--dir
 
214
        <replaceable>directory</replaceable></literal></term>
 
215
        <listitem>
 
216
          <para>
 
217
            Target directory for key files.
 
218
          </para>
 
219
        </listitem>
 
220
      </varlistentry>
 
221
 
 
222
      <varlistentry>
 
223
        <term><literal>-t</literal>, <literal>--type
 
224
        <replaceable>type</replaceable></literal></term>
 
225
        <listitem>
 
226
          <para>
 
227
            Key type.  Default is <quote>DSA</quote>.
 
228
          </para>
 
229
        </listitem>
 
230
      </varlistentry>
 
231
 
 
232
      <varlistentry>
 
233
        <term><literal>-l</literal>, <literal>--length
 
234
        <replaceable>bits</replaceable></literal></term>
 
235
        <listitem>
 
236
          <para>
 
237
            Key length in bits.  Default is 1024.
 
238
          </para>
 
239
        </listitem>
 
240
      </varlistentry>
 
241
 
 
242
      <varlistentry>
 
243
        <term><literal>-s</literal>, <literal>--subtype
 
244
        <replaceable>type</replaceable></literal></term>
 
245
        <listitem>
 
246
          <para>
 
247
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
255
248
            encryption-only).
256
249
          </para>
257
250
        </listitem>
258
251
      </varlistentry>
259
 
      
 
252
 
260
253
      <varlistentry>
261
 
        <term><option>--sublength
262
 
        <replaceable>BITS</replaceable></option></term>
263
 
        <term><option>-L
264
 
        <replaceable>BITS</replaceable></option></term>
 
254
        <term><literal>-L</literal>, <literal>--sublength
 
255
        <replaceable>bits</replaceable></literal></term>
265
256
        <listitem>
266
257
          <para>
267
 
            Subkey length in bits.  Default is 4096.
 
258
            Subkey length in bits.  Default is 2048.
268
259
          </para>
269
260
        </listitem>
270
261
      </varlistentry>
271
 
      
 
262
 
272
263
      <varlistentry>
273
 
        <term><option>--email
274
 
        <replaceable>ADDRESS</replaceable></option></term>
275
 
        <term><option>-e
276
 
        <replaceable>ADDRESS</replaceable></option></term>
 
264
        <term><literal>-e</literal>, <literal>--email</literal>
 
265
        <replaceable>address</replaceable></term>
277
266
        <listitem>
278
267
          <para>
279
268
            Email address of key.  Default is empty.
280
269
          </para>
281
270
        </listitem>
282
271
      </varlistentry>
283
 
      
 
272
 
284
273
      <varlistentry>
285
 
        <term><option>--comment
286
 
        <replaceable>TEXT</replaceable></option></term>
287
 
        <term><option>-c
288
 
        <replaceable>TEXT</replaceable></option></term>
 
274
        <term><literal>-c</literal>, <literal>--comment</literal>
 
275
        <replaceable>comment</replaceable></term>
289
276
        <listitem>
290
277
          <para>
291
 
            Comment field for key.  Default is empty.
 
278
            Comment field for key.  The default value is
 
279
            <quote><literal>Mandos client key</literal></quote>.
292
280
          </para>
293
281
        </listitem>
294
282
      </varlistentry>
295
 
      
 
283
 
296
284
      <varlistentry>
297
 
        <term><option>--expire
298
 
        <replaceable>TIME</replaceable></option></term>
299
 
        <term><option>-x
300
 
        <replaceable>TIME</replaceable></option></term>
 
285
        <term><literal>-x</literal>, <literal>--expire</literal>
 
286
        <replaceable>time</replaceable></term>
301
287
        <listitem>
302
288
          <para>
303
289
            Key expire time.  Default is no expiration.  See
306
292
          </para>
307
293
        </listitem>
308
294
      </varlistentry>
309
 
      
310
 
      <varlistentry>
311
 
        <term><option>--force</option></term>
312
 
        <term><option>-f</option></term>
313
 
        <listitem>
314
 
          <para>
315
 
            Force overwriting old key.
316
 
          </para>
317
 
        </listitem>
318
 
      </varlistentry>
319
 
      <varlistentry>
320
 
        <term><option>--password</option></term>
321
 
        <term><option>-p</option></term>
322
 
        <listitem>
323
 
          <para>
324
 
            Prompt for a password and encrypt it with the key already
325
 
            present in either <filename>/etc/mandos</filename> or the
326
 
            directory specified with the <option>--dir</option>
327
 
            option.  Outputs, on standard output, a section suitable
328
 
            for inclusion in <citerefentry><refentrytitle
329
 
            >mandos-clients.conf</refentrytitle><manvolnum
330
 
            >8</manvolnum></citerefentry>.  The host name or the name
331
 
            specified with the <option>--name</option> option is used
332
 
            for the section header.  All other options are ignored,
333
 
            and no key is created.
334
 
          </para>
335
 
        </listitem>
336
 
      </varlistentry>
337
 
      <varlistentry>
338
 
        <term><option>--passfile
339
 
        <replaceable>FILE</replaceable></option></term>
340
 
        <term><option>-F
341
 
        <replaceable>FILE</replaceable></option></term>
342
 
        <listitem>
343
 
          <para>
344
 
            The same as <option>--password</option>, but read from
345
 
            <replaceable>FILE</replaceable>, not the terminal.
 
295
 
 
296
      <varlistentry>
 
297
        <term><literal>-f</literal>, <literal>--force</literal></term>
 
298
        <listitem>
 
299
          <para>
 
300
            Force overwriting old keys.
346
301
          </para>
347
302
        </listitem>
348
303
      </varlistentry>
349
304
    </variablelist>
350
305
  </refsect1>
351
 
  
 
306
 
352
307
  <refsect1 id="overview">
353
308
    <title>OVERVIEW</title>
354
309
    <xi:include href="overview.xml"/>
355
310
    <para>
356
311
      This program is a small utility to generate new OpenPGP keys for
357
 
      new Mandos clients, and to generate sections for inclusion in
358
 
      <filename>clients.conf</filename> on the server.
 
312
      new Mandos clients.
359
313
    </para>
360
314
  </refsect1>
361
 
  
 
315
 
362
316
  <refsect1 id="exit_status">
363
317
    <title>EXIT STATUS</title>
364
318
    <para>
365
 
      The exit status will be 0 if a new key (or password, if the
366
 
      <option>--password</option> option was used) was successfully
367
 
      created, otherwise not.
 
319
      The exit status will be 0 if new keys were successfully created,
 
320
      otherwise not.
368
321
    </para>
369
322
  </refsect1>
370
323
  
372
325
    <title>ENVIRONMENT</title>
373
326
    <variablelist>
374
327
      <varlistentry>
375
 
        <term><envar>TMPDIR</envar></term>
 
328
        <term><varname>TMPDIR</varname></term>
376
329
        <listitem>
377
330
          <para>
378
331
            If set, temporary files will be created here. See
384
337
    </variablelist>
385
338
  </refsect1>
386
339
  
387
 
  <refsect1 id="files">
 
340
  <refsect1 id="file">
388
341
    <title>FILES</title>
389
342
    <para>
390
343
      Use the <option>--dir</option> option to change where
411
364
        </listitem>
412
365
      </varlistentry>
413
366
      <varlistentry>
414
 
        <term><filename class="directory">/tmp</filename></term>
 
367
        <term><filename>/tmp</filename></term>
415
368
        <listitem>
416
369
          <para>
417
370
            Temporary files will be written here if
421
374
      </varlistentry>
422
375
    </variablelist>
423
376
  </refsect1>
424
 
  
425
 
<!--   <refsect1 id="bugs"> -->
426
 
<!--     <title>BUGS</title> -->
427
 
<!--     <para> -->
428
 
<!--     </para> -->
429
 
<!--   </refsect1> -->
430
 
  
 
377
 
 
378
  <refsect1 id="bugs">
 
379
    <title>BUGS</title>
 
380
    <para>
 
381
      None are known at this time.
 
382
    </para>
 
383
  </refsect1>
 
384
 
431
385
  <refsect1 id="example">
432
386
    <title>EXAMPLE</title>
433
387
    <informalexample>
435
389
        Normal invocation needs no options:
436
390
      </para>
437
391
      <para>
438
 
        <userinput>&COMMANDNAME;</userinput>
 
392
        <userinput>mandos-keygen</userinput>
439
393
      </para>
440
394
    </informalexample>
441
395
    <informalexample>
442
396
      <para>
443
 
        Create key in another directory and of another type.  Force
 
397
        Create keys in another directory and of another type.  Force
444
398
        overwriting old key files:
445
399
      </para>
446
400
      <para>
447
401
 
448
402
<!-- do not wrap this line -->
449
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
450
 
 
451
 
      </para>
452
 
    </informalexample>
453
 
    <informalexample>
454
 
      <para>
455
 
        Prompt for a password, encrypt it with the key in <filename
456
 
        class="directory">/etc/mandos</filename> and output a section
457
 
        suitable for <filename>clients.conf</filename>.
458
 
      </para>
459
 
      <para>
460
 
        <userinput>&COMMANDNAME; --password</userinput>
461
 
      </para>
462
 
    </informalexample>
463
 
    <informalexample>
464
 
      <para>
465
 
        Prompt for a password, encrypt it with the key in the
466
 
        <filename>client-key</filename> directory and output a section
467
 
        suitable for <filename>clients.conf</filename>.
468
 
      </para>
469
 
      <para>
470
 
 
471
 
<!-- do not wrap this line -->
472
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
403
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
473
404
 
474
405
      </para>
475
406
    </informalexample>
476
407
  </refsect1>
477
 
  
 
408
 
478
409
  <refsect1 id="security">
479
410
    <title>SECURITY</title>
480
411
    <para>
481
412
      The <option>--type</option>, <option>--length</option>,
482
413
      <option>--subtype</option>, and <option>--sublength</option>
483
 
      options can be used to create keys of low security.  If in
484
 
      doubt, leave them to the default values.
 
414
      options can be used to create keys of insufficient security.  If
 
415
      in doubt, leave them to the default values.
485
416
    </para>
486
417
    <para>
487
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
488
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
418
      The key expire time is not guaranteed to be honored by
 
419
      <citerefentry><refentrytitle>mandos</refentrytitle>
489
420
      <manvolnum>8</manvolnum></citerefentry>.
490
421
    </para>
491
422
  </refsect1>
492
 
  
 
423
 
493
424
  <refsect1 id="see_also">
494
425
    <title>SEE ALSO</title>
495
426
    <para>
496
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
427
      <citerefentry><refentrytitle>password-request</refentrytitle>
497
428
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
429
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
430
      <manvolnum>8</manvolnum></citerefentry>,
498
431
      <citerefentry><refentrytitle>gpg</refentrytitle>
499
 
      <manvolnum>1</manvolnum></citerefentry>,
500
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
501
 
      <manvolnum>5</manvolnum></citerefentry>,
502
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
503
 
      <manvolnum>8</manvolnum></citerefentry>,
504
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
505
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
432
      <manvolnum>1</manvolnum></citerefentry>
506
433
    </para>
507
434
  </refsect1>
508
435
  
509
436
</refentry>
510
 
<!-- Local Variables: -->
511
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
512
 
<!-- time-stamp-end: "[\"']>" -->
513
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
514
 
<!-- End: -->