/mandos/trunk : revision 951

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files added:
initramfs-tools-hook-conf

files removed:
debian/mandos-client.templates

debian/mandos.templates

initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.lintian-overrides

debian/mandos.postinst

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY TIMESTAMP "2018-02-08">

<!ENTITY % common SYSTEM "common.ent">

%common;

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

128

127

</group>

129

128

<sbr/>

130

129

<group>

131

<arg choice="plain"><option>--tls-keytype

132

<replaceable>KEYTYPE</replaceable></option></arg>

133

<arg choice="plain"><option>-T

134

<replaceable>KEYTYPE</replaceable></option></arg>

135

</group>

136

<sbr/>

137

<group>

138

130

<arg choice="plain"><option>--force</option></arg>

139

131

140

132

</group>

188

180

<title>DESCRIPTION</title>

189

181

<para>

190

182

<command>&COMMANDNAME;</command> is a program to generate the

191

TLS and OpenPGP keys used by

183

OpenPGP key used by

192

184

<citerefentry><refentrytitle>mandos-client</refentrytitle>

193

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

194

normally written to /etc/keys/mandos for later installation into

195

the initrd image, but this, and most other things, can be

196

changed with command line options.

185

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

186

normally written to /etc/mandos for later installation into the

187

initrd image, but this, and most other things, can be changed

188

with command line options.

197

189

</para>

198

190

<para>

199

191

This program can also be used with the

236

228

<replaceable>DIRECTORY</replaceable></option></term>

237

229

238

230

<para>

239

Target directory for key files. Default is <filename

240

class="directory">/etc/keys/mandos</filename>.

231

Target directory for key files. Default is

232

<filename class="directory">/etc/mandos</filename>.

241

233

</para>

242

234

</listitem>

243

235

</varlistentry>

249

241

250

242

251

243

<para>

252

OpenPGP key type. Default is <quote>RSA</quote>.

244

Key type. Default is <quote>RSA</quote>.

253

245

</para>

254

246

</listitem>

255

247

</varlistentry>

261

253

262

254

263

255

<para>

264

OpenPGP key length in bits. Default is 4096.

256

Key length in bits. Default is 4096.

265

257

</para>

266

258

</listitem>

267

259

</varlistentry>

273

265

<replaceable>KEYTYPE</replaceable></option></term>

274

266

275

267

<para>

276

OpenPGP subkey type. Default is <quote>RSA</quote>

268

Subkey type. Default is <quote>RSA</quote> (Elgamal

269

encryption-only).

277

270

</para>

278

271

</listitem>

279

272

</varlistentry>

285

278

286

279

287

280

<para>

288

OpenPGP subkey length in bits. Default is 4096.

281

Subkey length in bits. Default is 4096.

289

282

</para>

290

283

</listitem>

291

284

</varlistentry>

329

322

</varlistentry>

330

323

331

324

332

<term><option>--tls-keytype

333

<replaceable>KEYTYPE</replaceable></option></term>

334

<term><option>-T

335

<replaceable>KEYTYPE</replaceable></option></term>

336

337

<para>

338

TLS key type. Default is <quote>ed25519</quote>

339

</para>

340

</listitem>

341

</varlistentry>

342

343

344

325

<term><option>--force</option></term>

345

326

346

327

355

336

356

337

<para>

357

338

Prompt for a password and encrypt it with the key already

358

present in either <filename>/etc/keys/mandos</filename> or

359

the directory specified with the <option>--dir</option>

339

present in either <filename>/etc/mandos</filename> or the

340

directory specified with the <option>--dir</option>

360

341

option. Outputs, on standard output, a section suitable

361

342

for inclusion in <citerefentry><refentrytitle

362

343

>mandos-clients.conf</refentrytitle><manvolnum

402

383

<title>OVERVIEW</title>

403

384

<xi:include href="overview.xml"/>

404

385

<para>

405

This program is a small utility to generate new TLS and OpenPGP

406

keys for new Mandos clients, and to generate sections for

407

inclusion in <filename>clients.conf</filename> on the server.

386

This program is a small utility to generate new OpenPGP keys for

387

new Mandos clients, and to generate sections for inclusion in

388

<filename>clients.conf</filename> on the server.

408

389

</para>

409

390

</refsect1>

410

391

442

423

</para>

443

424

444

425

445

<term><filename>/etc/keys/mandos/seckey.txt</filename></term>

426

<term><filename>/etc/mandos/seckey.txt</filename></term>

446

427

447

428

<para>

448

429

OpenPGP secret key file which will be created or

451

432

</listitem>

452

433

</varlistentry>

453

434

454

<term><filename>/etc/keys/mandos/pubkey.txt</filename></term>

435

<term><filename>/etc/mandos/pubkey.txt</filename></term>

455

436

456

437

<para>

457

438

OpenPGP public key file which will be created or

460

441

</listitem>

461

442

</varlistentry>

462

443

463

<term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>

464

465

<para>

466

Private key file which will be created or overwritten.

467

</para>

468

</listitem>

469

</varlistentry>

470

471

<term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>

472

473

<para>

474

Public key file which will be created or overwritten.

475

</para>

476

</listitem>

477

</varlistentry>

478

479

444

480

445

481

446

<para>

516

481

</informalexample>

517

482

518

483

<para>

519

Prompt for a password, encrypt it with the keys in <filename

520

class="directory">/etc/keys/mandos</filename> and output a

521

section suitable for <filename>clients.conf</filename>.

484

Prompt for a password, encrypt it with the key in <filename

485

class="directory">/etc/mandos</filename> and output a section

486

suitable for <filename>clients.conf</filename>.

522

487

</para>

523

488

<para>

524

489

<userinput>&COMMANDNAME; --password</userinput>

526

491

</informalexample>

527

492

528

493

<para>

529

Prompt for a password, encrypt it with the keys in the

494

Prompt for a password, encrypt it with the key in the

530

495

<filename>client-key</filename> directory and output a section

531

496

suitable for <filename>clients.conf</filename>.

532

497

</para>

Older »