/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2013-10-20 19:13:09 UTC
  • Revision ID: teddy@recompile.se-20131020191309-7tyca3oo0zqxn45s
* mandos-keygen: Bug fix: Specify key usage to avoid creating keys
                 with key usage flags which GnuTLS does not like.
                 Also fix --help output documentation about default
                 subkey type.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos-keygen">
 
5
<!ENTITY TIMESTAMP "2013-08-27">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
6
8
]>
7
9
 
8
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
9
11
  <refentryinfo>
10
 
    <title>&COMMANDNAME;</title>
11
 
    <!-- NWalsh's docbook scripts use this to generate the footer: -->
12
 
    <productname>&COMMANDNAME;</productname>
13
 
    <productnumber>&VERSION;</productnumber>
 
12
    <title>Mandos Manual</title>
 
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
 
14
    <productname>Mandos</productname>
 
15
    <productnumber>&version;</productnumber>
 
16
    <date>&TIMESTAMP;</date>
14
17
    <authorgroup>
15
18
      <author>
16
19
        <firstname>Björn</firstname>
17
20
        <surname>Påhlsson</surname>
18
21
        <address>
19
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
20
23
        </address>
21
24
      </author>
22
25
      <author>
23
26
        <firstname>Teddy</firstname>
24
27
        <surname>Hogeborn</surname>
25
28
        <address>
26
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
27
30
        </address>
28
31
      </author>
29
32
    </authorgroup>
30
33
    <copyright>
31
34
      <year>2008</year>
32
 
      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
 
35
      <year>2009</year>
 
36
      <year>2011</year>
 
37
      <year>2012</year>
 
38
      <holder>Teddy Hogeborn</holder>
 
39
      <holder>Björn Påhlsson</holder>
33
40
    </copyright>
34
 
    <legalnotice>
35
 
      <para>
36
 
        This manual page is free software: you can redistribute it
37
 
        and/or modify it under the terms of the GNU General Public
38
 
        License as published by the Free Software Foundation,
39
 
        either version 3 of the License, or (at your option) any
40
 
        later version.
41
 
      </para>
42
 
 
43
 
      <para>
44
 
        This manual page is distributed in the hope that it will
45
 
        be useful, but WITHOUT ANY WARRANTY; without even the
46
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
47
 
        PARTICULAR PURPOSE.  See the GNU General Public License
48
 
        for more details.
49
 
      </para>
50
 
 
51
 
      <para>
52
 
        You should have received a copy of the GNU General Public
53
 
        License along with this program; If not, see
54
 
        <ulink url="http://www.gnu.org/licenses/"/>.
55
 
      </para>
56
 
    </legalnotice>
 
41
    <xi:include href="legalnotice.xml"/>
57
42
  </refentryinfo>
58
 
 
 
43
  
59
44
  <refmeta>
60
45
    <refentrytitle>&COMMANDNAME;</refentrytitle>
61
46
    <manvolnum>8</manvolnum>
64
49
  <refnamediv>
65
50
    <refname><command>&COMMANDNAME;</command></refname>
66
51
    <refpurpose>
67
 
      Generate keys for <citerefentry><refentrytitle>password-request
68
 
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
 
52
      Generate key and password for Mandos client and server.
69
53
    </refpurpose>
70
54
  </refnamediv>
71
 
 
 
55
  
72
56
  <refsynopsisdiv>
73
57
    <cmdsynopsis>
74
58
      <command>&COMMANDNAME;</command>
75
 
      <group choice="opt">
76
 
        <arg choice="plain"><option>--dir</option>
77
 
        <replaceable>directory</replaceable></arg>
78
 
      </group>
79
 
      <group choice="opt">
80
 
        <arg choice="plain"><option>--type</option>
81
 
        <replaceable>type</replaceable></arg>
82
 
      </group>
83
 
      <group choice="opt">
84
 
        <arg choice="plain"><option>--length</option>
85
 
        <replaceable>bits</replaceable></arg>
86
 
      </group>
87
 
      <group choice="opt">
88
 
        <arg choice="plain"><option>--name</option>
89
 
        <replaceable>NAME</replaceable></arg>
90
 
      </group>
91
 
      <group choice="opt">
92
 
        <arg choice="plain"><option>--email</option>
93
 
        <replaceable>EMAIL</replaceable></arg>
94
 
      </group>
95
 
      <group choice="opt">
96
 
        <arg choice="plain"><option>--comment</option>
97
 
        <replaceable>COMMENT</replaceable></arg>
98
 
      </group>
99
 
      <group choice="opt">
100
 
        <arg choice="plain"><option>--expire</option>
101
 
        <replaceable>TIME</replaceable></arg>
102
 
      </group>
103
 
      <group choice="opt">
104
 
        <arg choice="plain"><option>--force</option></arg>
105
 
      </group>
106
 
    </cmdsynopsis>
107
 
    <cmdsynopsis>
108
 
      <command>&COMMANDNAME;</command>
109
 
      <group choice="opt">
110
 
        <arg choice="plain"><option>-d</option>
111
 
        <replaceable>directory</replaceable></arg>
112
 
      </group>
113
 
      <group choice="opt">
114
 
        <arg choice="plain"><option>-t</option>
115
 
        <replaceable>type</replaceable></arg>
116
 
      </group>
117
 
      <group choice="opt">
118
 
        <arg choice="plain"><option>-l</option>
119
 
        <replaceable>bits</replaceable></arg>
120
 
      </group>
121
 
      <group choice="opt">
122
 
        <arg choice="plain"><option>-n</option>
123
 
        <replaceable>NAME</replaceable></arg>
124
 
      </group>
125
 
      <group choice="opt">
126
 
        <arg choice="plain"><option>-e</option>
127
 
        <replaceable>EMAIL</replaceable></arg>
128
 
      </group>
129
 
      <group choice="opt">
130
 
        <arg choice="plain"><option>-c</option>
131
 
        <replaceable>COMMENT</replaceable></arg>
132
 
      </group>
133
 
      <group choice="opt">
134
 
        <arg choice="plain"><option>-x</option>
135
 
        <replaceable>TIME</replaceable></arg>
136
 
      </group>
137
 
      <group choice="opt">
138
 
        <arg choice="plain"><option>-f</option></arg>
139
 
      </group>
140
 
    </cmdsynopsis>
141
 
    <cmdsynopsis>
142
 
      <command>&COMMANDNAME;</command>
143
 
      <group choice="req">
144
 
        <arg choice='plain'><option>-h</option></arg>
145
 
        <arg choice='plain'><option>--help</option></arg>
146
 
      </group>
147
 
    </cmdsynopsis>
148
 
    <cmdsynopsis>
149
 
      <command>&COMMANDNAME;</command>
150
 
      <group choice="req">
151
 
        <arg choice='plain'><option>-v</option></arg>
152
 
        <arg choice='plain'><option>--version</option></arg>
 
59
      <group>
 
60
        <arg choice="plain"><option>--dir
 
61
        <replaceable>DIRECTORY</replaceable></option></arg>
 
62
        <arg choice="plain"><option>-d
 
63
        <replaceable>DIRECTORY</replaceable></option></arg>
 
64
      </group>
 
65
      <sbr/>
 
66
      <group>
 
67
        <arg choice="plain"><option>--type
 
68
        <replaceable>KEYTYPE</replaceable></option></arg>
 
69
        <arg choice="plain"><option>-t
 
70
        <replaceable>KEYTYPE</replaceable></option></arg>
 
71
      </group>
 
72
      <sbr/>
 
73
      <group>
 
74
        <arg choice="plain"><option>--length
 
75
        <replaceable>BITS</replaceable></option></arg>
 
76
        <arg choice="plain"><option>-l
 
77
        <replaceable>BITS</replaceable></option></arg>
 
78
      </group>
 
79
      <sbr/>
 
80
      <group>
 
81
        <arg choice="plain"><option>--subtype
 
82
        <replaceable>KEYTYPE</replaceable></option></arg>
 
83
        <arg choice="plain"><option>-s
 
84
        <replaceable>KEYTYPE</replaceable></option></arg>
 
85
      </group>
 
86
      <sbr/>
 
87
      <group>
 
88
        <arg choice="plain"><option>--sublength
 
89
        <replaceable>BITS</replaceable></option></arg>
 
90
        <arg choice="plain"><option>-L
 
91
        <replaceable>BITS</replaceable></option></arg>
 
92
      </group>
 
93
      <sbr/>
 
94
      <group>
 
95
        <arg choice="plain"><option>--name
 
96
        <replaceable>NAME</replaceable></option></arg>
 
97
        <arg choice="plain"><option>-n
 
98
        <replaceable>NAME</replaceable></option></arg>
 
99
      </group>
 
100
      <sbr/>
 
101
      <group>
 
102
        <arg choice="plain"><option>--email
 
103
        <replaceable>ADDRESS</replaceable></option></arg>
 
104
        <arg choice="plain"><option>-e
 
105
        <replaceable>ADDRESS</replaceable></option></arg>
 
106
      </group>
 
107
      <sbr/>
 
108
      <group>
 
109
        <arg choice="plain"><option>--comment
 
110
        <replaceable>TEXT</replaceable></option></arg>
 
111
        <arg choice="plain"><option>-c
 
112
        <replaceable>TEXT</replaceable></option></arg>
 
113
      </group>
 
114
      <sbr/>
 
115
      <group>
 
116
        <arg choice="plain"><option>--expire
 
117
        <replaceable>TIME</replaceable></option></arg>
 
118
        <arg choice="plain"><option>-x
 
119
        <replaceable>TIME</replaceable></option></arg>
 
120
      </group>
 
121
      <sbr/>
 
122
      <arg><option>--force</option></arg>
 
123
    </cmdsynopsis>
 
124
    <cmdsynopsis>
 
125
      <command>&COMMANDNAME;</command>
 
126
      <group choice="req">
 
127
        <arg choice="plain"><option>--password</option></arg>
 
128
        <arg choice="plain"><option>-p</option></arg>
 
129
        <arg choice="plain"><option>--passfile
 
130
        <replaceable>FILE</replaceable></option></arg>
 
131
        <arg choice="plain"><option>-F</option>
 
132
        <replaceable>FILE</replaceable></arg>
 
133
      </group>
 
134
      <sbr/>
 
135
      <group>
 
136
        <arg choice="plain"><option>--dir
 
137
        <replaceable>DIRECTORY</replaceable></option></arg>
 
138
        <arg choice="plain"><option>-d
 
139
        <replaceable>DIRECTORY</replaceable></option></arg>
 
140
      </group>
 
141
      <sbr/>
 
142
      <group>
 
143
        <arg choice="plain"><option>--name
 
144
        <replaceable>NAME</replaceable></option></arg>
 
145
        <arg choice="plain"><option>-n
 
146
        <replaceable>NAME</replaceable></option></arg>
 
147
      </group>
 
148
    </cmdsynopsis>
 
149
    <cmdsynopsis>
 
150
      <command>&COMMANDNAME;</command>
 
151
      <group choice="req">
 
152
        <arg choice="plain"><option>--help</option></arg>
 
153
        <arg choice="plain"><option>-h</option></arg>
 
154
      </group>
 
155
    </cmdsynopsis>
 
156
    <cmdsynopsis>
 
157
      <command>&COMMANDNAME;</command>
 
158
      <group choice="req">
 
159
        <arg choice="plain"><option>--version</option></arg>
 
160
        <arg choice="plain"><option>-v</option></arg>
153
161
      </group>
154
162
    </cmdsynopsis>
155
163
  </refsynopsisdiv>
156
 
 
 
164
  
157
165
  <refsect1 id="description">
158
166
    <title>DESCRIPTION</title>
159
167
    <para>
160
168
      <command>&COMMANDNAME;</command> is a program to generate the
161
 
      OpenPGP keys used by
162
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
163
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
 
169
      OpenPGP key used by
 
170
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
171
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
164
172
      normally written to /etc/mandos for later installation into the
165
 
      initrd image, but this, like most things, can be changed with
166
 
      command line options.
 
173
      initrd image, but this, and most other things, can be changed
 
174
      with command line options.
 
175
    </para>
 
176
    <para>
 
177
      This program can also be used with the
 
178
      <option>--password</option> or <option>--passfile</option>
 
179
      options to generate a ready-made section for
 
180
      <filename>clients.conf</filename> (see
 
181
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
182
      <manvolnum>5</manvolnum></citerefentry>).
167
183
    </para>
168
184
  </refsect1>
169
185
  
170
186
  <refsect1 id="purpose">
171
187
    <title>PURPOSE</title>
172
 
 
173
188
    <para>
174
189
      The purpose of this is to enable <emphasis>remote and unattended
175
190
      rebooting</emphasis> of client host computer with an
176
191
      <emphasis>encrypted root file system</emphasis>.  See <xref
177
192
      linkend="overview"/> for details.
178
193
    </para>
179
 
 
180
194
  </refsect1>
181
195
  
182
196
  <refsect1 id="options">
183
197
    <title>OPTIONS</title>
184
 
 
 
198
    
185
199
    <variablelist>
186
200
      <varlistentry>
187
 
        <term><literal>-h</literal>, <literal>--help</literal></term>
 
201
        <term><option>--help</option></term>
 
202
        <term><option>-h</option></term>
188
203
        <listitem>
189
204
          <para>
190
205
            Show a help message and exit
191
206
          </para>
192
207
        </listitem>
193
208
      </varlistentry>
194
 
 
195
 
      <varlistentry>
196
 
        <term><literal>-d</literal>, <literal>--dir
197
 
        <replaceable>directory</replaceable></literal></term>
198
 
        <listitem>
199
 
          <para>
200
 
            Target directory for key files.
201
 
          </para>
202
 
        </listitem>
203
 
      </varlistentry>
204
 
 
205
 
      <varlistentry>
206
 
        <term><literal>-t</literal>, <literal>--type
207
 
        <replaceable>type</replaceable></literal></term>
208
 
        <listitem>
209
 
          <para>
210
 
            Key type.  Default is DSA.
211
 
          </para>
212
 
        </listitem>
213
 
      </varlistentry>
214
 
 
215
 
      <varlistentry>
216
 
        <term><literal>-l</literal>, <literal>--length
217
 
        <replaceable>bits</replaceable></literal></term>
218
 
        <listitem>
219
 
          <para>
220
 
            Key length in bits.  Default is 1024.
221
 
          </para>
222
 
        </listitem>
223
 
      </varlistentry>
224
 
 
225
 
      <varlistentry>
226
 
        <term><literal>-e</literal>, <literal>--email</literal>
227
 
        <replaceable>address</replaceable></term>
 
209
      
 
210
      <varlistentry>
 
211
        <term><option>--dir
 
212
        <replaceable>DIRECTORY</replaceable></option></term>
 
213
        <term><option>-d
 
214
        <replaceable>DIRECTORY</replaceable></option></term>
 
215
        <listitem>
 
216
          <para>
 
217
            Target directory for key files.  Default is
 
218
            <filename class="directory">/etc/mandos</filename>.
 
219
          </para>
 
220
        </listitem>
 
221
      </varlistentry>
 
222
      
 
223
      <varlistentry>
 
224
        <term><option>--type
 
225
        <replaceable>TYPE</replaceable></option></term>
 
226
        <term><option>-t
 
227
        <replaceable>TYPE</replaceable></option></term>
 
228
        <listitem>
 
229
          <para>
 
230
            Key type.  Default is <quote>RSA</quote>.
 
231
          </para>
 
232
        </listitem>
 
233
      </varlistentry>
 
234
      
 
235
      <varlistentry>
 
236
        <term><option>--length
 
237
        <replaceable>BITS</replaceable></option></term>
 
238
        <term><option>-l
 
239
        <replaceable>BITS</replaceable></option></term>
 
240
        <listitem>
 
241
          <para>
 
242
            Key length in bits.  Default is 4096.
 
243
          </para>
 
244
        </listitem>
 
245
      </varlistentry>
 
246
      
 
247
      <varlistentry>
 
248
        <term><option>--subtype
 
249
        <replaceable>KEYTYPE</replaceable></option></term>
 
250
        <term><option>-s
 
251
        <replaceable>KEYTYPE</replaceable></option></term>
 
252
        <listitem>
 
253
          <para>
 
254
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
255
            encryption-only).
 
256
          </para>
 
257
        </listitem>
 
258
      </varlistentry>
 
259
      
 
260
      <varlistentry>
 
261
        <term><option>--sublength
 
262
        <replaceable>BITS</replaceable></option></term>
 
263
        <term><option>-L
 
264
        <replaceable>BITS</replaceable></option></term>
 
265
        <listitem>
 
266
          <para>
 
267
            Subkey length in bits.  Default is 4096.
 
268
          </para>
 
269
        </listitem>
 
270
      </varlistentry>
 
271
      
 
272
      <varlistentry>
 
273
        <term><option>--email
 
274
        <replaceable>ADDRESS</replaceable></option></term>
 
275
        <term><option>-e
 
276
        <replaceable>ADDRESS</replaceable></option></term>
228
277
        <listitem>
229
278
          <para>
230
279
            Email address of key.  Default is empty.
231
280
          </para>
232
281
        </listitem>
233
282
      </varlistentry>
234
 
 
 
283
      
235
284
      <varlistentry>
236
 
        <term><literal>-c</literal>, <literal>--comment</literal>
237
 
        <replaceable>comment</replaceable></term>
 
285
        <term><option>--comment
 
286
        <replaceable>TEXT</replaceable></option></term>
 
287
        <term><option>-c
 
288
        <replaceable>TEXT</replaceable></option></term>
238
289
        <listitem>
239
290
          <para>
240
291
            Comment field for key.  The default value is
241
 
            "<literal>Mandos client key</literal>".
 
292
            <quote><literal>Mandos client key</literal></quote>.
242
293
          </para>
243
294
        </listitem>
244
295
      </varlistentry>
245
 
 
 
296
      
246
297
      <varlistentry>
247
 
        <term><literal>-x</literal>, <literal>--expire</literal>
248
 
        <replaceable>time</replaceable></term>
 
298
        <term><option>--expire
 
299
        <replaceable>TIME</replaceable></option></term>
 
300
        <term><option>-x
 
301
        <replaceable>TIME</replaceable></option></term>
249
302
        <listitem>
250
303
          <para>
251
304
            Key expire time.  Default is no expiration.  See
254
307
          </para>
255
308
        </listitem>
256
309
      </varlistentry>
257
 
 
258
 
      <varlistentry>
259
 
        <term><literal>-f</literal>, <literal>--force</literal></term>
260
 
        <listitem>
261
 
          <para>
262
 
            Force overwriting old keys.
 
310
      
 
311
      <varlistentry>
 
312
        <term><option>--force</option></term>
 
313
        <term><option>-f</option></term>
 
314
        <listitem>
 
315
          <para>
 
316
            Force overwriting old key.
 
317
          </para>
 
318
        </listitem>
 
319
      </varlistentry>
 
320
      <varlistentry>
 
321
        <term><option>--password</option></term>
 
322
        <term><option>-p</option></term>
 
323
        <listitem>
 
324
          <para>
 
325
            Prompt for a password and encrypt it with the key already
 
326
            present in either <filename>/etc/mandos</filename> or the
 
327
            directory specified with the <option>--dir</option>
 
328
            option.  Outputs, on standard output, a section suitable
 
329
            for inclusion in <citerefentry><refentrytitle
 
330
            >mandos-clients.conf</refentrytitle><manvolnum
 
331
            >8</manvolnum></citerefentry>.  The host name or the name
 
332
            specified with the <option>--name</option> option is used
 
333
            for the section header.  All other options are ignored,
 
334
            and no key is created.
 
335
          </para>
 
336
        </listitem>
 
337
      </varlistentry>
 
338
      <varlistentry>
 
339
        <term><option>--passfile
 
340
        <replaceable>FILE</replaceable></option></term>
 
341
        <term><option>-F
 
342
        <replaceable>FILE</replaceable></option></term>
 
343
        <listitem>
 
344
          <para>
 
345
            The same as <option>--password</option>, but read from
 
346
            <replaceable>FILE</replaceable>, not the terminal.
263
347
          </para>
264
348
        </listitem>
265
349
      </varlistentry>
266
350
    </variablelist>
267
351
  </refsect1>
268
 
 
 
352
  
269
353
  <refsect1 id="overview">
270
354
    <title>OVERVIEW</title>
271
355
    <xi:include href="overview.xml"/>
272
356
    <para>
273
 
      This program is a small program to generate new OpenPGP keys for
274
 
      new Mandos clients.
 
357
      This program is a small utility to generate new OpenPGP keys for
 
358
      new Mandos clients, and to generate sections for inclusion in
 
359
      <filename>clients.conf</filename> on the server.
275
360
    </para>
276
361
  </refsect1>
277
 
 
 
362
  
278
363
  <refsect1 id="exit_status">
279
364
    <title>EXIT STATUS</title>
280
365
    <para>
281
 
      The exit status will be 0 if new keys were successfully created,
282
 
      otherwise not.
 
366
      The exit status will be 0 if a new key (or password, if the
 
367
      <option>--password</option> option was used) was successfully
 
368
      created, otherwise not.
283
369
    </para>
284
370
  </refsect1>
285
371
  
287
373
    <title>ENVIRONMENT</title>
288
374
    <variablelist>
289
375
      <varlistentry>
290
 
        <term><varname>TMPDIR</varname></term>
 
376
        <term><envar>TMPDIR</envar></term>
291
377
        <listitem>
292
378
          <para>
293
379
            If set, temporary files will be created here. See
299
385
    </variablelist>
300
386
  </refsect1>
301
387
  
302
 
  <refsect1 id="file">
 
388
  <refsect1 id="files">
303
389
    <title>FILES</title>
304
390
    <para>
305
391
      Use the <option>--dir</option> option to change where
326
412
        </listitem>
327
413
      </varlistentry>
328
414
      <varlistentry>
329
 
        <term><filename>/tmp</filename></term>
 
415
        <term><filename class="directory">/tmp</filename></term>
330
416
        <listitem>
331
417
          <para>
332
418
            Temporary files will be written here if
336
422
      </varlistentry>
337
423
    </variablelist>
338
424
  </refsect1>
339
 
 
340
 
  <refsect1 id="bugs">
341
 
    <title>BUGS</title>
342
 
    <para>
343
 
      None are known at this time.
344
 
    </para>
345
 
  </refsect1>
346
 
 
 
425
  
 
426
<!--   <refsect1 id="bugs"> -->
 
427
<!--     <title>BUGS</title> -->
 
428
<!--     <para> -->
 
429
<!--     </para> -->
 
430
<!--   </refsect1> -->
 
431
  
347
432
  <refsect1 id="example">
348
433
    <title>EXAMPLE</title>
349
434
    <informalexample>
351
436
        Normal invocation needs no options:
352
437
      </para>
353
438
      <para>
354
 
        <userinput>mandos-keygen</userinput>
 
439
        <userinput>&COMMANDNAME;</userinput>
355
440
      </para>
356
441
    </informalexample>
357
442
    <informalexample>
358
443
      <para>
359
 
        Create keys in another directory and of another type.  Force
 
444
        Create key in another directory and of another type.  Force
360
445
        overwriting old key files:
361
446
      </para>
362
447
      <para>
363
448
 
364
449
<!-- do not wrap this line -->
365
 
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
 
450
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
 
451
 
 
452
      </para>
 
453
    </informalexample>
 
454
    <informalexample>
 
455
      <para>
 
456
        Prompt for a password, encrypt it with the key in <filename
 
457
        class="directory">/etc/mandos</filename> and output a section
 
458
        suitable for <filename>clients.conf</filename>.
 
459
      </para>
 
460
      <para>
 
461
        <userinput>&COMMANDNAME; --password</userinput>
 
462
      </para>
 
463
    </informalexample>
 
464
    <informalexample>
 
465
      <para>
 
466
        Prompt for a password, encrypt it with the key in the
 
467
        <filename>client-key</filename> directory and output a section
 
468
        suitable for <filename>clients.conf</filename>.
 
469
      </para>
 
470
      <para>
 
471
 
 
472
<!-- do not wrap this line -->
 
473
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
366
474
 
367
475
      </para>
368
476
    </informalexample>
369
477
  </refsect1>
370
 
 
 
478
  
371
479
  <refsect1 id="security">
372
480
    <title>SECURITY</title>
373
481
    <para>
374
 
      The <option>--type</option> and <option>--length</option>
375
 
      options can be used to create keys of insufficient security.  If
376
 
      in doubt, leave them to the default values.
 
482
      The <option>--type</option>, <option>--length</option>,
 
483
      <option>--subtype</option>, and <option>--sublength</option>
 
484
      options can be used to create keys of low security.  If in
 
485
      doubt, leave them to the default values.
377
486
    </para>
378
487
    <para>
379
 
      The key expire time is not guaranteed to be honored by
380
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
488
      The key expire time is <emphasis>not</emphasis> guaranteed to be
 
489
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
381
490
      <manvolnum>8</manvolnum></citerefentry>.
382
491
    </para>
383
492
  </refsect1>
384
 
 
 
493
  
385
494
  <refsect1 id="see_also">
386
495
    <title>SEE ALSO</title>
387
496
    <para>
388
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
497
      <citerefentry><refentrytitle>intro</refentrytitle>
389
498
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
499
      <citerefentry><refentrytitle>gpg</refentrytitle>
 
500
      <manvolnum>1</manvolnum></citerefentry>,
 
501
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
502
      <manvolnum>5</manvolnum></citerefentry>,
390
503
      <citerefentry><refentrytitle>mandos</refentrytitle>
391
504
      <manvolnum>8</manvolnum></citerefentry>,
392
 
      <citerefentry><refentrytitle>gpg</refentrytitle>
393
 
      <manvolnum>1</manvolnum></citerefentry>
 
505
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
506
      <manvolnum>8mandos</manvolnum></citerefentry>
394
507
    </para>
395
508
  </refsect1>
396
509
  
397
510
</refentry>
 
511
<!-- Local Variables: -->
 
512
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
513
<!-- time-stamp-end: "[\"']>" -->
 
514
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
515
<!-- End: -->