/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-18 03:50:28 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080818035028-su31apqs2pv2147v
* mandos-keygen.xml: Removed <?xml-stylesheet>.  New entity
                     "&OVERVIEW;" referring to "overview.xml".
  (PURPOSE, OVERVIEW): New sections, same as in mandos(8).
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).

* mandos.xml (OPTIONS, CLIENTS): Slight wording change.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version="1.0" encoding="UTF-8"?>
 
1
<?xml version='1.0' encoding='UTF-8'?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos-keygen">
 
6
<!ENTITY OVERVIEW SYSTEM "overview.xml">
6
7
]>
7
8
 
8
 
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
 
9
<refentry>
9
10
  <refentryinfo>
10
11
    <title>&COMMANDNAME;</title>
11
 
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
 
12
    <!-- NWalsh's docbook scripts use this to generate the footer: -->
12
13
    <productname>&COMMANDNAME;</productname>
13
14
    <productnumber>&VERSION;</productnumber>
14
15
    <authorgroup>
29
30
    </authorgroup>
30
31
    <copyright>
31
32
      <year>2008</year>
32
 
      <holder>Teddy Hogeborn</holder>
33
 
      <holder>Björn Påhlsson</holder>
 
33
      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
34
34
    </copyright>
35
35
    <legalnotice>
36
36
      <para>
86
86
        <replaceable>bits</replaceable></arg>
87
87
      </group>
88
88
      <group choice="opt">
89
 
        <arg choice="plain"><option>--subtype</option>
90
 
        <replaceable>type</replaceable></arg>
91
 
      </group>
92
 
      <group choice="opt">
93
 
        <arg choice="plain"><option>--sublength</option>
94
 
        <replaceable>bits</replaceable></arg>
95
 
      </group>
96
 
      <group choice="opt">
97
89
        <arg choice="plain"><option>--name</option>
98
90
        <replaceable>NAME</replaceable></arg>
99
91
      </group>
128
120
        <replaceable>bits</replaceable></arg>
129
121
      </group>
130
122
      <group choice="opt">
131
 
        <arg choice="plain"><option>-s</option>
132
 
        <replaceable>type</replaceable></arg>
133
 
      </group>
134
 
      <group choice="opt">
135
 
        <arg choice="plain"><option>-L</option>
136
 
        <replaceable>bits</replaceable></arg>
137
 
      </group>
138
 
      <group choice="opt">
139
123
        <arg choice="plain"><option>-n</option>
140
124
        <replaceable>NAME</replaceable></arg>
141
125
      </group>
158
142
    <cmdsynopsis>
159
143
      <command>&COMMANDNAME;</command>
160
144
      <group choice="req">
161
 
        <arg choice="plain"><option>-p</option></arg>
162
 
        <arg choice="plain"><option>--password</option></arg>
163
 
      </group>
164
 
      <group choice="opt">
165
 
        <arg choice="plain"><option>--dir</option>
166
 
        <replaceable>directory</replaceable></arg>
167
 
      </group>
168
 
      <group choice="opt">
169
 
        <arg choice="plain"><option>--name</option>
170
 
        <replaceable>NAME</replaceable></arg>
171
 
      </group>
172
 
    </cmdsynopsis>
173
 
    <cmdsynopsis>
174
 
      <command>&COMMANDNAME;</command>
175
 
      <group choice="req">
176
 
        <arg choice="plain"><option>-h</option></arg>
177
 
        <arg choice="plain"><option>--help</option></arg>
178
 
      </group>
179
 
    </cmdsynopsis>
180
 
    <cmdsynopsis>
181
 
      <command>&COMMANDNAME;</command>
182
 
      <group choice="req">
183
 
        <arg choice="plain"><option>-v</option></arg>
184
 
        <arg choice="plain"><option>--version</option></arg>
 
145
        <arg choice='plain'><option>-h</option></arg>
 
146
        <arg choice='plain'><option>--help</option></arg>
 
147
      </group>
 
148
    </cmdsynopsis>
 
149
    <cmdsynopsis>
 
150
      <command>&COMMANDNAME;</command>
 
151
      <group choice="req">
 
152
        <arg choice='plain'><option>-v</option></arg>
 
153
        <arg choice='plain'><option>--version</option></arg>
185
154
      </group>
186
155
    </cmdsynopsis>
187
156
  </refsynopsisdiv>
197
166
      initrd image, but this, like most things, can be changed with
198
167
      command line options.
199
168
    </para>
200
 
    <para>
201
 
      It can also be used to generate ready-made sections for
202
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
203
 
      <manvolnum>5</manvolnum></citerefentry> using the
204
 
      <option>--password</option> option.
205
 
    </para>
206
169
  </refsect1>
207
170
  
208
171
  <refsect1 id="purpose">
235
198
        <replaceable>directory</replaceable></literal></term>
236
199
        <listitem>
237
200
          <para>
238
 
            Target directory for key files.  Default is
239
 
            <filename>/etc/mandos</filename>.
 
201
            Target directory for key files.
240
202
          </para>
241
203
        </listitem>
242
204
      </varlistentry>
246
208
        <replaceable>type</replaceable></literal></term>
247
209
        <listitem>
248
210
          <para>
249
 
            Key type.  Default is <quote>DSA</quote>.
 
211
            Key type.  Default is DSA.
250
212
          </para>
251
213
        </listitem>
252
214
      </varlistentry>
262
224
      </varlistentry>
263
225
 
264
226
      <varlistentry>
265
 
        <term><literal>-s</literal>, <literal>--subtype
266
 
        <replaceable>type</replaceable></literal></term>
267
 
        <listitem>
268
 
          <para>
269
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
270
 
            encryption-only).
271
 
          </para>
272
 
        </listitem>
273
 
      </varlistentry>
274
 
 
275
 
      <varlistentry>
276
 
        <term><literal>-L</literal>, <literal>--sublength
277
 
        <replaceable>bits</replaceable></literal></term>
278
 
        <listitem>
279
 
          <para>
280
 
            Subkey length in bits.  Default is 2048.
281
 
          </para>
282
 
        </listitem>
283
 
      </varlistentry>
284
 
 
285
 
      <varlistentry>
286
227
        <term><literal>-e</literal>, <literal>--email</literal>
287
228
        <replaceable>address</replaceable></term>
288
229
        <listitem>
298
239
        <listitem>
299
240
          <para>
300
241
            Comment field for key.  The default value is
301
 
            <quote><literal>Mandos client key</literal></quote>.
 
242
            "<literal>Mandos client key</literal>".
302
243
          </para>
303
244
        </listitem>
304
245
      </varlistentry>
323
264
          </para>
324
265
        </listitem>
325
266
      </varlistentry>
326
 
      <varlistentry>
327
 
        <term><literal>-p</literal>, <literal>--password</literal
328
 
        ></term>
329
 
        <listitem>
330
 
          <para>
331
 
            Prompt for a password and encrypt it with the key already
332
 
            present in either <filename>/etc/mandos</filename> or the
333
 
            directory specified with the <option>--dir</option>
334
 
            option.  Outputs, on standard output, a section suitable
335
 
            for inclusion in <citerefentry><refentrytitle
336
 
            >mandos-clients.conf</refentrytitle><manvolnum
337
 
            >8</manvolnum></citerefentry>.  The host name or the name
338
 
            specified with the <option>--name</option> option is used
339
 
            for the section header.  All other options are ignored,
340
 
            and no keys are created.
341
 
          </para>
342
 
        </listitem>
343
 
      </varlistentry>
344
267
    </variablelist>
345
268
  </refsect1>
346
269
 
347
270
  <refsect1 id="overview">
348
271
    <title>OVERVIEW</title>
349
 
    <xi:include href="overview.xml"/>
 
272
    &OVERVIEW;
350
273
    <para>
351
 
      This program is a small utility to generate new OpenPGP keys for
 
274
      This program is a small program to generate new OpenPGP keys for
352
275
      new Mandos clients.
353
276
    </para>
354
277
  </refsect1>
356
279
  <refsect1 id="exit_status">
357
280
    <title>EXIT STATUS</title>
358
281
    <para>
359
 
      The exit status will be 0 if new keys were successfully created,
360
 
      otherwise not.
361
282
    </para>
362
283
  </refsect1>
363
284
  
364
 
  <refsect1 id="environment">
365
 
    <title>ENVIRONMENT</title>
366
 
    <variablelist>
367
 
      <varlistentry>
368
 
        <term><varname>TMPDIR</varname></term>
369
 
        <listitem>
370
 
          <para>
371
 
            If set, temporary files will be created here. See
372
 
            <citerefentry><refentrytitle>mktemp</refentrytitle>
373
 
            <manvolnum>1</manvolnum></citerefentry>.
374
 
          </para>
375
 
        </listitem>
376
 
      </varlistentry>
377
 
    </variablelist>
378
 
  </refsect1>
379
 
  
380
285
  <refsect1 id="file">
381
286
    <title>FILES</title>
382
287
    <para>
383
 
      Use the <option>--dir</option> option to change where
384
 
      <command>&COMMANDNAME;</command> will write the key files.  The
385
 
      default file names are shown here.
386
288
    </para>
387
 
    <variablelist>
388
 
      <varlistentry>
389
 
        <term><filename>/etc/mandos/seckey.txt</filename></term>
390
 
        <listitem>
391
 
          <para>
392
 
            OpenPGP secret key file which will be created or
393
 
            overwritten.
394
 
          </para>
395
 
        </listitem>
396
 
      </varlistentry>
397
 
      <varlistentry>
398
 
        <term><filename>/etc/mandos/pubkey.txt</filename></term>
399
 
        <listitem>
400
 
          <para>
401
 
            OpenPGP public key file which will be created or
402
 
            overwritten.
403
 
          </para>
404
 
        </listitem>
405
 
      </varlistentry>
406
 
      <varlistentry>
407
 
        <term><filename>/tmp</filename></term>
408
 
        <listitem>
409
 
          <para>
410
 
            Temporary files will be written here if
411
 
            <varname>TMPDIR</varname> is not set.
412
 
          </para>
413
 
        </listitem>
414
 
      </varlistentry>
415
 
    </variablelist>
416
289
  </refsect1>
417
290
 
418
291
  <refsect1 id="bugs">
419
292
    <title>BUGS</title>
420
293
    <para>
421
 
      None are known at this time.
422
294
    </para>
423
295
  </refsect1>
424
296
 
425
297
  <refsect1 id="example">
426
298
    <title>EXAMPLE</title>
427
 
    <informalexample>
428
 
      <para>
429
 
        Normal invocation needs no options:
430
 
      </para>
431
 
      <para>
432
 
        <userinput>mandos-keygen</userinput>
433
 
      </para>
434
 
    </informalexample>
435
 
    <informalexample>
436
 
      <para>
437
 
        Create keys in another directory and of another type.  Force
438
 
        overwriting old key files:
439
 
      </para>
440
 
      <para>
441
 
 
442
 
<!-- do not wrap this line -->
443
 
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
444
 
 
445
 
      </para>
446
 
    </informalexample>
 
299
    <para>
 
300
    </para>
447
301
  </refsect1>
448
302
 
449
303
  <refsect1 id="security">
450
304
    <title>SECURITY</title>
451
305
    <para>
452
 
      The <option>--type</option>, <option>--length</option>,
453
 
      <option>--subtype</option>, and <option>--sublength</option>
454
 
      options can be used to create keys of insufficient security.  If
455
 
      in doubt, leave them to the default values.
456
 
    </para>
457
 
    <para>
458
 
      The key expire time is not guaranteed to be honored by
459
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
460
 
      <manvolnum>8</manvolnum></citerefentry>.
461
306
    </para>
462
307
  </refsect1>
463
308
 
467
312
      <citerefentry><refentrytitle>password-request</refentrytitle>
468
313
      <manvolnum>8mandos</manvolnum></citerefentry>,
469
314
      <citerefentry><refentrytitle>mandos</refentrytitle>
470
 
      <manvolnum>8</manvolnum></citerefentry>,
 
315
      <manvolnum>8</manvolnum></citerefentry>, and
471
316
      <citerefentry><refentrytitle>gpg</refentrytitle>
472
317
      <manvolnum>1</manvolnum></citerefentry>
473
318
    </para>