/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2018-08-15 09:26:02 UTC
  • Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
http://bugs.debian.org/894495
mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-keygen.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2019-02-10">
 
5
<!ENTITY TIMESTAMP "2018-02-08">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
127
127
      </group>
128
128
      <sbr/>
129
129
      <group>
130
 
        <arg choice="plain"><option>--tls-keytype
131
 
        <replaceable>KEYTYPE</replaceable></option></arg>
132
 
        <arg choice="plain"><option>-T
133
 
        <replaceable>KEYTYPE</replaceable></option></arg>
134
 
      </group>
135
 
      <sbr/>
136
 
      <group>
137
130
        <arg choice="plain"><option>--force</option></arg>
138
131
        <arg choice="plain"><option>-f</option></arg>
139
132
      </group>
187
180
    <title>DESCRIPTION</title>
188
181
    <para>
189
182
      <command>&COMMANDNAME;</command> is a program to generate the
190
 
      TLS and OpenPGP keys used by
 
183
      OpenPGP key used by
191
184
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
192
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
 
185
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
193
186
      normally written to /etc/mandos for later installation into the
194
187
      initrd image, but this, and most other things, can be changed
195
188
      with command line options.
248
241
        <replaceable>TYPE</replaceable></option></term>
249
242
        <listitem>
250
243
          <para>
251
 
            OpenPGP key type.  Default is <quote>RSA</quote>.
 
244
            Key type.  Default is <quote>RSA</quote>.
252
245
          </para>
253
246
        </listitem>
254
247
      </varlistentry>
260
253
        <replaceable>BITS</replaceable></option></term>
261
254
        <listitem>
262
255
          <para>
263
 
            OpenPGP key length in bits.  Default is 4096.
 
256
            Key length in bits.  Default is 4096.
264
257
          </para>
265
258
        </listitem>
266
259
      </varlistentry>
272
265
        <replaceable>KEYTYPE</replaceable></option></term>
273
266
        <listitem>
274
267
          <para>
275
 
            OpenPGP subkey type.  Default is <quote>RSA</quote>
 
268
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
269
            encryption-only).
276
270
          </para>
277
271
        </listitem>
278
272
      </varlistentry>
284
278
        <replaceable>BITS</replaceable></option></term>
285
279
        <listitem>
286
280
          <para>
287
 
            OpenPGP subkey length in bits.  Default is 4096.
 
281
            Subkey length in bits.  Default is 4096.
288
282
          </para>
289
283
        </listitem>
290
284
      </varlistentry>
328
322
      </varlistentry>
329
323
      
330
324
      <varlistentry>
331
 
        <term><option>--tls-keytype
332
 
        <replaceable>KEYTYPE</replaceable></option></term>
333
 
        <term><option>-T
334
 
        <replaceable>KEYTYPE</replaceable></option></term>
335
 
        <listitem>
336
 
          <para>
337
 
            TLS key type.  Default is <quote>ed25519</quote>
338
 
          </para>
339
 
        </listitem>
340
 
      </varlistentry>
341
 
      
342
 
      <varlistentry>
343
325
        <term><option>--force</option></term>
344
326
        <term><option>-f</option></term>
345
327
        <listitem>
401
383
    <title>OVERVIEW</title>
402
384
    <xi:include href="overview.xml"/>
403
385
    <para>
404
 
      This program is a small utility to generate new TLS and OpenPGP
405
 
      keys for new Mandos clients, and to generate sections for
406
 
      inclusion in <filename>clients.conf</filename> on the server.
 
386
      This program is a small utility to generate new OpenPGP keys for
 
387
      new Mandos clients, and to generate sections for inclusion in
 
388
      <filename>clients.conf</filename> on the server.
407
389
    </para>
408
390
  </refsect1>
409
391
  
459
441
        </listitem>
460
442
      </varlistentry>
461
443
      <varlistentry>
462
 
        <term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>
463
 
        <listitem>
464
 
          <para>
465
 
            Private key file which will be created or overwritten.
466
 
          </para>
467
 
        </listitem>
468
 
      </varlistentry>
469
 
      <varlistentry>
470
 
        <term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>
471
 
        <listitem>
472
 
          <para>
473
 
            Public key file which will be created or overwritten.
474
 
          </para>
475
 
        </listitem>
476
 
      </varlistentry>
477
 
      <varlistentry>
478
444
        <term><filename class="directory">/tmp</filename></term>
479
445
        <listitem>
480
446
          <para>