/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

merge

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2014-06-22">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-08-29">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
11
    <title>Mandos Manual</title>
13
12
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
19
18
        <firstname>Björn</firstname>
20
19
        <surname>Påhlsson</surname>
21
20
        <address>
22
 
          <email>belorn@recompile.se</email>
 
21
          <email>belorn@fukt.bsnet.se</email>
23
22
        </address>
24
23
      </author>
25
24
      <author>
26
25
        <firstname>Teddy</firstname>
27
26
        <surname>Hogeborn</surname>
28
27
        <address>
29
 
          <email>teddy@recompile.se</email>
 
28
          <email>teddy@fukt.bsnet.se</email>
30
29
        </address>
31
30
      </author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
 
      <year>2012</year>
38
34
      <holder>Teddy Hogeborn</holder>
39
35
      <holder>Björn Påhlsson</holder>
40
36
    </copyright>
41
 
    <xi:include href="legalnotice.xml"/>
 
37
    <legalnotice>
 
38
      <para>
 
39
        This manual page is free software: you can redistribute it
 
40
        and/or modify it under the terms of the GNU General Public
 
41
        License as published by the Free Software Foundation,
 
42
        either version 3 of the License, or (at your option) any
 
43
        later version.
 
44
      </para>
 
45
 
 
46
      <para>
 
47
        This manual page is distributed in the hope that it will
 
48
        be useful, but WITHOUT ANY WARRANTY; without even the
 
49
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
50
        PARTICULAR PURPOSE.  See the GNU General Public License
 
51
        for more details.
 
52
      </para>
 
53
 
 
54
      <para>
 
55
        You should have received a copy of the GNU General Public
 
56
        License along with this program; If not, see
 
57
        <ulink url="http://www.gnu.org/licenses/"/>.
 
58
      </para>
 
59
    </legalnotice>
42
60
  </refentryinfo>
43
 
  
 
61
 
44
62
  <refmeta>
45
63
    <refentrytitle>&COMMANDNAME;</refentrytitle>
46
64
    <manvolnum>8</manvolnum>
49
67
  <refnamediv>
50
68
    <refname><command>&COMMANDNAME;</command></refname>
51
69
    <refpurpose>
52
 
      Generate key and password for Mandos client and server.
 
70
      Generate keys for <citerefentry><refentrytitle>password-request
 
71
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
53
72
    </refpurpose>
54
73
  </refnamediv>
55
 
  
 
74
 
56
75
  <refsynopsisdiv>
57
76
    <cmdsynopsis>
58
77
      <command>&COMMANDNAME;</command>
59
 
      <group>
60
 
        <arg choice="plain"><option>--dir
61
 
        <replaceable>DIRECTORY</replaceable></option></arg>
62
 
        <arg choice="plain"><option>-d
63
 
        <replaceable>DIRECTORY</replaceable></option></arg>
64
 
      </group>
65
 
      <sbr/>
66
 
      <group>
67
 
        <arg choice="plain"><option>--type
68
 
        <replaceable>KEYTYPE</replaceable></option></arg>
69
 
        <arg choice="plain"><option>-t
70
 
        <replaceable>KEYTYPE</replaceable></option></arg>
71
 
      </group>
72
 
      <sbr/>
73
 
      <group>
74
 
        <arg choice="plain"><option>--length
75
 
        <replaceable>BITS</replaceable></option></arg>
76
 
        <arg choice="plain"><option>-l
77
 
        <replaceable>BITS</replaceable></option></arg>
78
 
      </group>
79
 
      <sbr/>
80
 
      <group>
81
 
        <arg choice="plain"><option>--subtype
82
 
        <replaceable>KEYTYPE</replaceable></option></arg>
83
 
        <arg choice="plain"><option>-s
84
 
        <replaceable>KEYTYPE</replaceable></option></arg>
85
 
      </group>
86
 
      <sbr/>
87
 
      <group>
88
 
        <arg choice="plain"><option>--sublength
89
 
        <replaceable>BITS</replaceable></option></arg>
90
 
        <arg choice="plain"><option>-L
91
 
        <replaceable>BITS</replaceable></option></arg>
92
 
      </group>
93
 
      <sbr/>
94
 
      <group>
95
 
        <arg choice="plain"><option>--name
96
 
        <replaceable>NAME</replaceable></option></arg>
97
 
        <arg choice="plain"><option>-n
98
 
        <replaceable>NAME</replaceable></option></arg>
99
 
      </group>
100
 
      <sbr/>
101
 
      <group>
102
 
        <arg choice="plain"><option>--email
103
 
        <replaceable>ADDRESS</replaceable></option></arg>
104
 
        <arg choice="plain"><option>-e
105
 
        <replaceable>ADDRESS</replaceable></option></arg>
106
 
      </group>
107
 
      <sbr/>
108
 
      <group>
109
 
        <arg choice="plain"><option>--comment
110
 
        <replaceable>TEXT</replaceable></option></arg>
111
 
        <arg choice="plain"><option>-c
112
 
        <replaceable>TEXT</replaceable></option></arg>
113
 
      </group>
114
 
      <sbr/>
115
 
      <group>
116
 
        <arg choice="plain"><option>--expire
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
        <arg choice="plain"><option>-x
119
 
        <replaceable>TIME</replaceable></option></arg>
120
 
      </group>
121
 
      <sbr/>
122
 
      <group>
 
78
      <group choice="opt">
 
79
        <arg choice="plain"><option>--dir</option>
 
80
        <replaceable>directory</replaceable></arg>
 
81
      </group>
 
82
      <group choice="opt">
 
83
        <arg choice="plain"><option>--type</option>
 
84
        <replaceable>type</replaceable></arg>
 
85
      </group>
 
86
      <group choice="opt">
 
87
        <arg choice="plain"><option>--length</option>
 
88
        <replaceable>bits</replaceable></arg>
 
89
      </group>
 
90
      <group choice="opt">
 
91
        <arg choice="plain"><option>--subtype</option>
 
92
        <replaceable>type</replaceable></arg>
 
93
      </group>
 
94
      <group choice="opt">
 
95
        <arg choice="plain"><option>--sublength</option>
 
96
        <replaceable>bits</replaceable></arg>
 
97
      </group>
 
98
      <group choice="opt">
 
99
        <arg choice="plain"><option>--name</option>
 
100
        <replaceable>NAME</replaceable></arg>
 
101
      </group>
 
102
      <group choice="opt">
 
103
        <arg choice="plain"><option>--email</option>
 
104
        <replaceable>EMAIL</replaceable></arg>
 
105
      </group>
 
106
      <group choice="opt">
 
107
        <arg choice="plain"><option>--comment</option>
 
108
        <replaceable>COMMENT</replaceable></arg>
 
109
      </group>
 
110
      <group choice="opt">
 
111
        <arg choice="plain"><option>--expire</option>
 
112
        <replaceable>TIME</replaceable></arg>
 
113
      </group>
 
114
      <group choice="opt">
123
115
        <arg choice="plain"><option>--force</option></arg>
 
116
      </group>
 
117
    </cmdsynopsis>
 
118
    <cmdsynopsis>
 
119
      <command>&COMMANDNAME;</command>
 
120
      <group choice="opt">
 
121
        <arg choice="plain"><option>-d</option>
 
122
        <replaceable>directory</replaceable></arg>
 
123
      </group>
 
124
      <group choice="opt">
 
125
        <arg choice="plain"><option>-t</option>
 
126
        <replaceable>type</replaceable></arg>
 
127
      </group>
 
128
      <group choice="opt">
 
129
        <arg choice="plain"><option>-l</option>
 
130
        <replaceable>bits</replaceable></arg>
 
131
      </group>
 
132
      <group choice="opt">
 
133
        <arg choice="plain"><option>-s</option>
 
134
        <replaceable>type</replaceable></arg>
 
135
      </group>
 
136
      <group choice="opt">
 
137
        <arg choice="plain"><option>-L</option>
 
138
        <replaceable>bits</replaceable></arg>
 
139
      </group>
 
140
      <group choice="opt">
 
141
        <arg choice="plain"><option>-n</option>
 
142
        <replaceable>NAME</replaceable></arg>
 
143
      </group>
 
144
      <group choice="opt">
 
145
        <arg choice="plain"><option>-e</option>
 
146
        <replaceable>EMAIL</replaceable></arg>
 
147
      </group>
 
148
      <group choice="opt">
 
149
        <arg choice="plain"><option>-c</option>
 
150
        <replaceable>COMMENT</replaceable></arg>
 
151
      </group>
 
152
      <group choice="opt">
 
153
        <arg choice="plain"><option>-x</option>
 
154
        <replaceable>TIME</replaceable></arg>
 
155
      </group>
 
156
      <group choice="opt">
124
157
        <arg choice="plain"><option>-f</option></arg>
125
158
      </group>
126
159
    </cmdsynopsis>
127
160
    <cmdsynopsis>
128
161
      <command>&COMMANDNAME;</command>
129
162
      <group choice="req">
 
163
        <arg choice="plain"><option>-p</option></arg>
130
164
        <arg choice="plain"><option>--password</option></arg>
131
 
        <arg choice="plain"><option>-p</option></arg>
132
 
        <arg choice="plain"><option>--passfile
133
 
        <replaceable>FILE</replaceable></option></arg>
134
 
        <arg choice="plain"><option>-F</option>
135
 
        <replaceable>FILE</replaceable></arg>
136
 
      </group>
137
 
      <sbr/>
138
 
      <group>
139
 
        <arg choice="plain"><option>--dir
140
 
        <replaceable>DIRECTORY</replaceable></option></arg>
141
 
        <arg choice="plain"><option>-d
142
 
        <replaceable>DIRECTORY</replaceable></option></arg>
143
 
      </group>
144
 
      <sbr/>
145
 
      <group>
146
 
        <arg choice="plain"><option>--name
147
 
        <replaceable>NAME</replaceable></option></arg>
148
 
        <arg choice="plain"><option>-n
149
 
        <replaceable>NAME</replaceable></option></arg>
150
 
      </group>
151
 
      <group>
152
 
        <arg choice="plain"><option>--no-ssh</option></arg>
153
 
        <arg choice="plain"><option>-S</option></arg>
 
165
      </group>
 
166
      <group choice="opt">
 
167
        <arg choice="plain"><option>--dir</option>
 
168
        <replaceable>directory</replaceable></arg>
 
169
      </group>
 
170
      <group choice="opt">
 
171
        <arg choice="plain"><option>--name</option>
 
172
        <replaceable>NAME</replaceable></arg>
154
173
      </group>
155
174
    </cmdsynopsis>
156
175
    <cmdsynopsis>
157
176
      <command>&COMMANDNAME;</command>
158
177
      <group choice="req">
 
178
        <arg choice="plain"><option>-h</option></arg>
159
179
        <arg choice="plain"><option>--help</option></arg>
160
 
        <arg choice="plain"><option>-h</option></arg>
161
180
      </group>
162
181
    </cmdsynopsis>
163
182
    <cmdsynopsis>
164
183
      <command>&COMMANDNAME;</command>
165
184
      <group choice="req">
 
185
        <arg choice="plain"><option>-v</option></arg>
166
186
        <arg choice="plain"><option>--version</option></arg>
167
 
        <arg choice="plain"><option>-v</option></arg>
168
187
      </group>
169
188
    </cmdsynopsis>
170
189
  </refsynopsisdiv>
171
 
  
 
190
 
172
191
  <refsect1 id="description">
173
192
    <title>DESCRIPTION</title>
174
193
    <para>
175
194
      <command>&COMMANDNAME;</command> is a program to generate the
176
 
      OpenPGP key used by
177
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
178
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
195
      OpenPGP keys used by
 
196
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
197
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
179
198
      normally written to /etc/mandos for later installation into the
180
 
      initrd image, but this, and most other things, can be changed
181
 
      with command line options.
 
199
      initrd image, but this, like most things, can be changed with
 
200
      command line options.
182
201
    </para>
183
202
    <para>
184
 
      This program can also be used with the
185
 
      <option>--password</option> or <option>--passfile</option>
186
 
      options to generate a ready-made section for
187
 
      <filename>clients.conf</filename> (see
 
203
      It can also be used to generate ready-made sections for
188
204
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
189
 
      <manvolnum>5</manvolnum></citerefentry>).
 
205
      <manvolnum>5</manvolnum></citerefentry> using the
 
206
      <option>--password</option> option.
190
207
    </para>
191
208
  </refsect1>
192
209
  
193
210
  <refsect1 id="purpose">
194
211
    <title>PURPOSE</title>
 
212
 
195
213
    <para>
196
214
      The purpose of this is to enable <emphasis>remote and unattended
197
215
      rebooting</emphasis> of client host computer with an
198
216
      <emphasis>encrypted root file system</emphasis>.  See <xref
199
217
      linkend="overview"/> for details.
200
218
    </para>
 
219
 
201
220
  </refsect1>
202
221
  
203
222
  <refsect1 id="options">
204
223
    <title>OPTIONS</title>
205
 
    
 
224
 
206
225
    <variablelist>
207
226
      <varlistentry>
208
 
        <term><option>--help</option></term>
209
 
        <term><option>-h</option></term>
 
227
        <term><literal>-h</literal>, <literal>--help</literal></term>
210
228
        <listitem>
211
229
          <para>
212
230
            Show a help message and exit
213
231
          </para>
214
232
        </listitem>
215
233
      </varlistentry>
216
 
      
 
234
 
217
235
      <varlistentry>
218
 
        <term><option>--dir
219
 
        <replaceable>DIRECTORY</replaceable></option></term>
220
 
        <term><option>-d
221
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
236
        <term><literal>-d</literal>, <literal>--dir
 
237
        <replaceable>directory</replaceable></literal></term>
222
238
        <listitem>
223
239
          <para>
224
240
            Target directory for key files.  Default is
225
 
            <filename class="directory">/etc/mandos</filename>.
226
 
          </para>
227
 
        </listitem>
228
 
      </varlistentry>
229
 
      
230
 
      <varlistentry>
231
 
        <term><option>--type
232
 
        <replaceable>TYPE</replaceable></option></term>
233
 
        <term><option>-t
234
 
        <replaceable>TYPE</replaceable></option></term>
235
 
        <listitem>
236
 
          <para>
237
 
            Key type.  Default is <quote>RSA</quote>.
238
 
          </para>
239
 
        </listitem>
240
 
      </varlistentry>
241
 
      
242
 
      <varlistentry>
243
 
        <term><option>--length
244
 
        <replaceable>BITS</replaceable></option></term>
245
 
        <term><option>-l
246
 
        <replaceable>BITS</replaceable></option></term>
247
 
        <listitem>
248
 
          <para>
249
 
            Key length in bits.  Default is 4096.
250
 
          </para>
251
 
        </listitem>
252
 
      </varlistentry>
253
 
      
254
 
      <varlistentry>
255
 
        <term><option>--subtype
256
 
        <replaceable>KEYTYPE</replaceable></option></term>
257
 
        <term><option>-s
258
 
        <replaceable>KEYTYPE</replaceable></option></term>
259
 
        <listitem>
260
 
          <para>
261
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
241
            <filename>/etc/mandos</filename>.
 
242
          </para>
 
243
        </listitem>
 
244
      </varlistentry>
 
245
 
 
246
      <varlistentry>
 
247
        <term><literal>-t</literal>, <literal>--type
 
248
        <replaceable>type</replaceable></literal></term>
 
249
        <listitem>
 
250
          <para>
 
251
            Key type.  Default is <quote>DSA</quote>.
 
252
          </para>
 
253
        </listitem>
 
254
      </varlistentry>
 
255
 
 
256
      <varlistentry>
 
257
        <term><literal>-l</literal>, <literal>--length
 
258
        <replaceable>bits</replaceable></literal></term>
 
259
        <listitem>
 
260
          <para>
 
261
            Key length in bits.  Default is 2048.
 
262
          </para>
 
263
        </listitem>
 
264
      </varlistentry>
 
265
 
 
266
      <varlistentry>
 
267
        <term><literal>-s</literal>, <literal>--subtype
 
268
        <replaceable>type</replaceable></literal></term>
 
269
        <listitem>
 
270
          <para>
 
271
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
262
272
            encryption-only).
263
273
          </para>
264
274
        </listitem>
265
275
      </varlistentry>
266
 
      
 
276
 
267
277
      <varlistentry>
268
 
        <term><option>--sublength
269
 
        <replaceable>BITS</replaceable></option></term>
270
 
        <term><option>-L
271
 
        <replaceable>BITS</replaceable></option></term>
 
278
        <term><literal>-L</literal>, <literal>--sublength
 
279
        <replaceable>bits</replaceable></literal></term>
272
280
        <listitem>
273
281
          <para>
274
 
            Subkey length in bits.  Default is 4096.
 
282
            Subkey length in bits.  Default is 2048.
275
283
          </para>
276
284
        </listitem>
277
285
      </varlistentry>
278
 
      
 
286
 
279
287
      <varlistentry>
280
 
        <term><option>--email
281
 
        <replaceable>ADDRESS</replaceable></option></term>
282
 
        <term><option>-e
283
 
        <replaceable>ADDRESS</replaceable></option></term>
 
288
        <term><literal>-e</literal>, <literal>--email</literal>
 
289
        <replaceable>address</replaceable></term>
284
290
        <listitem>
285
291
          <para>
286
292
            Email address of key.  Default is empty.
287
293
          </para>
288
294
        </listitem>
289
295
      </varlistentry>
290
 
      
 
296
 
291
297
      <varlistentry>
292
 
        <term><option>--comment
293
 
        <replaceable>TEXT</replaceable></option></term>
294
 
        <term><option>-c
295
 
        <replaceable>TEXT</replaceable></option></term>
 
298
        <term><literal>-c</literal>, <literal>--comment</literal>
 
299
        <replaceable>comment</replaceable></term>
296
300
        <listitem>
297
301
          <para>
298
 
            Comment field for key.  Default is empty.
 
302
            Comment field for key.  The default value is
 
303
            <quote><literal>Mandos client key</literal></quote>.
299
304
          </para>
300
305
        </listitem>
301
306
      </varlistentry>
302
 
      
 
307
 
303
308
      <varlistentry>
304
 
        <term><option>--expire
305
 
        <replaceable>TIME</replaceable></option></term>
306
 
        <term><option>-x
307
 
        <replaceable>TIME</replaceable></option></term>
 
309
        <term><literal>-x</literal>, <literal>--expire</literal>
 
310
        <replaceable>time</replaceable></term>
308
311
        <listitem>
309
312
          <para>
310
313
            Key expire time.  Default is no expiration.  See
313
316
          </para>
314
317
        </listitem>
315
318
      </varlistentry>
316
 
      
 
319
 
317
320
      <varlistentry>
318
 
        <term><option>--force</option></term>
319
 
        <term><option>-f</option></term>
 
321
        <term><literal>-f</literal>, <literal>--force</literal></term>
320
322
        <listitem>
321
323
          <para>
322
 
            Force overwriting old key.
 
324
            Force overwriting old keys.
323
325
          </para>
324
326
        </listitem>
325
327
      </varlistentry>
326
328
      <varlistentry>
327
 
        <term><option>--password</option></term>
328
 
        <term><option>-p</option></term>
 
329
        <term><literal>-p</literal>, <literal>--password</literal
 
330
        ></term>
329
331
        <listitem>
330
332
          <para>
331
333
            Prompt for a password and encrypt it with the key already
337
339
            >8</manvolnum></citerefentry>.  The host name or the name
338
340
            specified with the <option>--name</option> option is used
339
341
            for the section header.  All other options are ignored,
340
 
            and no key is created.
341
 
          </para>
342
 
        </listitem>
343
 
      </varlistentry>
344
 
      <varlistentry>
345
 
        <term><option>--passfile
346
 
        <replaceable>FILE</replaceable></option></term>
347
 
        <term><option>-F
348
 
        <replaceable>FILE</replaceable></option></term>
349
 
        <listitem>
350
 
          <para>
351
 
            The same as <option>--password</option>, but read from
352
 
            <replaceable>FILE</replaceable>, not the terminal.
353
 
          </para>
354
 
        </listitem>
355
 
      </varlistentry>
356
 
      <varlistentry>
357
 
        <term><option>--no-ssh</option></term>
358
 
        <term><option>-S</option></term>
359
 
        <listitem>
360
 
          <para>
361
 
            When <option>--password</option> or
362
 
            <option>--passfile</option> is given, this option will
363
 
            prevent <command>&COMMANDNAME;</command> from calling
364
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
365
 
            for this host and, if successful, output suitable config
366
 
            options to use this fingerprint as a
367
 
            <option>checker</option> option in the output.  This is
368
 
            otherwise the default behavior.
 
342
            and no keys are created.
369
343
          </para>
370
344
        </listitem>
371
345
      </varlistentry>
372
346
    </variablelist>
373
347
  </refsect1>
374
 
  
 
348
 
375
349
  <refsect1 id="overview">
376
350
    <title>OVERVIEW</title>
377
351
    <xi:include href="overview.xml"/>
378
352
    <para>
379
353
      This program is a small utility to generate new OpenPGP keys for
380
 
      new Mandos clients, and to generate sections for inclusion in
381
 
      <filename>clients.conf</filename> on the server.
 
354
      new Mandos clients.
382
355
    </para>
383
356
  </refsect1>
384
 
  
 
357
 
385
358
  <refsect1 id="exit_status">
386
359
    <title>EXIT STATUS</title>
387
360
    <para>
388
 
      The exit status will be 0 if a new key (or password, if the
389
 
      <option>--password</option> option was used) was successfully
390
 
      created, otherwise not.
 
361
      The exit status will be 0 if new keys were successfully created,
 
362
      otherwise not.
391
363
    </para>
392
364
  </refsect1>
393
365
  
395
367
    <title>ENVIRONMENT</title>
396
368
    <variablelist>
397
369
      <varlistentry>
398
 
        <term><envar>TMPDIR</envar></term>
 
370
        <term><varname>TMPDIR</varname></term>
399
371
        <listitem>
400
372
          <para>
401
373
            If set, temporary files will be created here. See
407
379
    </variablelist>
408
380
  </refsect1>
409
381
  
410
 
  <refsect1 id="files">
 
382
  <refsect1 id="file">
411
383
    <title>FILES</title>
412
384
    <para>
413
385
      Use the <option>--dir</option> option to change where
434
406
        </listitem>
435
407
      </varlistentry>
436
408
      <varlistentry>
437
 
        <term><filename class="directory">/tmp</filename></term>
 
409
        <term><filename>/tmp</filename></term>
438
410
        <listitem>
439
411
          <para>
440
412
            Temporary files will be written here if
444
416
      </varlistentry>
445
417
    </variablelist>
446
418
  </refsect1>
447
 
  
448
 
<!--   <refsect1 id="bugs"> -->
449
 
<!--     <title>BUGS</title> -->
450
 
<!--     <para> -->
451
 
<!--     </para> -->
452
 
<!--   </refsect1> -->
453
 
  
 
419
 
 
420
  <refsect1 id="bugs">
 
421
    <title>BUGS</title>
 
422
    <para>
 
423
      None are known at this time.
 
424
    </para>
 
425
  </refsect1>
 
426
 
454
427
  <refsect1 id="example">
455
428
    <title>EXAMPLE</title>
456
429
    <informalexample>
463
436
    </informalexample>
464
437
    <informalexample>
465
438
      <para>
466
 
        Create key in another directory and of another type.  Force
 
439
        Create keys in another directory and of another type.  Force
467
440
        overwriting old key files:
468
441
      </para>
469
442
      <para>
473
446
 
474
447
      </para>
475
448
    </informalexample>
476
 
    <informalexample>
477
 
      <para>
478
 
        Prompt for a password, encrypt it with the key in <filename
479
 
        class="directory">/etc/mandos</filename> and output a section
480
 
        suitable for <filename>clients.conf</filename>.
481
 
      </para>
482
 
      <para>
483
 
        <userinput>&COMMANDNAME; --password</userinput>
484
 
      </para>
485
 
    </informalexample>
486
 
    <informalexample>
487
 
      <para>
488
 
        Prompt for a password, encrypt it with the key in the
489
 
        <filename>client-key</filename> directory and output a section
490
 
        suitable for <filename>clients.conf</filename>.
491
 
      </para>
492
 
      <para>
493
 
 
494
 
<!-- do not wrap this line -->
495
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
496
 
 
497
 
      </para>
498
 
    </informalexample>
499
449
  </refsect1>
500
 
  
 
450
 
501
451
  <refsect1 id="security">
502
452
    <title>SECURITY</title>
503
453
    <para>
504
454
      The <option>--type</option>, <option>--length</option>,
505
455
      <option>--subtype</option>, and <option>--sublength</option>
506
 
      options can be used to create keys of low security.  If in
507
 
      doubt, leave them to the default values.
 
456
      options can be used to create keys of insufficient security.  If
 
457
      in doubt, leave them to the default values.
508
458
    </para>
509
459
    <para>
510
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
511
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
460
      The key expire time is not guaranteed to be honored by
 
461
      <citerefentry><refentrytitle>mandos</refentrytitle>
512
462
      <manvolnum>8</manvolnum></citerefentry>.
513
463
    </para>
514
464
  </refsect1>
515
 
  
 
465
 
516
466
  <refsect1 id="see_also">
517
467
    <title>SEE ALSO</title>
518
468
    <para>
519
 
      <citerefentry><refentrytitle>intro</refentrytitle>
520
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
521
469
      <citerefentry><refentrytitle>gpg</refentrytitle>
522
470
      <manvolnum>1</manvolnum></citerefentry>,
523
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
524
 
      <manvolnum>5</manvolnum></citerefentry>,
525
471
      <citerefentry><refentrytitle>mandos</refentrytitle>
526
472
      <manvolnum>8</manvolnum></citerefentry>,
527
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
528
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
529
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
530
 
      <manvolnum>1</manvolnum></citerefentry>
 
473
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
474
      <manvolnum>8mandos</manvolnum></citerefentry>
531
475
    </para>
532
476
  </refsect1>
533
477