/mandos/trunk : revision 951

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files added:
initramfs-tools-hook-conf

files removed:
initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.postinst

debian/mandos-client.postrm

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY TIMESTAMP "2018-02-08">

<!ENTITY % common SYSTEM "common.ent">

%common;

127

</group>

128

<sbr/>

129

<group>

130

<arg choice="plain"><option>--tls-keytype

131

<replaceable>KEYTYPE</replaceable></option></arg>

132

<arg choice="plain"><option>-T

133

<replaceable>KEYTYPE</replaceable></option></arg>

134

</group>

135

<sbr/>

136

<group>

137

130

<arg choice="plain"><option>--force</option></arg>

138

131

139

132

</group>

187

180

<title>DESCRIPTION</title>

188

181

<para>

189

182

<command>&COMMANDNAME;</command> is a program to generate the

190

TLS and OpenPGP keys used by

183

OpenPGP key used by

191

184

<citerefentry><refentrytitle>mandos-client</refentrytitle>

192

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

193

normally written to /etc/keys/mandos for later installation into

194

the initrd image, but this, and most other things, can be

195

changed with command line options.

185

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

186

normally written to /etc/mandos for later installation into the

187

initrd image, but this, and most other things, can be changed

188

with command line options.

196

189

</para>

197

190

<para>

198

191

This program can also be used with the

235

228

<replaceable>DIRECTORY</replaceable></option></term>

236

229

237

230

<para>

238

Target directory for key files. Default is <filename

239

class="directory">/etc/keys/mandos</filename>.

231

Target directory for key files. Default is

232

<filename class="directory">/etc/mandos</filename>.

240

233

</para>

241

234

</listitem>

242

235

</varlistentry>

248

241

249

242

250

243

<para>

251

OpenPGP key type. Default is <quote>RSA</quote>.

244

Key type. Default is <quote>RSA</quote>.

252

245

</para>

253

246

</listitem>

254

247

</varlistentry>

260

253

261

254

262

255

<para>

263

OpenPGP key length in bits. Default is 4096.

256

Key length in bits. Default is 4096.

264

257

</para>

265

258

</listitem>

266

259

</varlistentry>

272

265

<replaceable>KEYTYPE</replaceable></option></term>

273

266

274

267

<para>

275

OpenPGP subkey type. Default is <quote>RSA</quote>

268

Subkey type. Default is <quote>RSA</quote> (Elgamal

269

encryption-only).

276

270

</para>

277

271

</listitem>

278

272

</varlistentry>

284

278

285

279

286

280

<para>

287

OpenPGP subkey length in bits. Default is 4096.

281

Subkey length in bits. Default is 4096.

288

282

</para>

289

283

</listitem>

290

284

</varlistentry>

328

322

</varlistentry>

329

323

330

324

331

<term><option>--tls-keytype

332

<replaceable>KEYTYPE</replaceable></option></term>

333

<term><option>-T

334

<replaceable>KEYTYPE</replaceable></option></term>

335

336

<para>

337

TLS key type. Default is <quote>ed25519</quote>

338

</para>

339

</listitem>

340

</varlistentry>

341

342

343

325

<term><option>--force</option></term>

344

326

345

327

354

336

355

337

<para>

356

338

Prompt for a password and encrypt it with the key already

357

present in either <filename>/etc/keys/mandos</filename> or

358

the directory specified with the <option>--dir</option>

339

present in either <filename>/etc/mandos</filename> or the

340

directory specified with the <option>--dir</option>

359

341

option. Outputs, on standard output, a section suitable

360

342

for inclusion in <citerefentry><refentrytitle

361

343

>mandos-clients.conf</refentrytitle><manvolnum

401

383

<title>OVERVIEW</title>

402

384

<xi:include href="overview.xml"/>

403

385

<para>

404

This program is a small utility to generate new TLS and OpenPGP

405

keys for new Mandos clients, and to generate sections for

406

inclusion in <filename>clients.conf</filename> on the server.

386

This program is a small utility to generate new OpenPGP keys for

387

new Mandos clients, and to generate sections for inclusion in

388

<filename>clients.conf</filename> on the server.

407

389

</para>

408

390

</refsect1>

409

391

441

423

</para>

442

424

443

425

444

<term><filename>/etc/keys/mandos/seckey.txt</filename></term>

426

<term><filename>/etc/mandos/seckey.txt</filename></term>

445

427

446

428

<para>

447

429

OpenPGP secret key file which will be created or

450

432

</listitem>

451

433

</varlistentry>

452

434

453

<term><filename>/etc/keys/mandos/pubkey.txt</filename></term>

435

<term><filename>/etc/mandos/pubkey.txt</filename></term>

454

436

455

437

<para>

456

438

OpenPGP public key file which will be created or

459

441

</listitem>

460

442

</varlistentry>

461

443

462

<term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>

463

464

<para>

465

Private key file which will be created or overwritten.

466

</para>

467

</listitem>

468

</varlistentry>

469

470

<term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>

471

472

<para>

473

Public key file which will be created or overwritten.

474

</para>

475

</listitem>

476

</varlistentry>

477

478

444

479

445

480

446

<para>

515

481

</informalexample>

516

482

517

483

<para>

518

Prompt for a password, encrypt it with the keys in <filename

519

class="directory">/etc/keys/mandos</filename> and output a

520

section suitable for <filename>clients.conf</filename>.

484

Prompt for a password, encrypt it with the key in <filename

485

class="directory">/etc/mandos</filename> and output a section

486

suitable for <filename>clients.conf</filename>.

521

487

</para>

522

488

<para>

523

489

<userinput>&COMMANDNAME; --password</userinput>

525

491

</informalexample>

526

492

527

493

<para>

528

Prompt for a password, encrypt it with the keys in the

494

Prompt for a password, encrypt it with the key in the

529

495

<filename>client-key</filename> directory and output a section

530

496

suitable for <filename>clients.conf</filename>.

531

497

</para>

Older »