/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

merge

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2012-01-01">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
20
17
        <surname>Påhlsson</surname>
21
18
        <address>
22
 
          <email>belorn@recompile.se</email>
 
19
          <email>belorn@fukt.bsnet.se</email>
23
20
        </address>
24
21
      </author>
25
22
      <author>
26
23
        <firstname>Teddy</firstname>
27
24
        <surname>Hogeborn</surname>
28
25
        <address>
29
 
          <email>teddy@recompile.se</email>
 
26
          <email>teddy@fukt.bsnet.se</email>
30
27
        </address>
31
28
      </author>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
 
      <year>2012</year>
38
32
      <holder>Teddy Hogeborn</holder>
39
33
      <holder>Björn Påhlsson</holder>
40
34
    </copyright>
41
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
42
58
  </refentryinfo>
43
 
  
 
59
 
44
60
  <refmeta>
45
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
46
62
    <manvolnum>8</manvolnum>
49
65
  <refnamediv>
50
66
    <refname><command>&COMMANDNAME;</command></refname>
51
67
    <refpurpose>
52
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
53
70
    </refpurpose>
54
71
  </refnamediv>
55
 
  
 
72
 
56
73
  <refsynopsisdiv>
57
74
    <cmdsynopsis>
58
75
      <command>&COMMANDNAME;</command>
59
 
      <group>
60
 
        <arg choice="plain"><option>--dir
61
 
        <replaceable>DIRECTORY</replaceable></option></arg>
62
 
        <arg choice="plain"><option>-d
63
 
        <replaceable>DIRECTORY</replaceable></option></arg>
64
 
      </group>
65
 
      <sbr/>
66
 
      <group>
67
 
        <arg choice="plain"><option>--type
68
 
        <replaceable>KEYTYPE</replaceable></option></arg>
69
 
        <arg choice="plain"><option>-t
70
 
        <replaceable>KEYTYPE</replaceable></option></arg>
71
 
      </group>
72
 
      <sbr/>
73
 
      <group>
74
 
        <arg choice="plain"><option>--length
75
 
        <replaceable>BITS</replaceable></option></arg>
76
 
        <arg choice="plain"><option>-l
77
 
        <replaceable>BITS</replaceable></option></arg>
78
 
      </group>
79
 
      <sbr/>
80
 
      <group>
81
 
        <arg choice="plain"><option>--subtype
82
 
        <replaceable>KEYTYPE</replaceable></option></arg>
83
 
        <arg choice="plain"><option>-s
84
 
        <replaceable>KEYTYPE</replaceable></option></arg>
85
 
      </group>
86
 
      <sbr/>
87
 
      <group>
88
 
        <arg choice="plain"><option>--sublength
89
 
        <replaceable>BITS</replaceable></option></arg>
90
 
        <arg choice="plain"><option>-L
91
 
        <replaceable>BITS</replaceable></option></arg>
92
 
      </group>
93
 
      <sbr/>
94
 
      <group>
95
 
        <arg choice="plain"><option>--name
96
 
        <replaceable>NAME</replaceable></option></arg>
97
 
        <arg choice="plain"><option>-n
98
 
        <replaceable>NAME</replaceable></option></arg>
99
 
      </group>
100
 
      <sbr/>
101
 
      <group>
102
 
        <arg choice="plain"><option>--email
103
 
        <replaceable>ADDRESS</replaceable></option></arg>
104
 
        <arg choice="plain"><option>-e
105
 
        <replaceable>ADDRESS</replaceable></option></arg>
106
 
      </group>
107
 
      <sbr/>
108
 
      <group>
109
 
        <arg choice="plain"><option>--comment
110
 
        <replaceable>TEXT</replaceable></option></arg>
111
 
        <arg choice="plain"><option>-c
112
 
        <replaceable>TEXT</replaceable></option></arg>
113
 
      </group>
114
 
      <sbr/>
115
 
      <group>
116
 
        <arg choice="plain"><option>--expire
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
        <arg choice="plain"><option>-x
119
 
        <replaceable>TIME</replaceable></option></arg>
120
 
      </group>
121
 
      <sbr/>
122
 
      <arg><option>--force</option></arg>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
 
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
 
155
        <arg choice="plain"><option>-f</option></arg>
 
156
      </group>
123
157
    </cmdsynopsis>
124
158
    <cmdsynopsis>
125
159
      <command>&COMMANDNAME;</command>
126
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
127
162
        <arg choice="plain"><option>--password</option></arg>
128
 
        <arg choice="plain"><option>-p</option></arg>
129
 
        <arg choice="plain"><option>--passfile
130
 
        <replaceable>FILE</replaceable></option></arg>
131
 
        <arg choice="plain"><option>-F</option>
132
 
        <replaceable>FILE</replaceable></arg>
133
 
      </group>
134
 
      <sbr/>
135
 
      <group>
136
 
        <arg choice="plain"><option>--dir
137
 
        <replaceable>DIRECTORY</replaceable></option></arg>
138
 
        <arg choice="plain"><option>-d
139
 
        <replaceable>DIRECTORY</replaceable></option></arg>
140
 
      </group>
141
 
      <sbr/>
142
 
      <group>
143
 
        <arg choice="plain"><option>--name
144
 
        <replaceable>NAME</replaceable></option></arg>
145
 
        <arg choice="plain"><option>-n
146
 
        <replaceable>NAME</replaceable></option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
147
171
      </group>
148
172
    </cmdsynopsis>
149
173
    <cmdsynopsis>
150
174
      <command>&COMMANDNAME;</command>
151
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
152
177
        <arg choice="plain"><option>--help</option></arg>
153
 
        <arg choice="plain"><option>-h</option></arg>
154
178
      </group>
155
179
    </cmdsynopsis>
156
180
    <cmdsynopsis>
157
181
      <command>&COMMANDNAME;</command>
158
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
159
184
        <arg choice="plain"><option>--version</option></arg>
160
 
        <arg choice="plain"><option>-v</option></arg>
161
185
      </group>
162
186
    </cmdsynopsis>
163
187
  </refsynopsisdiv>
164
 
  
 
188
 
165
189
  <refsect1 id="description">
166
190
    <title>DESCRIPTION</title>
167
191
    <para>
168
192
      <command>&COMMANDNAME;</command> is a program to generate the
169
 
      OpenPGP key used by
170
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
171
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
172
196
      normally written to /etc/mandos for later installation into the
173
 
      initrd image, but this, and most other things, can be changed
174
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
175
199
    </para>
176
200
    <para>
177
 
      This program can also be used with the
178
 
      <option>--password</option> or <option>--passfile</option>
179
 
      options to generate a ready-made section for
180
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
181
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
182
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
183
205
    </para>
184
206
  </refsect1>
185
207
  
186
208
  <refsect1 id="purpose">
187
209
    <title>PURPOSE</title>
 
210
 
188
211
    <para>
189
212
      The purpose of this is to enable <emphasis>remote and unattended
190
213
      rebooting</emphasis> of client host computer with an
191
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
192
215
      linkend="overview"/> for details.
193
216
    </para>
 
217
 
194
218
  </refsect1>
195
219
  
196
220
  <refsect1 id="options">
197
221
    <title>OPTIONS</title>
198
 
    
 
222
 
199
223
    <variablelist>
200
224
      <varlistentry>
201
 
        <term><option>--help</option></term>
202
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
203
226
        <listitem>
204
227
          <para>
205
228
            Show a help message and exit
206
229
          </para>
207
230
        </listitem>
208
231
      </varlistentry>
209
 
      
 
232
 
210
233
      <varlistentry>
211
 
        <term><option>--dir
212
 
        <replaceable>DIRECTORY</replaceable></option></term>
213
 
        <term><option>-d
214
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
215
236
        <listitem>
216
237
          <para>
217
238
            Target directory for key files.  Default is
218
 
            <filename class="directory">/etc/mandos</filename>.
 
239
            <filename>/etc/mandos</filename>.
219
240
          </para>
220
241
        </listitem>
221
242
      </varlistentry>
222
 
      
 
243
 
223
244
      <varlistentry>
224
 
        <term><option>--type
225
 
        <replaceable>TYPE</replaceable></option></term>
226
 
        <term><option>-t
227
 
        <replaceable>TYPE</replaceable></option></term>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
228
247
        <listitem>
229
248
          <para>
230
249
            Key type.  Default is <quote>DSA</quote>.
231
250
          </para>
232
251
        </listitem>
233
252
      </varlistentry>
234
 
      
 
253
 
235
254
      <varlistentry>
236
 
        <term><option>--length
237
 
        <replaceable>BITS</replaceable></option></term>
238
 
        <term><option>-l
239
 
        <replaceable>BITS</replaceable></option></term>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
240
257
        <listitem>
241
258
          <para>
242
259
            Key length in bits.  Default is 2048.
243
260
          </para>
244
261
        </listitem>
245
262
      </varlistentry>
246
 
      
 
263
 
247
264
      <varlistentry>
248
 
        <term><option>--subtype
249
 
        <replaceable>KEYTYPE</replaceable></option></term>
250
 
        <term><option>-s
251
 
        <replaceable>KEYTYPE</replaceable></option></term>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
252
267
        <listitem>
253
268
          <para>
254
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
256
271
          </para>
257
272
        </listitem>
258
273
      </varlistentry>
259
 
      
 
274
 
260
275
      <varlistentry>
261
 
        <term><option>--sublength
262
 
        <replaceable>BITS</replaceable></option></term>
263
 
        <term><option>-L
264
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
265
278
        <listitem>
266
279
          <para>
267
280
            Subkey length in bits.  Default is 2048.
268
281
          </para>
269
282
        </listitem>
270
283
      </varlistentry>
271
 
      
 
284
 
272
285
      <varlistentry>
273
 
        <term><option>--email
274
 
        <replaceable>ADDRESS</replaceable></option></term>
275
 
        <term><option>-e
276
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
277
288
        <listitem>
278
289
          <para>
279
290
            Email address of key.  Default is empty.
280
291
          </para>
281
292
        </listitem>
282
293
      </varlistentry>
283
 
      
 
294
 
284
295
      <varlistentry>
285
 
        <term><option>--comment
286
 
        <replaceable>TEXT</replaceable></option></term>
287
 
        <term><option>-c
288
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
289
298
        <listitem>
290
299
          <para>
291
300
            Comment field for key.  The default value is
293
302
          </para>
294
303
        </listitem>
295
304
      </varlistentry>
296
 
      
 
305
 
297
306
      <varlistentry>
298
 
        <term><option>--expire
299
 
        <replaceable>TIME</replaceable></option></term>
300
 
        <term><option>-x
301
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
302
309
        <listitem>
303
310
          <para>
304
311
            Key expire time.  Default is no expiration.  See
307
314
          </para>
308
315
        </listitem>
309
316
      </varlistentry>
310
 
      
 
317
 
311
318
      <varlistentry>
312
 
        <term><option>--force</option></term>
313
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
314
320
        <listitem>
315
321
          <para>
316
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
317
323
          </para>
318
324
        </listitem>
319
325
      </varlistentry>
320
326
      <varlistentry>
321
 
        <term><option>--password</option></term>
322
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
323
329
        <listitem>
324
330
          <para>
325
331
            Prompt for a password and encrypt it with the key already
331
337
            >8</manvolnum></citerefentry>.  The host name or the name
332
338
            specified with the <option>--name</option> option is used
333
339
            for the section header.  All other options are ignored,
334
 
            and no key is created.
335
 
          </para>
336
 
        </listitem>
337
 
      </varlistentry>
338
 
      <varlistentry>
339
 
        <term><option>--passfile
340
 
        <replaceable>FILE</replaceable></option></term>
341
 
        <term><option>-F
342
 
        <replaceable>FILE</replaceable></option></term>
343
 
        <listitem>
344
 
          <para>
345
 
            The same as <option>--password</option>, but read from
346
 
            <replaceable>FILE</replaceable>, not the terminal.
 
340
            and no keys are created.
347
341
          </para>
348
342
        </listitem>
349
343
      </varlistentry>
350
344
    </variablelist>
351
345
  </refsect1>
352
 
  
 
346
 
353
347
  <refsect1 id="overview">
354
348
    <title>OVERVIEW</title>
355
349
    <xi:include href="overview.xml"/>
356
350
    <para>
357
351
      This program is a small utility to generate new OpenPGP keys for
358
 
      new Mandos clients, and to generate sections for inclusion in
359
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
360
353
    </para>
361
354
  </refsect1>
362
 
  
 
355
 
363
356
  <refsect1 id="exit_status">
364
357
    <title>EXIT STATUS</title>
365
358
    <para>
366
 
      The exit status will be 0 if a new key (or password, if the
367
 
      <option>--password</option> option was used) was successfully
368
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
369
361
    </para>
370
362
  </refsect1>
371
363
  
373
365
    <title>ENVIRONMENT</title>
374
366
    <variablelist>
375
367
      <varlistentry>
376
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
377
369
        <listitem>
378
370
          <para>
379
371
            If set, temporary files will be created here. See
385
377
    </variablelist>
386
378
  </refsect1>
387
379
  
388
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
389
381
    <title>FILES</title>
390
382
    <para>
391
383
      Use the <option>--dir</option> option to change where
412
404
        </listitem>
413
405
      </varlistentry>
414
406
      <varlistentry>
415
 
        <term><filename class="directory">/tmp</filename></term>
 
407
        <term><filename>/tmp</filename></term>
416
408
        <listitem>
417
409
          <para>
418
410
            Temporary files will be written here if
422
414
      </varlistentry>
423
415
    </variablelist>
424
416
  </refsect1>
425
 
  
426
 
<!--   <refsect1 id="bugs"> -->
427
 
<!--     <title>BUGS</title> -->
428
 
<!--     <para> -->
429
 
<!--     </para> -->
430
 
<!--   </refsect1> -->
431
 
  
 
417
 
 
418
  <refsect1 id="bugs">
 
419
    <title>BUGS</title>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
 
423
  </refsect1>
 
424
 
432
425
  <refsect1 id="example">
433
426
    <title>EXAMPLE</title>
434
427
    <informalexample>
436
429
        Normal invocation needs no options:
437
430
      </para>
438
431
      <para>
439
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
440
433
      </para>
441
434
    </informalexample>
442
435
    <informalexample>
443
436
      <para>
444
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
445
438
        overwriting old key files:
446
439
      </para>
447
440
      <para>
448
441
 
449
442
<!-- do not wrap this line -->
450
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
451
 
 
452
 
      </para>
453
 
    </informalexample>
454
 
    <informalexample>
455
 
      <para>
456
 
        Prompt for a password, encrypt it with the key in <filename
457
 
        class="directory">/etc/mandos</filename> and output a section
458
 
        suitable for <filename>clients.conf</filename>.
459
 
      </para>
460
 
      <para>
461
 
        <userinput>&COMMANDNAME; --password</userinput>
462
 
      </para>
463
 
    </informalexample>
464
 
    <informalexample>
465
 
      <para>
466
 
        Prompt for a password, encrypt it with the key in the
467
 
        <filename>client-key</filename> directory and output a section
468
 
        suitable for <filename>clients.conf</filename>.
469
 
      </para>
470
 
      <para>
471
 
 
472
 
<!-- do not wrap this line -->
473
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
474
444
 
475
445
      </para>
476
446
    </informalexample>
477
447
  </refsect1>
478
 
  
 
448
 
479
449
  <refsect1 id="security">
480
450
    <title>SECURITY</title>
481
451
    <para>
482
452
      The <option>--type</option>, <option>--length</option>,
483
453
      <option>--subtype</option>, and <option>--sublength</option>
484
 
      options can be used to create keys of low security.  If in
485
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
486
456
    </para>
487
457
    <para>
488
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
489
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
490
460
      <manvolnum>8</manvolnum></citerefentry>.
491
461
    </para>
492
462
  </refsect1>
493
 
  
 
463
 
494
464
  <refsect1 id="see_also">
495
465
    <title>SEE ALSO</title>
496
466
    <para>
497
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
498
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
499
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
500
 
      <manvolnum>1</manvolnum></citerefentry>,
501
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
502
 
      <manvolnum>5</manvolnum></citerefentry>,
503
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
504
 
      <manvolnum>8</manvolnum></citerefentry>,
505
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
506
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
472
      <manvolnum>1</manvolnum></citerefentry>
507
473
    </para>
508
474
  </refsect1>
509
475
  
510
476
</refentry>
511
 
<!-- Local Variables: -->
512
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
513
 
<!-- time-stamp-end: "[\"']>" -->
514
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
515
 
<!-- End: -->