/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2018-08-15 09:26:02 UTC
  • Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2011-10-03">
 
5
<!ENTITY TIMESTAMP "2018-02-08">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
 
36
      <year>2010</year>
36
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
 
43
      <year>2017</year>
 
44
      <year>2018</year>
37
45
      <holder>Teddy Hogeborn</holder>
38
46
      <holder>Björn Påhlsson</holder>
39
47
    </copyright>
118
126
        <replaceable>TIME</replaceable></option></arg>
119
127
      </group>
120
128
      <sbr/>
121
 
      <arg><option>--force</option></arg>
 
129
      <group>
 
130
        <arg choice="plain"><option>--force</option></arg>
 
131
        <arg choice="plain"><option>-f</option></arg>
 
132
      </group>
122
133
    </cmdsynopsis>
123
134
    <cmdsynopsis>
124
135
      <command>&COMMANDNAME;</command>
144
155
        <arg choice="plain"><option>-n
145
156
        <replaceable>NAME</replaceable></option></arg>
146
157
      </group>
 
158
      <group>
 
159
        <arg choice="plain"><option>--no-ssh</option></arg>
 
160
        <arg choice="plain"><option>-S</option></arg>
 
161
      </group>
147
162
    </cmdsynopsis>
148
163
    <cmdsynopsis>
149
164
      <command>&COMMANDNAME;</command>
214
229
        <listitem>
215
230
          <para>
216
231
            Target directory for key files.  Default is
217
 
            <filename>/etc/mandos</filename>.
 
232
            <filename class="directory">/etc/mandos</filename>.
218
233
          </para>
219
234
        </listitem>
220
235
      </varlistentry>
226
241
        <replaceable>TYPE</replaceable></option></term>
227
242
        <listitem>
228
243
          <para>
229
 
            Key type.  Default is <quote>DSA</quote>.
 
244
            Key type.  Default is <quote>RSA</quote>.
230
245
          </para>
231
246
        </listitem>
232
247
      </varlistentry>
238
253
        <replaceable>BITS</replaceable></option></term>
239
254
        <listitem>
240
255
          <para>
241
 
            Key length in bits.  Default is 2048.
 
256
            Key length in bits.  Default is 4096.
242
257
          </para>
243
258
        </listitem>
244
259
      </varlistentry>
250
265
        <replaceable>KEYTYPE</replaceable></option></term>
251
266
        <listitem>
252
267
          <para>
253
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
 
268
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
254
269
            encryption-only).
255
270
          </para>
256
271
        </listitem>
263
278
        <replaceable>BITS</replaceable></option></term>
264
279
        <listitem>
265
280
          <para>
266
 
            Subkey length in bits.  Default is 2048.
 
281
            Subkey length in bits.  Default is 4096.
267
282
          </para>
268
283
        </listitem>
269
284
      </varlistentry>
287
302
        <replaceable>TEXT</replaceable></option></term>
288
303
        <listitem>
289
304
          <para>
290
 
            Comment field for key.  The default value is
291
 
            <quote><literal>Mandos client key</literal></quote>.
 
305
            Comment field for key.  Default is empty.
292
306
          </para>
293
307
        </listitem>
294
308
      </varlistentry>
346
360
          </para>
347
361
        </listitem>
348
362
      </varlistentry>
 
363
      <varlistentry>
 
364
        <term><option>--no-ssh</option></term>
 
365
        <term><option>-S</option></term>
 
366
        <listitem>
 
367
          <para>
 
368
            When <option>--password</option> or
 
369
            <option>--passfile</option> is given, this option will
 
370
            prevent <command>&COMMANDNAME;</command> from calling
 
371
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
372
            for this host and, if successful, output suitable config
 
373
            options to use this fingerprint as a
 
374
            <option>checker</option> option in the output.  This is
 
375
            otherwise the default behavior.
 
376
          </para>
 
377
        </listitem>
 
378
      </varlistentry>
349
379
    </variablelist>
350
380
  </refsect1>
351
381
  
411
441
        </listitem>
412
442
      </varlistentry>
413
443
      <varlistentry>
414
 
        <term><filename>/tmp</filename></term>
 
444
        <term><filename class="directory">/tmp</filename></term>
415
445
        <listitem>
416
446
          <para>
417
447
            Temporary files will be written here if
422
452
    </variablelist>
423
453
  </refsect1>
424
454
  
425
 
<!--   <refsect1 id="bugs"> -->
426
 
<!--     <title>BUGS</title> -->
427
 
<!--     <para> -->
428
 
<!--     </para> -->
429
 
<!--   </refsect1> -->
 
455
  <refsect1 id="bugs">
 
456
    <title>BUGS</title>
 
457
    <xi:include href="bugs.xml"/>
 
458
  </refsect1>
430
459
  
431
460
  <refsect1 id="example">
432
461
    <title>EXAMPLE</title>
452
481
    </informalexample>
453
482
    <informalexample>
454
483
      <para>
455
 
        Prompt for a password, encrypt it with the key in
456
 
        <filename>/etc/mandos</filename> and output a section suitable
457
 
        for <filename>clients.conf</filename>.
 
484
        Prompt for a password, encrypt it with the key in <filename
 
485
        class="directory">/etc/mandos</filename> and output a section
 
486
        suitable for <filename>clients.conf</filename>.
458
487
      </para>
459
488
      <para>
460
489
        <userinput>&COMMANDNAME; --password</userinput>
502
531
      <citerefentry><refentrytitle>mandos</refentrytitle>
503
532
      <manvolnum>8</manvolnum></citerefentry>,
504
533
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
505
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
534
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
535
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
 
536
      <manvolnum>1</manvolnum></citerefentry>
506
537
    </para>
507
538
  </refsect1>
508
539