68
67
<refname><command>&COMMANDNAME;</command></refname>
70
Generate key and password for Mandos client and server.
69
Generate keys for <citerefentry><refentrytitle>password-request
70
</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
76
76
<command>&COMMANDNAME;</command>
78
<arg choice="plain"><option>--dir
79
<replaceable>DIRECTORY</replaceable></option></arg>
80
<arg choice="plain"><option>-d
81
<replaceable>DIRECTORY</replaceable></option></arg>
85
<arg choice="plain"><option>--type
86
<replaceable>KEYTYPE</replaceable></option></arg>
87
<arg choice="plain"><option>-t
88
<replaceable>KEYTYPE</replaceable></option></arg>
92
<arg choice="plain"><option>--length
93
<replaceable>BITS</replaceable></option></arg>
94
<arg choice="plain"><option>-l
95
<replaceable>BITS</replaceable></option></arg>
99
<arg choice="plain"><option>--subtype
100
<replaceable>KEYTYPE</replaceable></option></arg>
101
<arg choice="plain"><option>-s
102
<replaceable>KEYTYPE</replaceable></option></arg>
106
<arg choice="plain"><option>--sublength
107
<replaceable>BITS</replaceable></option></arg>
108
<arg choice="plain"><option>-L
109
<replaceable>BITS</replaceable></option></arg>
113
<arg choice="plain"><option>--name
114
<replaceable>NAME</replaceable></option></arg>
115
<arg choice="plain"><option>-n
116
<replaceable>NAME</replaceable></option></arg>
120
<arg choice="plain"><option>--email
121
<replaceable>ADDRESS</replaceable></option></arg>
122
<arg choice="plain"><option>-e
123
<replaceable>ADDRESS</replaceable></option></arg>
127
<arg choice="plain"><option>--comment
128
<replaceable>TEXT</replaceable></option></arg>
129
<arg choice="plain"><option>-c
130
<replaceable>TEXT</replaceable></option></arg>
134
<arg choice="plain"><option>--expire
135
<replaceable>TIME</replaceable></option></arg>
136
<arg choice="plain"><option>-x
137
<replaceable>TIME</replaceable></option></arg>
140
<arg><option>--force</option></arg>
143
<command>&COMMANDNAME;</command>
145
<arg choice="plain"><option>--password</option></arg>
146
<arg choice="plain"><option>-p</option></arg>
150
<arg choice="plain"><option>--dir
151
<replaceable>DIRECTORY</replaceable></option></arg>
152
<arg choice="plain"><option>-d
153
<replaceable>DIRECTORY</replaceable></option></arg>
157
<arg choice="plain"><option>--name
158
<replaceable>NAME</replaceable></option></arg>
159
<arg choice="plain"><option>-n
160
<replaceable>NAME</replaceable></option></arg>
164
<command>&COMMANDNAME;</command>
166
<arg choice="plain"><option>--help</option></arg>
167
<arg choice="plain"><option>-h</option></arg>
171
<command>&COMMANDNAME;</command>
173
<arg choice="plain"><option>--version</option></arg>
174
<arg choice="plain"><option>-v</option></arg>
78
<arg choice="plain"><option>--dir</option>
79
<replaceable>directory</replaceable></arg>
82
<arg choice="plain"><option>--type</option>
83
<replaceable>type</replaceable></arg>
86
<arg choice="plain"><option>--length</option>
87
<replaceable>bits</replaceable></arg>
90
<arg choice="plain"><option>--name</option>
91
<replaceable>NAME</replaceable></arg>
94
<arg choice="plain"><option>--email</option>
95
<replaceable>EMAIL</replaceable></arg>
98
<arg choice="plain"><option>--comment</option>
99
<replaceable>COMMENT</replaceable></arg>
102
<arg choice="plain"><option>--expire</option>
103
<replaceable>TIME</replaceable></arg>
106
<arg choice="plain"><option>--force</option></arg>
110
<command>&COMMANDNAME;</command>
112
<arg choice="plain"><option>-d</option>
113
<replaceable>directory</replaceable></arg>
116
<arg choice="plain"><option>-t</option>
117
<replaceable>type</replaceable></arg>
120
<arg choice="plain"><option>-l</option>
121
<replaceable>bits</replaceable></arg>
124
<arg choice="plain"><option>-n</option>
125
<replaceable>NAME</replaceable></arg>
128
<arg choice="plain"><option>-e</option>
129
<replaceable>EMAIL</replaceable></arg>
132
<arg choice="plain"><option>-c</option>
133
<replaceable>COMMENT</replaceable></arg>
136
<arg choice="plain"><option>-x</option>
137
<replaceable>TIME</replaceable></arg>
140
<arg choice="plain"><option>-f</option></arg>
144
<command>&COMMANDNAME;</command>
146
<arg choice='plain'><option>-h</option></arg>
147
<arg choice='plain'><option>--help</option></arg>
151
<command>&COMMANDNAME;</command>
153
<arg choice='plain'><option>-v</option></arg>
154
<arg choice='plain'><option>--version</option></arg>
177
157
</refsynopsisdiv>
179
159
<refsect1 id="description">
180
160
<title>DESCRIPTION</title>
182
162
<command>&COMMANDNAME;</command> is a program to generate the
184
164
<citerefentry><refentrytitle>password-request</refentrytitle>
185
<manvolnum>8mandos</manvolnum></citerefentry>. The key is
165
<manvolnum>8mandos</manvolnum></citerefentry>. The keys are
186
166
normally written to /etc/mandos for later installation into the
187
initrd image, but this, and most other things, can be changed
188
with command line options.
191
This program can also be used with the
192
<option>--password</option> option to generate a ready-made
193
section for <filename>clients.conf</filename> (see
194
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
195
<manvolnum>5</manvolnum></citerefentry>).
199
<refsect1 id="purpose">
200
<title>PURPOSE</title>
202
The purpose of this is to enable <emphasis>remote and unattended
203
rebooting</emphasis> of client host computer with an
204
<emphasis>encrypted root file system</emphasis>. See <xref
205
linkend="overview"/> for details.
167
initrd image, but this, like most things, can be changed with
168
command line options.
209
172
<refsect1 id="options">
210
173
<title>OPTIONS</title>
214
<term><option>--help</option></term>
215
<term><option>-h</option></term>
177
<term><literal>-h</literal>, <literal>--help</literal></term>
218
180
Show a help message and exit
225
<replaceable>DIRECTORY</replaceable></option></term>
227
<replaceable>DIRECTORY</replaceable></option></term>
230
Target directory for key files. Default is
231
<filename>/etc/mandos</filename>.
238
<replaceable>TYPE</replaceable></option></term>
240
<replaceable>TYPE</replaceable></option></term>
243
Key type. Default is <quote>DSA</quote>.
249
<term><option>--length
250
<replaceable>BITS</replaceable></option></term>
252
<replaceable>BITS</replaceable></option></term>
255
Key length in bits. Default is 2048.
261
<term><option>--subtype
262
<replaceable>KEYTYPE</replaceable></option></term>
264
<replaceable>KEYTYPE</replaceable></option></term>
267
Subkey type. Default is <quote>ELG-E</quote> (Elgamal
274
<term><option>--sublength
275
<replaceable>BITS</replaceable></option></term>
277
<replaceable>BITS</replaceable></option></term>
280
Subkey length in bits. Default is 2048.
286
<term><option>--email
287
<replaceable>ADDRESS</replaceable></option></term>
289
<replaceable>ADDRESS</replaceable></option></term>
186
<term><literal>-d</literal>, <literal>--dir
187
<replaceable>directory</replaceable></literal></term>
190
Target directory for key files.
196
<term><literal>-t</literal>, <literal>--type
197
<replaceable>type</replaceable></literal></term>
200
Key type. Default is DSA.
206
<term><literal>-l</literal>, <literal>--length
207
<replaceable>bits</replaceable></literal></term>
210
Key length in bits. Default is 1024.
216
<term><literal>-e</literal>, <literal>--email</literal>
217
<replaceable>address</replaceable></term>
292
220
Email address of key. Default is empty.
325
<term><option>--force</option></term>
326
<term><option>-f</option></term>
329
Force overwriting old key.
334
<term><option>--password</option></term>
335
<term><option>-p</option></term>
338
Prompt for a password and encrypt it with the key already
339
present in either <filename>/etc/mandos</filename> or the
340
directory specified with the <option>--dir</option>
341
option. Outputs, on standard output, a section suitable
342
for inclusion in <citerefentry><refentrytitle
343
>mandos-clients.conf</refentrytitle><manvolnum
344
>8</manvolnum></citerefentry>. The host name or the name
345
specified with the <option>--name</option> option is used
346
for the section header. All other options are ignored,
347
and no key is created.
249
<term><literal>-f</literal>, <literal>--force</literal></term>
252
Force overwriting old keys.
354
<refsect1 id="overview">
355
<title>OVERVIEW</title>
356
<xi:include href="overview.xml"/>
358
This program is a small utility to generate new OpenPGP keys for
359
new Mandos clients, and to generate sections for inclusion in
360
<filename>clients.conf</filename> on the server.
364
259
<refsect1 id="exit_status">
365
260
<title>EXIT STATUS</title>
367
The exit status will be 0 if a new key (or password, if the
368
<option>--password</option> option was used) was successfully
369
created, otherwise not.
373
<refsect1 id="environment">
374
<title>ENVIRONMENT</title>
377
<term><envar>TMPDIR</envar></term>
380
If set, temporary files will be created here. See
381
<citerefentry><refentrytitle>mktemp</refentrytitle>
382
<manvolnum>1</manvolnum></citerefentry>.
389
265
<refsect1 id="file">
390
266
<title>FILES</title>
392
Use the <option>--dir</option> option to change where
393
<command>&COMMANDNAME;</command> will write the key files. The
394
default file names are shown here.
398
<term><filename>/etc/mandos/seckey.txt</filename></term>
401
OpenPGP secret key file which will be created or
407
<term><filename>/etc/mandos/pubkey.txt</filename></term>
410
OpenPGP public key file which will be created or
416
<term><filename>/tmp</filename></term>
419
Temporary files will be written here if
420
<varname>TMPDIR</varname> is not set.
427
271
<refsect1 id="bugs">
428
272
<title>BUGS</title>
430
None are known at this time.
434
<refsect1 id="example">
435
<title>EXAMPLE</title>
438
Normal invocation needs no options:
441
<userinput>&COMMANDNAME;</userinput>
446
Create key in another directory and of another type. Force
447
overwriting old key files:
451
<!-- do not wrap this line -->
452
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
458
Prompt for a password, encrypt it with the key in
459
<filename>/etc/mandos</filename> and output a section suitable
460
for <filename>clients.conf</filename>.
463
<userinput>&COMMANDNAME; --password</userinput>
468
Prompt for a password, encrypt it with the key in the
469
<filename>client-key</filename> directory and output a section
470
suitable for <filename>clients.conf</filename>.
474
<!-- do not wrap this line -->
475
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
277
<refsect1 id="examples">
278
<title>EXAMPLES</title>
481
283
<refsect1 id="security">
482
284
<title>SECURITY</title>
484
The <option>--type</option>, <option>--length</option>,
485
<option>--subtype</option>, and <option>--sublength</option>
486
options can be used to create keys of low security. If in
487
doubt, leave them to the default values.
490
The key expire time is <emphasis>not</emphasis> guaranteed to be
491
honored by <citerefentry><refentrytitle>mandos</refentrytitle>
492
<manvolnum>8</manvolnum></citerefentry>.
496
289
<refsect1 id="see_also">
497
290
<title>SEE ALSO</title>
292
<citerefentry><refentrytitle>password-request</refentrytitle>
293
<manvolnum>8mandos</manvolnum></citerefentry>,
294
<citerefentry><refentrytitle>mandos</refentrytitle>
295
<manvolnum>8</manvolnum></citerefentry>, and
499
296
<citerefentry><refentrytitle>gpg</refentrytitle>
500
<manvolnum>1</manvolnum></citerefentry>,
501
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
502
<manvolnum>5</manvolnum></citerefentry>,
503
<citerefentry><refentrytitle>mandos</refentrytitle>
504
<manvolnum>8</manvolnum></citerefentry>,
505
<citerefentry><refentrytitle>password-request</refentrytitle>
506
<manvolnum>8mandos</manvolnum></citerefentry>
297
<manvolnum>1</manvolnum></citerefentry>
511
<!-- Local Variables: -->
512
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
513
<!-- time-stamp-end: "[\"']>" -->
514
<!-- time-stamp-format: "%:y-%02m-%02d" -->