/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

merge

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2015-07-20">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-08-29">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
11
    <title>Mandos Manual</title>
13
12
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
19
18
        <firstname>Björn</firstname>
20
19
        <surname>Påhlsson</surname>
21
20
        <address>
22
 
          <email>belorn@recompile.se</email>
 
21
          <email>belorn@fukt.bsnet.se</email>
23
22
        </address>
24
23
      </author>
25
24
      <author>
26
25
        <firstname>Teddy</firstname>
27
26
        <surname>Hogeborn</surname>
28
27
        <address>
29
 
          <email>teddy@recompile.se</email>
 
28
          <email>teddy@fukt.bsnet.se</email>
30
29
        </address>
31
30
      </author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
34
      <holder>Teddy Hogeborn</holder>
43
35
      <holder>Björn Påhlsson</holder>
44
36
    </copyright>
45
 
    <xi:include href="legalnotice.xml"/>
 
37
    <legalnotice>
 
38
      <para>
 
39
        This manual page is free software: you can redistribute it
 
40
        and/or modify it under the terms of the GNU General Public
 
41
        License as published by the Free Software Foundation,
 
42
        either version 3 of the License, or (at your option) any
 
43
        later version.
 
44
      </para>
 
45
 
 
46
      <para>
 
47
        This manual page is distributed in the hope that it will
 
48
        be useful, but WITHOUT ANY WARRANTY; without even the
 
49
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
50
        PARTICULAR PURPOSE.  See the GNU General Public License
 
51
        for more details.
 
52
      </para>
 
53
 
 
54
      <para>
 
55
        You should have received a copy of the GNU General Public
 
56
        License along with this program; If not, see
 
57
        <ulink url="http://www.gnu.org/licenses/"/>.
 
58
      </para>
 
59
    </legalnotice>
46
60
  </refentryinfo>
47
 
  
 
61
 
48
62
  <refmeta>
49
63
    <refentrytitle>&COMMANDNAME;</refentrytitle>
50
64
    <manvolnum>8</manvolnum>
53
67
  <refnamediv>
54
68
    <refname><command>&COMMANDNAME;</command></refname>
55
69
    <refpurpose>
56
 
      Generate key and password for Mandos client and server.
 
70
      Generate keys for <citerefentry><refentrytitle>password-request
 
71
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
57
72
    </refpurpose>
58
73
  </refnamediv>
59
 
  
 
74
 
60
75
  <refsynopsisdiv>
61
76
    <cmdsynopsis>
62
77
      <command>&COMMANDNAME;</command>
63
 
      <group>
64
 
        <arg choice="plain"><option>--dir
65
 
        <replaceable>DIRECTORY</replaceable></option></arg>
66
 
        <arg choice="plain"><option>-d
67
 
        <replaceable>DIRECTORY</replaceable></option></arg>
68
 
      </group>
69
 
      <sbr/>
70
 
      <group>
71
 
        <arg choice="plain"><option>--type
72
 
        <replaceable>KEYTYPE</replaceable></option></arg>
73
 
        <arg choice="plain"><option>-t
74
 
        <replaceable>KEYTYPE</replaceable></option></arg>
75
 
      </group>
76
 
      <sbr/>
77
 
      <group>
78
 
        <arg choice="plain"><option>--length
79
 
        <replaceable>BITS</replaceable></option></arg>
80
 
        <arg choice="plain"><option>-l
81
 
        <replaceable>BITS</replaceable></option></arg>
82
 
      </group>
83
 
      <sbr/>
84
 
      <group>
85
 
        <arg choice="plain"><option>--subtype
86
 
        <replaceable>KEYTYPE</replaceable></option></arg>
87
 
        <arg choice="plain"><option>-s
88
 
        <replaceable>KEYTYPE</replaceable></option></arg>
89
 
      </group>
90
 
      <sbr/>
91
 
      <group>
92
 
        <arg choice="plain"><option>--sublength
93
 
        <replaceable>BITS</replaceable></option></arg>
94
 
        <arg choice="plain"><option>-L
95
 
        <replaceable>BITS</replaceable></option></arg>
96
 
      </group>
97
 
      <sbr/>
98
 
      <group>
99
 
        <arg choice="plain"><option>--name
100
 
        <replaceable>NAME</replaceable></option></arg>
101
 
        <arg choice="plain"><option>-n
102
 
        <replaceable>NAME</replaceable></option></arg>
103
 
      </group>
104
 
      <sbr/>
105
 
      <group>
106
 
        <arg choice="plain"><option>--email
107
 
        <replaceable>ADDRESS</replaceable></option></arg>
108
 
        <arg choice="plain"><option>-e
109
 
        <replaceable>ADDRESS</replaceable></option></arg>
110
 
      </group>
111
 
      <sbr/>
112
 
      <group>
113
 
        <arg choice="plain"><option>--comment
114
 
        <replaceable>TEXT</replaceable></option></arg>
115
 
        <arg choice="plain"><option>-c
116
 
        <replaceable>TEXT</replaceable></option></arg>
117
 
      </group>
118
 
      <sbr/>
119
 
      <group>
120
 
        <arg choice="plain"><option>--expire
121
 
        <replaceable>TIME</replaceable></option></arg>
122
 
        <arg choice="plain"><option>-x
123
 
        <replaceable>TIME</replaceable></option></arg>
124
 
      </group>
125
 
      <sbr/>
126
 
      <group>
 
78
      <group choice="opt">
 
79
        <arg choice="plain"><option>--dir</option>
 
80
        <replaceable>directory</replaceable></arg>
 
81
      </group>
 
82
      <group choice="opt">
 
83
        <arg choice="plain"><option>--type</option>
 
84
        <replaceable>type</replaceable></arg>
 
85
      </group>
 
86
      <group choice="opt">
 
87
        <arg choice="plain"><option>--length</option>
 
88
        <replaceable>bits</replaceable></arg>
 
89
      </group>
 
90
      <group choice="opt">
 
91
        <arg choice="plain"><option>--subtype</option>
 
92
        <replaceable>type</replaceable></arg>
 
93
      </group>
 
94
      <group choice="opt">
 
95
        <arg choice="plain"><option>--sublength</option>
 
96
        <replaceable>bits</replaceable></arg>
 
97
      </group>
 
98
      <group choice="opt">
 
99
        <arg choice="plain"><option>--name</option>
 
100
        <replaceable>NAME</replaceable></arg>
 
101
      </group>
 
102
      <group choice="opt">
 
103
        <arg choice="plain"><option>--email</option>
 
104
        <replaceable>EMAIL</replaceable></arg>
 
105
      </group>
 
106
      <group choice="opt">
 
107
        <arg choice="plain"><option>--comment</option>
 
108
        <replaceable>COMMENT</replaceable></arg>
 
109
      </group>
 
110
      <group choice="opt">
 
111
        <arg choice="plain"><option>--expire</option>
 
112
        <replaceable>TIME</replaceable></arg>
 
113
      </group>
 
114
      <group choice="opt">
127
115
        <arg choice="plain"><option>--force</option></arg>
 
116
      </group>
 
117
    </cmdsynopsis>
 
118
    <cmdsynopsis>
 
119
      <command>&COMMANDNAME;</command>
 
120
      <group choice="opt">
 
121
        <arg choice="plain"><option>-d</option>
 
122
        <replaceable>directory</replaceable></arg>
 
123
      </group>
 
124
      <group choice="opt">
 
125
        <arg choice="plain"><option>-t</option>
 
126
        <replaceable>type</replaceable></arg>
 
127
      </group>
 
128
      <group choice="opt">
 
129
        <arg choice="plain"><option>-l</option>
 
130
        <replaceable>bits</replaceable></arg>
 
131
      </group>
 
132
      <group choice="opt">
 
133
        <arg choice="plain"><option>-s</option>
 
134
        <replaceable>type</replaceable></arg>
 
135
      </group>
 
136
      <group choice="opt">
 
137
        <arg choice="plain"><option>-L</option>
 
138
        <replaceable>bits</replaceable></arg>
 
139
      </group>
 
140
      <group choice="opt">
 
141
        <arg choice="plain"><option>-n</option>
 
142
        <replaceable>NAME</replaceable></arg>
 
143
      </group>
 
144
      <group choice="opt">
 
145
        <arg choice="plain"><option>-e</option>
 
146
        <replaceable>EMAIL</replaceable></arg>
 
147
      </group>
 
148
      <group choice="opt">
 
149
        <arg choice="plain"><option>-c</option>
 
150
        <replaceable>COMMENT</replaceable></arg>
 
151
      </group>
 
152
      <group choice="opt">
 
153
        <arg choice="plain"><option>-x</option>
 
154
        <replaceable>TIME</replaceable></arg>
 
155
      </group>
 
156
      <group choice="opt">
128
157
        <arg choice="plain"><option>-f</option></arg>
129
158
      </group>
130
159
    </cmdsynopsis>
131
160
    <cmdsynopsis>
132
161
      <command>&COMMANDNAME;</command>
133
162
      <group choice="req">
 
163
        <arg choice="plain"><option>-p</option></arg>
134
164
        <arg choice="plain"><option>--password</option></arg>
135
 
        <arg choice="plain"><option>-p</option></arg>
136
 
        <arg choice="plain"><option>--passfile
137
 
        <replaceable>FILE</replaceable></option></arg>
138
 
        <arg choice="plain"><option>-F</option>
139
 
        <replaceable>FILE</replaceable></arg>
140
 
      </group>
141
 
      <sbr/>
142
 
      <group>
143
 
        <arg choice="plain"><option>--dir
144
 
        <replaceable>DIRECTORY</replaceable></option></arg>
145
 
        <arg choice="plain"><option>-d
146
 
        <replaceable>DIRECTORY</replaceable></option></arg>
147
 
      </group>
148
 
      <sbr/>
149
 
      <group>
150
 
        <arg choice="plain"><option>--name
151
 
        <replaceable>NAME</replaceable></option></arg>
152
 
        <arg choice="plain"><option>-n
153
 
        <replaceable>NAME</replaceable></option></arg>
154
 
      </group>
155
 
      <group>
156
 
        <arg choice="plain"><option>--no-ssh</option></arg>
157
 
        <arg choice="plain"><option>-S</option></arg>
 
165
      </group>
 
166
      <group choice="opt">
 
167
        <arg choice="plain"><option>--dir</option>
 
168
        <replaceable>directory</replaceable></arg>
 
169
      </group>
 
170
      <group choice="opt">
 
171
        <arg choice="plain"><option>--name</option>
 
172
        <replaceable>NAME</replaceable></arg>
158
173
      </group>
159
174
    </cmdsynopsis>
160
175
    <cmdsynopsis>
161
176
      <command>&COMMANDNAME;</command>
162
177
      <group choice="req">
 
178
        <arg choice="plain"><option>-h</option></arg>
163
179
        <arg choice="plain"><option>--help</option></arg>
164
 
        <arg choice="plain"><option>-h</option></arg>
165
180
      </group>
166
181
    </cmdsynopsis>
167
182
    <cmdsynopsis>
168
183
      <command>&COMMANDNAME;</command>
169
184
      <group choice="req">
 
185
        <arg choice="plain"><option>-v</option></arg>
170
186
        <arg choice="plain"><option>--version</option></arg>
171
 
        <arg choice="plain"><option>-v</option></arg>
172
187
      </group>
173
188
    </cmdsynopsis>
174
189
  </refsynopsisdiv>
175
 
  
 
190
 
176
191
  <refsect1 id="description">
177
192
    <title>DESCRIPTION</title>
178
193
    <para>
179
194
      <command>&COMMANDNAME;</command> is a program to generate the
180
 
      OpenPGP key used by
181
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
182
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
195
      OpenPGP keys used by
 
196
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
197
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
183
198
      normally written to /etc/mandos for later installation into the
184
 
      initrd image, but this, and most other things, can be changed
185
 
      with command line options.
 
199
      initrd image, but this, like most things, can be changed with
 
200
      command line options.
186
201
    </para>
187
202
    <para>
188
 
      This program can also be used with the
189
 
      <option>--password</option> or <option>--passfile</option>
190
 
      options to generate a ready-made section for
191
 
      <filename>clients.conf</filename> (see
 
203
      It can also be used to generate ready-made sections for
192
204
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
193
 
      <manvolnum>5</manvolnum></citerefentry>).
 
205
      <manvolnum>5</manvolnum></citerefentry> using the
 
206
      <option>--password</option> option.
194
207
    </para>
195
208
  </refsect1>
196
209
  
197
210
  <refsect1 id="purpose">
198
211
    <title>PURPOSE</title>
 
212
 
199
213
    <para>
200
214
      The purpose of this is to enable <emphasis>remote and unattended
201
215
      rebooting</emphasis> of client host computer with an
202
216
      <emphasis>encrypted root file system</emphasis>.  See <xref
203
217
      linkend="overview"/> for details.
204
218
    </para>
 
219
 
205
220
  </refsect1>
206
221
  
207
222
  <refsect1 id="options">
208
223
    <title>OPTIONS</title>
209
 
    
 
224
 
210
225
    <variablelist>
211
226
      <varlistentry>
212
 
        <term><option>--help</option></term>
213
 
        <term><option>-h</option></term>
 
227
        <term><literal>-h</literal>, <literal>--help</literal></term>
214
228
        <listitem>
215
229
          <para>
216
230
            Show a help message and exit
217
231
          </para>
218
232
        </listitem>
219
233
      </varlistentry>
220
 
      
 
234
 
221
235
      <varlistentry>
222
 
        <term><option>--dir
223
 
        <replaceable>DIRECTORY</replaceable></option></term>
224
 
        <term><option>-d
225
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
236
        <term><literal>-d</literal>, <literal>--dir
 
237
        <replaceable>directory</replaceable></literal></term>
226
238
        <listitem>
227
239
          <para>
228
240
            Target directory for key files.  Default is
229
 
            <filename class="directory">/etc/mandos</filename>.
230
 
          </para>
231
 
        </listitem>
232
 
      </varlistentry>
233
 
      
234
 
      <varlistentry>
235
 
        <term><option>--type
236
 
        <replaceable>TYPE</replaceable></option></term>
237
 
        <term><option>-t
238
 
        <replaceable>TYPE</replaceable></option></term>
239
 
        <listitem>
240
 
          <para>
241
 
            Key type.  Default is <quote>RSA</quote>.
242
 
          </para>
243
 
        </listitem>
244
 
      </varlistentry>
245
 
      
246
 
      <varlistentry>
247
 
        <term><option>--length
248
 
        <replaceable>BITS</replaceable></option></term>
249
 
        <term><option>-l
250
 
        <replaceable>BITS</replaceable></option></term>
251
 
        <listitem>
252
 
          <para>
253
 
            Key length in bits.  Default is 4096.
254
 
          </para>
255
 
        </listitem>
256
 
      </varlistentry>
257
 
      
258
 
      <varlistentry>
259
 
        <term><option>--subtype
260
 
        <replaceable>KEYTYPE</replaceable></option></term>
261
 
        <term><option>-s
262
 
        <replaceable>KEYTYPE</replaceable></option></term>
263
 
        <listitem>
264
 
          <para>
265
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
241
            <filename>/etc/mandos</filename>.
 
242
          </para>
 
243
        </listitem>
 
244
      </varlistentry>
 
245
 
 
246
      <varlistentry>
 
247
        <term><literal>-t</literal>, <literal>--type
 
248
        <replaceable>type</replaceable></literal></term>
 
249
        <listitem>
 
250
          <para>
 
251
            Key type.  Default is <quote>DSA</quote>.
 
252
          </para>
 
253
        </listitem>
 
254
      </varlistentry>
 
255
 
 
256
      <varlistentry>
 
257
        <term><literal>-l</literal>, <literal>--length
 
258
        <replaceable>bits</replaceable></literal></term>
 
259
        <listitem>
 
260
          <para>
 
261
            Key length in bits.  Default is 2048.
 
262
          </para>
 
263
        </listitem>
 
264
      </varlistentry>
 
265
 
 
266
      <varlistentry>
 
267
        <term><literal>-s</literal>, <literal>--subtype
 
268
        <replaceable>type</replaceable></literal></term>
 
269
        <listitem>
 
270
          <para>
 
271
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
266
272
            encryption-only).
267
273
          </para>
268
274
        </listitem>
269
275
      </varlistentry>
270
 
      
 
276
 
271
277
      <varlistentry>
272
 
        <term><option>--sublength
273
 
        <replaceable>BITS</replaceable></option></term>
274
 
        <term><option>-L
275
 
        <replaceable>BITS</replaceable></option></term>
 
278
        <term><literal>-L</literal>, <literal>--sublength
 
279
        <replaceable>bits</replaceable></literal></term>
276
280
        <listitem>
277
281
          <para>
278
 
            Subkey length in bits.  Default is 4096.
 
282
            Subkey length in bits.  Default is 2048.
279
283
          </para>
280
284
        </listitem>
281
285
      </varlistentry>
282
 
      
 
286
 
283
287
      <varlistentry>
284
 
        <term><option>--email
285
 
        <replaceable>ADDRESS</replaceable></option></term>
286
 
        <term><option>-e
287
 
        <replaceable>ADDRESS</replaceable></option></term>
 
288
        <term><literal>-e</literal>, <literal>--email</literal>
 
289
        <replaceable>address</replaceable></term>
288
290
        <listitem>
289
291
          <para>
290
292
            Email address of key.  Default is empty.
291
293
          </para>
292
294
        </listitem>
293
295
      </varlistentry>
294
 
      
 
296
 
295
297
      <varlistentry>
296
 
        <term><option>--comment
297
 
        <replaceable>TEXT</replaceable></option></term>
298
 
        <term><option>-c
299
 
        <replaceable>TEXT</replaceable></option></term>
 
298
        <term><literal>-c</literal>, <literal>--comment</literal>
 
299
        <replaceable>comment</replaceable></term>
300
300
        <listitem>
301
301
          <para>
302
 
            Comment field for key.  Default is empty.
 
302
            Comment field for key.  The default value is
 
303
            <quote><literal>Mandos client key</literal></quote>.
303
304
          </para>
304
305
        </listitem>
305
306
      </varlistentry>
306
 
      
 
307
 
307
308
      <varlistentry>
308
 
        <term><option>--expire
309
 
        <replaceable>TIME</replaceable></option></term>
310
 
        <term><option>-x
311
 
        <replaceable>TIME</replaceable></option></term>
 
309
        <term><literal>-x</literal>, <literal>--expire</literal>
 
310
        <replaceable>time</replaceable></term>
312
311
        <listitem>
313
312
          <para>
314
313
            Key expire time.  Default is no expiration.  See
317
316
          </para>
318
317
        </listitem>
319
318
      </varlistentry>
320
 
      
 
319
 
321
320
      <varlistentry>
322
 
        <term><option>--force</option></term>
323
 
        <term><option>-f</option></term>
 
321
        <term><literal>-f</literal>, <literal>--force</literal></term>
324
322
        <listitem>
325
323
          <para>
326
 
            Force overwriting old key.
 
324
            Force overwriting old keys.
327
325
          </para>
328
326
        </listitem>
329
327
      </varlistentry>
330
328
      <varlistentry>
331
 
        <term><option>--password</option></term>
332
 
        <term><option>-p</option></term>
 
329
        <term><literal>-p</literal>, <literal>--password</literal
 
330
        ></term>
333
331
        <listitem>
334
332
          <para>
335
333
            Prompt for a password and encrypt it with the key already
341
339
            >8</manvolnum></citerefentry>.  The host name or the name
342
340
            specified with the <option>--name</option> option is used
343
341
            for the section header.  All other options are ignored,
344
 
            and no key is created.
345
 
          </para>
346
 
        </listitem>
347
 
      </varlistentry>
348
 
      <varlistentry>
349
 
        <term><option>--passfile
350
 
        <replaceable>FILE</replaceable></option></term>
351
 
        <term><option>-F
352
 
        <replaceable>FILE</replaceable></option></term>
353
 
        <listitem>
354
 
          <para>
355
 
            The same as <option>--password</option>, but read from
356
 
            <replaceable>FILE</replaceable>, not the terminal.
357
 
          </para>
358
 
        </listitem>
359
 
      </varlistentry>
360
 
      <varlistentry>
361
 
        <term><option>--no-ssh</option></term>
362
 
        <term><option>-S</option></term>
363
 
        <listitem>
364
 
          <para>
365
 
            When <option>--password</option> or
366
 
            <option>--passfile</option> is given, this option will
367
 
            prevent <command>&COMMANDNAME;</command> from calling
368
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
369
 
            for this host and, if successful, output suitable config
370
 
            options to use this fingerprint as a
371
 
            <option>checker</option> option in the output.  This is
372
 
            otherwise the default behavior.
 
342
            and no keys are created.
373
343
          </para>
374
344
        </listitem>
375
345
      </varlistentry>
376
346
    </variablelist>
377
347
  </refsect1>
378
 
  
 
348
 
379
349
  <refsect1 id="overview">
380
350
    <title>OVERVIEW</title>
381
351
    <xi:include href="overview.xml"/>
382
352
    <para>
383
353
      This program is a small utility to generate new OpenPGP keys for
384
 
      new Mandos clients, and to generate sections for inclusion in
385
 
      <filename>clients.conf</filename> on the server.
 
354
      new Mandos clients.
386
355
    </para>
387
356
  </refsect1>
388
 
  
 
357
 
389
358
  <refsect1 id="exit_status">
390
359
    <title>EXIT STATUS</title>
391
360
    <para>
392
 
      The exit status will be 0 if a new key (or password, if the
393
 
      <option>--password</option> option was used) was successfully
394
 
      created, otherwise not.
 
361
      The exit status will be 0 if new keys were successfully created,
 
362
      otherwise not.
395
363
    </para>
396
364
  </refsect1>
397
365
  
399
367
    <title>ENVIRONMENT</title>
400
368
    <variablelist>
401
369
      <varlistentry>
402
 
        <term><envar>TMPDIR</envar></term>
 
370
        <term><varname>TMPDIR</varname></term>
403
371
        <listitem>
404
372
          <para>
405
373
            If set, temporary files will be created here. See
411
379
    </variablelist>
412
380
  </refsect1>
413
381
  
414
 
  <refsect1 id="files">
 
382
  <refsect1 id="file">
415
383
    <title>FILES</title>
416
384
    <para>
417
385
      Use the <option>--dir</option> option to change where
438
406
        </listitem>
439
407
      </varlistentry>
440
408
      <varlistentry>
441
 
        <term><filename class="directory">/tmp</filename></term>
 
409
        <term><filename>/tmp</filename></term>
442
410
        <listitem>
443
411
          <para>
444
412
            Temporary files will be written here if
448
416
      </varlistentry>
449
417
    </variablelist>
450
418
  </refsect1>
451
 
  
452
 
<!--   <refsect1 id="bugs"> -->
453
 
<!--     <title>BUGS</title> -->
454
 
<!--     <para> -->
455
 
<!--     </para> -->
456
 
<!--   </refsect1> -->
457
 
  
 
419
 
 
420
  <refsect1 id="bugs">
 
421
    <title>BUGS</title>
 
422
    <para>
 
423
      None are known at this time.
 
424
    </para>
 
425
  </refsect1>
 
426
 
458
427
  <refsect1 id="example">
459
428
    <title>EXAMPLE</title>
460
429
    <informalexample>
467
436
    </informalexample>
468
437
    <informalexample>
469
438
      <para>
470
 
        Create key in another directory and of another type.  Force
 
439
        Create keys in another directory and of another type.  Force
471
440
        overwriting old key files:
472
441
      </para>
473
442
      <para>
477
446
 
478
447
      </para>
479
448
    </informalexample>
480
 
    <informalexample>
481
 
      <para>
482
 
        Prompt for a password, encrypt it with the key in <filename
483
 
        class="directory">/etc/mandos</filename> and output a section
484
 
        suitable for <filename>clients.conf</filename>.
485
 
      </para>
486
 
      <para>
487
 
        <userinput>&COMMANDNAME; --password</userinput>
488
 
      </para>
489
 
    </informalexample>
490
 
    <informalexample>
491
 
      <para>
492
 
        Prompt for a password, encrypt it with the key in the
493
 
        <filename>client-key</filename> directory and output a section
494
 
        suitable for <filename>clients.conf</filename>.
495
 
      </para>
496
 
      <para>
497
 
 
498
 
<!-- do not wrap this line -->
499
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
500
 
 
501
 
      </para>
502
 
    </informalexample>
503
449
  </refsect1>
504
 
  
 
450
 
505
451
  <refsect1 id="security">
506
452
    <title>SECURITY</title>
507
453
    <para>
508
454
      The <option>--type</option>, <option>--length</option>,
509
455
      <option>--subtype</option>, and <option>--sublength</option>
510
 
      options can be used to create keys of low security.  If in
511
 
      doubt, leave them to the default values.
 
456
      options can be used to create keys of insufficient security.  If
 
457
      in doubt, leave them to the default values.
512
458
    </para>
513
459
    <para>
514
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
515
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
460
      The key expire time is not guaranteed to be honored by
 
461
      <citerefentry><refentrytitle>mandos</refentrytitle>
516
462
      <manvolnum>8</manvolnum></citerefentry>.
517
463
    </para>
518
464
  </refsect1>
519
 
  
 
465
 
520
466
  <refsect1 id="see_also">
521
467
    <title>SEE ALSO</title>
522
468
    <para>
523
 
      <citerefentry><refentrytitle>intro</refentrytitle>
524
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
525
469
      <citerefentry><refentrytitle>gpg</refentrytitle>
526
470
      <manvolnum>1</manvolnum></citerefentry>,
527
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
528
 
      <manvolnum>5</manvolnum></citerefentry>,
529
471
      <citerefentry><refentrytitle>mandos</refentrytitle>
530
472
      <manvolnum>8</manvolnum></citerefentry>,
531
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
532
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
533
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
534
 
      <manvolnum>1</manvolnum></citerefentry>
 
473
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
474
      <manvolnum>8mandos</manvolnum></citerefentry>
535
475
    </para>
536
476
  </refsect1>
537
477