/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

merge + small bugfix

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2014-06-22">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
20
17
        <surname>Påhlsson</surname>
21
18
        <address>
22
 
          <email>belorn@recompile.se</email>
 
19
          <email>belorn@fukt.bsnet.se</email>
23
20
        </address>
24
21
      </author>
25
22
      <author>
26
23
        <firstname>Teddy</firstname>
27
24
        <surname>Hogeborn</surname>
28
25
        <address>
29
 
          <email>teddy@recompile.se</email>
 
26
          <email>teddy@fukt.bsnet.se</email>
30
27
        </address>
31
28
      </author>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
 
      <year>2012</year>
38
32
      <holder>Teddy Hogeborn</holder>
39
33
      <holder>Björn Påhlsson</holder>
40
34
    </copyright>
41
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
42
58
  </refentryinfo>
43
 
  
 
59
 
44
60
  <refmeta>
45
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
46
62
    <manvolnum>8</manvolnum>
49
65
  <refnamediv>
50
66
    <refname><command>&COMMANDNAME;</command></refname>
51
67
    <refpurpose>
52
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
53
70
    </refpurpose>
54
71
  </refnamediv>
55
 
  
 
72
 
56
73
  <refsynopsisdiv>
57
74
    <cmdsynopsis>
58
75
      <command>&COMMANDNAME;</command>
59
 
      <group>
60
 
        <arg choice="plain"><option>--dir
61
 
        <replaceable>DIRECTORY</replaceable></option></arg>
62
 
        <arg choice="plain"><option>-d
63
 
        <replaceable>DIRECTORY</replaceable></option></arg>
64
 
      </group>
65
 
      <sbr/>
66
 
      <group>
67
 
        <arg choice="plain"><option>--type
68
 
        <replaceable>KEYTYPE</replaceable></option></arg>
69
 
        <arg choice="plain"><option>-t
70
 
        <replaceable>KEYTYPE</replaceable></option></arg>
71
 
      </group>
72
 
      <sbr/>
73
 
      <group>
74
 
        <arg choice="plain"><option>--length
75
 
        <replaceable>BITS</replaceable></option></arg>
76
 
        <arg choice="plain"><option>-l
77
 
        <replaceable>BITS</replaceable></option></arg>
78
 
      </group>
79
 
      <sbr/>
80
 
      <group>
81
 
        <arg choice="plain"><option>--subtype
82
 
        <replaceable>KEYTYPE</replaceable></option></arg>
83
 
        <arg choice="plain"><option>-s
84
 
        <replaceable>KEYTYPE</replaceable></option></arg>
85
 
      </group>
86
 
      <sbr/>
87
 
      <group>
88
 
        <arg choice="plain"><option>--sublength
89
 
        <replaceable>BITS</replaceable></option></arg>
90
 
        <arg choice="plain"><option>-L
91
 
        <replaceable>BITS</replaceable></option></arg>
92
 
      </group>
93
 
      <sbr/>
94
 
      <group>
95
 
        <arg choice="plain"><option>--name
96
 
        <replaceable>NAME</replaceable></option></arg>
97
 
        <arg choice="plain"><option>-n
98
 
        <replaceable>NAME</replaceable></option></arg>
99
 
      </group>
100
 
      <sbr/>
101
 
      <group>
102
 
        <arg choice="plain"><option>--email
103
 
        <replaceable>ADDRESS</replaceable></option></arg>
104
 
        <arg choice="plain"><option>-e
105
 
        <replaceable>ADDRESS</replaceable></option></arg>
106
 
      </group>
107
 
      <sbr/>
108
 
      <group>
109
 
        <arg choice="plain"><option>--comment
110
 
        <replaceable>TEXT</replaceable></option></arg>
111
 
        <arg choice="plain"><option>-c
112
 
        <replaceable>TEXT</replaceable></option></arg>
113
 
      </group>
114
 
      <sbr/>
115
 
      <group>
116
 
        <arg choice="plain"><option>--expire
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
        <arg choice="plain"><option>-x
119
 
        <replaceable>TIME</replaceable></option></arg>
120
 
      </group>
121
 
      <sbr/>
122
 
      <group>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
123
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
124
155
        <arg choice="plain"><option>-f</option></arg>
125
156
      </group>
126
157
    </cmdsynopsis>
127
158
    <cmdsynopsis>
128
159
      <command>&COMMANDNAME;</command>
129
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
130
162
        <arg choice="plain"><option>--password</option></arg>
131
 
        <arg choice="plain"><option>-p</option></arg>
132
 
        <arg choice="plain"><option>--passfile
133
 
        <replaceable>FILE</replaceable></option></arg>
134
 
        <arg choice="plain"><option>-F</option>
135
 
        <replaceable>FILE</replaceable></arg>
136
 
      </group>
137
 
      <sbr/>
138
 
      <group>
139
 
        <arg choice="plain"><option>--dir
140
 
        <replaceable>DIRECTORY</replaceable></option></arg>
141
 
        <arg choice="plain"><option>-d
142
 
        <replaceable>DIRECTORY</replaceable></option></arg>
143
 
      </group>
144
 
      <sbr/>
145
 
      <group>
146
 
        <arg choice="plain"><option>--name
147
 
        <replaceable>NAME</replaceable></option></arg>
148
 
        <arg choice="plain"><option>-n
149
 
        <replaceable>NAME</replaceable></option></arg>
150
 
      </group>
151
 
      <group>
152
 
        <arg choice="plain"><option>--no-ssh</option></arg>
153
 
        <arg choice="plain"><option>-S</option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
154
171
      </group>
155
172
    </cmdsynopsis>
156
173
    <cmdsynopsis>
157
174
      <command>&COMMANDNAME;</command>
158
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
159
177
        <arg choice="plain"><option>--help</option></arg>
160
 
        <arg choice="plain"><option>-h</option></arg>
161
178
      </group>
162
179
    </cmdsynopsis>
163
180
    <cmdsynopsis>
164
181
      <command>&COMMANDNAME;</command>
165
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
166
184
        <arg choice="plain"><option>--version</option></arg>
167
 
        <arg choice="plain"><option>-v</option></arg>
168
185
      </group>
169
186
    </cmdsynopsis>
170
187
  </refsynopsisdiv>
171
 
  
 
188
 
172
189
  <refsect1 id="description">
173
190
    <title>DESCRIPTION</title>
174
191
    <para>
175
192
      <command>&COMMANDNAME;</command> is a program to generate the
176
 
      OpenPGP key used by
177
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
178
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
179
196
      normally written to /etc/mandos for later installation into the
180
 
      initrd image, but this, and most other things, can be changed
181
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
182
199
    </para>
183
200
    <para>
184
 
      This program can also be used with the
185
 
      <option>--password</option> or <option>--passfile</option>
186
 
      options to generate a ready-made section for
187
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
188
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
189
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
190
205
    </para>
191
206
  </refsect1>
192
207
  
193
208
  <refsect1 id="purpose">
194
209
    <title>PURPOSE</title>
 
210
 
195
211
    <para>
196
212
      The purpose of this is to enable <emphasis>remote and unattended
197
213
      rebooting</emphasis> of client host computer with an
198
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
199
215
      linkend="overview"/> for details.
200
216
    </para>
 
217
 
201
218
  </refsect1>
202
219
  
203
220
  <refsect1 id="options">
204
221
    <title>OPTIONS</title>
205
 
    
 
222
 
206
223
    <variablelist>
207
224
      <varlistentry>
208
 
        <term><option>--help</option></term>
209
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
210
226
        <listitem>
211
227
          <para>
212
228
            Show a help message and exit
213
229
          </para>
214
230
        </listitem>
215
231
      </varlistentry>
216
 
      
 
232
 
217
233
      <varlistentry>
218
 
        <term><option>--dir
219
 
        <replaceable>DIRECTORY</replaceable></option></term>
220
 
        <term><option>-d
221
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
222
236
        <listitem>
223
237
          <para>
224
238
            Target directory for key files.  Default is
225
 
            <filename class="directory">/etc/mandos</filename>.
226
 
          </para>
227
 
        </listitem>
228
 
      </varlistentry>
229
 
      
230
 
      <varlistentry>
231
 
        <term><option>--type
232
 
        <replaceable>TYPE</replaceable></option></term>
233
 
        <term><option>-t
234
 
        <replaceable>TYPE</replaceable></option></term>
235
 
        <listitem>
236
 
          <para>
237
 
            Key type.  Default is <quote>RSA</quote>.
238
 
          </para>
239
 
        </listitem>
240
 
      </varlistentry>
241
 
      
242
 
      <varlistentry>
243
 
        <term><option>--length
244
 
        <replaceable>BITS</replaceable></option></term>
245
 
        <term><option>-l
246
 
        <replaceable>BITS</replaceable></option></term>
247
 
        <listitem>
248
 
          <para>
249
 
            Key length in bits.  Default is 4096.
250
 
          </para>
251
 
        </listitem>
252
 
      </varlistentry>
253
 
      
254
 
      <varlistentry>
255
 
        <term><option>--subtype
256
 
        <replaceable>KEYTYPE</replaceable></option></term>
257
 
        <term><option>-s
258
 
        <replaceable>KEYTYPE</replaceable></option></term>
259
 
        <listitem>
260
 
          <para>
261
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
239
            <filename>/etc/mandos</filename>.
 
240
          </para>
 
241
        </listitem>
 
242
      </varlistentry>
 
243
 
 
244
      <varlistentry>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
 
247
        <listitem>
 
248
          <para>
 
249
            Key type.  Default is <quote>DSA</quote>.
 
250
          </para>
 
251
        </listitem>
 
252
      </varlistentry>
 
253
 
 
254
      <varlistentry>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
 
257
        <listitem>
 
258
          <para>
 
259
            Key length in bits.  Default is 1024.
 
260
          </para>
 
261
        </listitem>
 
262
      </varlistentry>
 
263
 
 
264
      <varlistentry>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
 
267
        <listitem>
 
268
          <para>
 
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
262
270
            encryption-only).
263
271
          </para>
264
272
        </listitem>
265
273
      </varlistentry>
266
 
      
 
274
 
267
275
      <varlistentry>
268
 
        <term><option>--sublength
269
 
        <replaceable>BITS</replaceable></option></term>
270
 
        <term><option>-L
271
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
272
278
        <listitem>
273
279
          <para>
274
 
            Subkey length in bits.  Default is 4096.
 
280
            Subkey length in bits.  Default is 2048.
275
281
          </para>
276
282
        </listitem>
277
283
      </varlistentry>
278
 
      
 
284
 
279
285
      <varlistentry>
280
 
        <term><option>--email
281
 
        <replaceable>ADDRESS</replaceable></option></term>
282
 
        <term><option>-e
283
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
284
288
        <listitem>
285
289
          <para>
286
290
            Email address of key.  Default is empty.
287
291
          </para>
288
292
        </listitem>
289
293
      </varlistentry>
290
 
      
 
294
 
291
295
      <varlistentry>
292
 
        <term><option>--comment
293
 
        <replaceable>TEXT</replaceable></option></term>
294
 
        <term><option>-c
295
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
296
298
        <listitem>
297
299
          <para>
298
 
            Comment field for key.  Default is empty.
 
300
            Comment field for key.  The default value is
 
301
            <quote><literal>Mandos client key</literal></quote>.
299
302
          </para>
300
303
        </listitem>
301
304
      </varlistentry>
302
 
      
 
305
 
303
306
      <varlistentry>
304
 
        <term><option>--expire
305
 
        <replaceable>TIME</replaceable></option></term>
306
 
        <term><option>-x
307
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
308
309
        <listitem>
309
310
          <para>
310
311
            Key expire time.  Default is no expiration.  See
313
314
          </para>
314
315
        </listitem>
315
316
      </varlistentry>
316
 
      
 
317
 
317
318
      <varlistentry>
318
 
        <term><option>--force</option></term>
319
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
320
320
        <listitem>
321
321
          <para>
322
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
323
323
          </para>
324
324
        </listitem>
325
325
      </varlistentry>
326
326
      <varlistentry>
327
 
        <term><option>--password</option></term>
328
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
329
329
        <listitem>
330
330
          <para>
331
331
            Prompt for a password and encrypt it with the key already
337
337
            >8</manvolnum></citerefentry>.  The host name or the name
338
338
            specified with the <option>--name</option> option is used
339
339
            for the section header.  All other options are ignored,
340
 
            and no key is created.
341
 
          </para>
342
 
        </listitem>
343
 
      </varlistentry>
344
 
      <varlistentry>
345
 
        <term><option>--passfile
346
 
        <replaceable>FILE</replaceable></option></term>
347
 
        <term><option>-F
348
 
        <replaceable>FILE</replaceable></option></term>
349
 
        <listitem>
350
 
          <para>
351
 
            The same as <option>--password</option>, but read from
352
 
            <replaceable>FILE</replaceable>, not the terminal.
353
 
          </para>
354
 
        </listitem>
355
 
      </varlistentry>
356
 
      <varlistentry>
357
 
        <term><option>--no-ssh</option></term>
358
 
        <term><option>-S</option></term>
359
 
        <listitem>
360
 
          <para>
361
 
            When <option>--password</option> or
362
 
            <option>--passfile</option> is given, this option will
363
 
            prevent <command>&COMMANDNAME;</command> from calling
364
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
365
 
            for this host and, if successful, output suitable config
366
 
            options to use this fingerprint as a
367
 
            <option>checker</option> option in the output.  This is
368
 
            otherwise the default behavior.
 
340
            and no keys are created.
369
341
          </para>
370
342
        </listitem>
371
343
      </varlistentry>
372
344
    </variablelist>
373
345
  </refsect1>
374
 
  
 
346
 
375
347
  <refsect1 id="overview">
376
348
    <title>OVERVIEW</title>
377
349
    <xi:include href="overview.xml"/>
378
350
    <para>
379
351
      This program is a small utility to generate new OpenPGP keys for
380
 
      new Mandos clients, and to generate sections for inclusion in
381
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
382
353
    </para>
383
354
  </refsect1>
384
 
  
 
355
 
385
356
  <refsect1 id="exit_status">
386
357
    <title>EXIT STATUS</title>
387
358
    <para>
388
 
      The exit status will be 0 if a new key (or password, if the
389
 
      <option>--password</option> option was used) was successfully
390
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
391
361
    </para>
392
362
  </refsect1>
393
363
  
395
365
    <title>ENVIRONMENT</title>
396
366
    <variablelist>
397
367
      <varlistentry>
398
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
399
369
        <listitem>
400
370
          <para>
401
371
            If set, temporary files will be created here. See
407
377
    </variablelist>
408
378
  </refsect1>
409
379
  
410
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
411
381
    <title>FILES</title>
412
382
    <para>
413
383
      Use the <option>--dir</option> option to change where
434
404
        </listitem>
435
405
      </varlistentry>
436
406
      <varlistentry>
437
 
        <term><filename class="directory">/tmp</filename></term>
 
407
        <term><filename>/tmp</filename></term>
438
408
        <listitem>
439
409
          <para>
440
410
            Temporary files will be written here if
444
414
      </varlistentry>
445
415
    </variablelist>
446
416
  </refsect1>
447
 
  
448
 
<!--   <refsect1 id="bugs"> -->
449
 
<!--     <title>BUGS</title> -->
450
 
<!--     <para> -->
451
 
<!--     </para> -->
452
 
<!--   </refsect1> -->
453
 
  
 
417
 
 
418
  <refsect1 id="bugs">
 
419
    <title>BUGS</title>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
 
423
  </refsect1>
 
424
 
454
425
  <refsect1 id="example">
455
426
    <title>EXAMPLE</title>
456
427
    <informalexample>
458
429
        Normal invocation needs no options:
459
430
      </para>
460
431
      <para>
461
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
462
433
      </para>
463
434
    </informalexample>
464
435
    <informalexample>
465
436
      <para>
466
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
467
438
        overwriting old key files:
468
439
      </para>
469
440
      <para>
470
441
 
471
442
<!-- do not wrap this line -->
472
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
473
 
 
474
 
      </para>
475
 
    </informalexample>
476
 
    <informalexample>
477
 
      <para>
478
 
        Prompt for a password, encrypt it with the key in <filename
479
 
        class="directory">/etc/mandos</filename> and output a section
480
 
        suitable for <filename>clients.conf</filename>.
481
 
      </para>
482
 
      <para>
483
 
        <userinput>&COMMANDNAME; --password</userinput>
484
 
      </para>
485
 
    </informalexample>
486
 
    <informalexample>
487
 
      <para>
488
 
        Prompt for a password, encrypt it with the key in the
489
 
        <filename>client-key</filename> directory and output a section
490
 
        suitable for <filename>clients.conf</filename>.
491
 
      </para>
492
 
      <para>
493
 
 
494
 
<!-- do not wrap this line -->
495
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
496
444
 
497
445
      </para>
498
446
    </informalexample>
499
447
  </refsect1>
500
 
  
 
448
 
501
449
  <refsect1 id="security">
502
450
    <title>SECURITY</title>
503
451
    <para>
504
452
      The <option>--type</option>, <option>--length</option>,
505
453
      <option>--subtype</option>, and <option>--sublength</option>
506
 
      options can be used to create keys of low security.  If in
507
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
508
456
    </para>
509
457
    <para>
510
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
511
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
512
460
      <manvolnum>8</manvolnum></citerefentry>.
513
461
    </para>
514
462
  </refsect1>
515
 
  
 
463
 
516
464
  <refsect1 id="see_also">
517
465
    <title>SEE ALSO</title>
518
466
    <para>
519
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
520
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
521
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
522
 
      <manvolnum>1</manvolnum></citerefentry>,
523
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
524
 
      <manvolnum>5</manvolnum></citerefentry>,
525
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
526
 
      <manvolnum>8</manvolnum></citerefentry>,
527
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
528
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
529
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
530
472
      <manvolnum>1</manvolnum></citerefentry>
531
473
    </para>
532
474
  </refsect1>
533
475
  
534
476
</refentry>
535
 
<!-- Local Variables: -->
536
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
537
 
<!-- time-stamp-end: "[\"']>" -->
538
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
539
 
<!-- End: -->