[u/mdw/catacomb] / key.1

.\" -*-nroff-*-
.TH key 1 "5 June 1999" Catacomb
.SH NAME
key \- simple key management system
.SH SYNOPSIS
.B key
.RB [ \-k
.IR keyring ]
.I command
.PP
where
.I command
is one of:
.PP
.B add
.RB [ \-b
.IR bits ]
.RB [ \-e
.IR expire ]
.RB [ \-c
.IR comment ]
.I type
.IR attr ...
.br
.B expire
.IR keyid ...
.br
.B delete
.IR keyid ...
.br
.B setattr
.I keyid
.IR attr ...
.br
.B list
.RB [ \-qv ]
.br
.B tidy
.br
.B extract
.I file
.IR keyid ...
.br
.B merge
.I file
.SH DESCRIPTION
The
.B key
command performs useful operations on Catacomb keyring files.  It
provides a number of subcommands, by which the various operations may be
carried out.
.SS "Global options"
Before the command name,
.I "global options"
may be given.  The following global options are supported:
.TP
.B "\-h, \-\-help"
Writes a brief summary of
.BR key 's
various options to standard output, and
returns a successful exit status.
.TP
.B "\-v, \-\-version"
Writes the program's version number to standard output, and returns a
successful exit status.
.TP
.B "\-u, \-\-usage"
Writes a very terse command line summary to standard output, and returns
a successful exit status.
.TP
.BI "\-k, \-\-keyring=" file
Names the keyring file which
.B key
is to process.  The default keyring, used if this option doesn't specify
one, is the file named
.B keyring
in the current directory.  The keyring must be stored in a regular file:
pipes, sockets, devices etc. are not allowed.
The
.B key
program attempts to lock the keyring before accessing it, using
.BR fcntl (2)
locking.  It will however time out after a short while (10 seconds) and
report a failure.
.SS Concepts
In addition to the actual key data itself, a Catacomb key has a number
of other pieces of information attached to it:
.TP
.B keyid
Every key has a 32-bit identifying number, written in hexadecimal.  The
keyid is derived from the actual key contents (although knowledge of a
key's keyid doesn't help one to guess the key itself).  Applications use
keyids to refer to specific keys.  A
.I deleted
key cannot be looked up by keyid.
.TP
.B type
A key's type string describes what the key may be used for.  The type
string is arbitrary, except that it may not contain whitespace
characters.  Applications use key types to obtain an arbitrary but
suitable key for some purpose.  An
.I expired
key cannot be looked up by type, but may be looked up by keyid.
.TP
.B "expiry time"
Most keys expire after a certain amount of time.  Once a key has
expired, it will no longer be chosen as a result of a lookup by key
type.  However, it is not deleted until its deletion time is also
reached.
.TP
.B "deletion time"
A key's deletion time is the latest expiry time of any of the objects
which require that key.  For example, a key used for authenticating
cryptographic cookies should have its deletion time set to the longest
expiry time of any of the cookies it can authenticate.  A key is never
deleted until it has also expired.  Once a key has expired
.I and
its deletion time is passed, it can no longer be referred to by
applications, and will be removed from the keyring next time it's
written to disk.
.TP
.B comment
A key may be given a comment when it's created.  The comment is for the
benefit of users, and isn't interpreted by applications at all.
(Hopefully.)
.TP
.B attributes
A key as zero or more name/value pairs.  The names and values are
arbitrary strings, except they may not contain null bytes.  Some
attributes may have meaning for particular applications or key types;
others may be assigned global meanings in future.
.SH "COMMAND REFERENCE"
.SS add
The
.B add
command creates a new key and adds it to the keyring.  The command
accepts the following options:
.TP
.BI "\-b, \-\-bits=" bits
The length of the key to generate, in bits.  The default, if this option
is not supplied, is 128 bits.  The bit length must be nonzero, and must
be a multiple of 8.
.TP
.BI "\-e, \-\-expire=" expire
The expiry date for the generated key.  This may be the string
.RB ` forever '
if the key should never expire automatically, or any date acceptable to
the
.BR getdate (3)
library function.  Briefly,
.B getdate
understands absolute dates such as
.RB ` 1999-08-02 '
or
.RB ` "August 2nd, 1999" ',
and (perhaps more usefully) relative dates such as
.RB ` "+2 weeks" '.
The default is to allow a 2 week expiry, which isn't useful.
.TP
.BI "\-c, \-\-comment=" comment
Sets a comment for the key.  The default is not to attach a comment.
.PP
The key's type is given by the required
.I type
argument.  Following the type are zero or more attributes, which are
attached to the key in the same way as for the
.B setattr
command.
.PP
The
.B key
program only generates random bitstrings, which are suitable for most
symmetric algorithms but not for public key cryptography.  Generating
keys for more exotic algorithms is a feature which will be added later.
The keys are generated using the Catacomb random number generator, using
the
.B rand_goodbits
function.  The Catacomb generator is believed to be strong.
.SS expire
Forces keys to immediately expire.  An expired key is not chosen when a
program requests a key by its type.  The keys to expire are listed by
their
.IR keyid s.
.SS delete
Deletes keys immediately.  The keys to delete are listed by their
.IR keyid s.
Be careful when deleting keys.  It might be a better idea
to expire keys rather than deleting them.
.SS setattr
Attaches attributes to a key.  The key to which the attributes should be
attached is given by its
.IR keyid .
Each attribute has the form
.IB name = value\fR.
An attribute can be deleted by assigning it an empty value.  Although
the keyring file format is capable of representing an attribute with an
empty value as distinct from a nonexistant attribute, this interface
does not allow empty attributes to be set.
.SS list
Lists the keys in the keyring.  A couple of options are supported:
.TP
.B "\-v, \-\-verbose"
Increases the amount of information displayed for each key.  Repeat for
a greater effect.
.TP
.B "\-q, \-\-quiet"
Decreases the amount of information displayed for each key.  Each use
cancels a
.RB ` \-v '
option.
.PP
By default, a single line of output is generated for each, showing
keyids, types, expiry and deletion dates, and comments.  Additional
.RB ` \-v '
options show more information, such as the exact time of day for expiry
and deletion, key attributes, and a hex dump of the actual key data.
.SS tidy
Simply reads the keyring from file and writes it back again.  This has
the effect of removing any deleted keys from the file.
.SS extract
Writes a selection of keys to the named
.IR file ,
which may be
.RB ` \- '
to designate standard output.  The keys to extract are listed by their
.IR keyid s.
The output is a valid keyring file.
.SS merge
Merges the keys from the named
.IR file ,
which may be
.RB ` \- '
to designate standard input, with the keyring.  Keys already in the
keyring are not overwritten: you must explicitly remove them first if
you want them to be replaced during the merge.
.SH BUGS
The ability to generate keys for specific algorithms ought to be added,
for DES (setting the parity bits correctly), RSA, ElGamal and DSA, at
the very least.  (None of these systems are actually implemented in
Catacomb at the moment, however.)
.SH "SEE ALSO"
.BR keyring (5).
.SH AUTHOR
Mark Wooding, <mdw@nsict.org>
Commit	Line	Data
d03ab969	1	.\" --nroff--
	2	.TH key 1 "5 June 1999" Catacomb
	3	.SH NAME
	4	key \- simple key management system
	5	.SH SYNOPSIS
	6	.B key
	7	.RB [ \-k
	8	.IR keyring ]
	9	.I command
	10	.PP
	11	where
	12	.I command
	13	is one of:
	14	.PP
	15	.B add
	16	.RB [ \-b
	17	.IR bits ]
	18	.RB [ \-e
	19	.IR expire ]
	20	.RB [ \-c
	21	.IR comment ]
	22	.I type
	23	.IR attr ...
	24	.br
	25	.B expire
	26	.IR keyid ...
	27	.br
	28	.B delete
	29	.IR keyid ...
	30	.br
	31	.B setattr
	32	.I keyid
	33	.IR attr ...
	34	.br
	35	.B list
	36	.RB [ \-qv ]
	37	.br
	38	.B tidy
	39	.br
	40	.B extract
	41	.I file
	42	.IR keyid ...
	43	.br
	44	.B merge
	45	.I file
	46	.SH DESCRIPTION
	47	The
	48	.B key
	49	command performs useful operations on Catacomb keyring files. It
	50	provides a number of subcommands, by which the various operations may be
	51	carried out.
	52	.SS "Global options"
	53	Before the command name,
	54	.I "global options"
	55	may be given. The following global options are supported:
	56	.TP
	57	.B "\-h, \-\-help"
	58	Writes a brief summary of
	59	.BR key 's
	60	various options to standard output, and
	61	returns a successful exit status.
	62	.TP
	63	.B "\-v, \-\-version"
	64	Writes the program's version number to standard output, and returns a
65	successful exit status.
66	.TP
67	.B "\-u, \-\-usage"
68	Writes a very terse command line summary to standard output, and returns
69	a successful exit status.
70	.TP
71	.BI "\-k, \-\-keyring=" file
72	Names the keyring file which
73	.B key
74	is to process. The default keyring, used if this option doesn't specify
75	one, is the file named
76	.B keyring
77	in the current directory. The keyring must be stored in a regular file:
78	pipes, sockets, devices etc. are not allowed.
79	The
80	.B key
81	program attempts to lock the keyring before accessing it, using
82	.BR fcntl (2)
83	locking. It will however time out after a short while (10 seconds) and
84	report a failure.
85	.SS Concepts
86	In addition to the actual key data itself, a Catacomb key has a number
87	of other pieces of information attached to it:
88	.TP
89	.B keyid
90	Every key has a 32-bit identifying number, written in hexadecimal. The
91	keyid is derived from the actual key contents (although knowledge of a
92	key's keyid doesn't help one to guess the key itself). Applications use
93	keyids to refer to specific keys. A
94	.I deleted
95	key cannot be looked up by keyid.
96	.TP
97	.B type
98	A key's type string describes what the key may be used for. The type
99	string is arbitrary, except that it may not contain whitespace
100	characters. Applications use key types to obtain an arbitrary but
101	suitable key for some purpose. An
102	.I expired
103	key cannot be looked up by type, but may be looked up by keyid.
104	.TP
105	.B "expiry time"
106	Most keys expire after a certain amount of time. Once a key has
107	expired, it will no longer be chosen as a result of a lookup by key
108	type. However, it is not deleted until its deletion time is also
109	reached.
110	.TP
111	.B "deletion time"
112	A key's deletion time is the latest expiry time of any of the objects
113	which require that key. For example, a key used for authenticating
114	cryptographic cookies should have its deletion time set to the longest
115	expiry time of any of the cookies it can authenticate. A key is never
116	deleted until it has also expired. Once a key has expired
117	.I and
118	its deletion time is passed, it can no longer be referred to by
119	applications, and will be removed from the keyring next time it's
120	written to disk.
121	.TP
122	.B comment
123	A key may be given a comment when it's created. The comment is for the
124	benefit of users, and isn't interpreted by applications at all.
125	(Hopefully.)
126	.TP
127	.B attributes
128	A key as zero or more name/value pairs. The names and values are
129	arbitrary strings, except they may not contain null bytes. Some
130	attributes may have meaning for particular applications or key types;
131	others may be assigned global meanings in future.
132	.SH "COMMAND REFERENCE"
133	.SS add
134	The
135	.B add
136	command creates a new key and adds it to the keyring. The command
137	accepts the following options:
138	.TP
139	.BI "\-b, \-\-bits=" bits
140	The length of the key to generate, in bits. The default, if this option
141	is not supplied, is 128 bits. The bit length must be nonzero, and must
142	be a multiple of 8.
143	.TP
144	.BI "\-e, \-\-expire=" expire
145	The expiry date for the generated key. This may be the string
146	.RB ` forever '
147	if the key should never expire automatically, or any date acceptable to
148	the
149	.BR getdate (3)
150	library function. Briefly,
151	.B getdate
152	understands absolute dates such as
153	.RB ` 1999-08-02 '
154	or
155	.RB ` "August 2nd, 1999" ',
156	and (perhaps more usefully) relative dates such as
157	.RB ` "+2 weeks" '.
158	The default is to allow a 2 week expiry, which isn't useful.
159	.TP
160	.BI "\-c, \-\-comment=" comment
161	Sets a comment for the key. The default is not to attach a comment.
162	.PP
163	The key's type is given by the required
164	.I type
165	argument. Following the type are zero or more attributes, which are
166	attached to the key in the same way as for the
167	.B setattr
168	command.
169	.PP
170	The
171	.B key
172	program only generates random bitstrings, which are suitable for most
173	symmetric algorithms but not for public key cryptography. Generating
174	keys for more exotic algorithms is a feature which will be added later.
175	The keys are generated using the Catacomb random number generator, using
176	the
177	.B rand_goodbits
178	function. The Catacomb generator is believed to be strong.
179	.SS expire
180	Forces keys to immediately expire. An expired key is not chosen when a
181	program requests a key by its type. The keys to expire are listed by
182	their
183	.IR keyid s.
184	.SS delete
185	Deletes keys immediately. The keys to delete are listed by their
186	.IR keyid s.
187	Be careful when deleting keys. It might be a better idea
188	to expire keys rather than deleting them.
189	.SS setattr
190	Attaches attributes to a key. The key to which the attributes should be
191	attached is given by its
192	.IR keyid .
193	Each attribute has the form
194	.IB name = value\fR.
195	An attribute can be deleted by assigning it an empty value. Although
196	the keyring file format is capable of representing an attribute with an
197	empty value as distinct from a nonexistant attribute, this interface
198	does not allow empty attributes to be set.
199	.SS list
200	Lists the keys in the keyring. A couple of options are supported:
201	.TP
202	.B "\-v, \-\-verbose"
203	Increases the amount of information displayed for each key. Repeat for
204	a greater effect.
205	.TP
206	.B "\-q, \-\-quiet"
207	Decreases the amount of information displayed for each key. Each use
208	cancels a
209	.RB ` \-v '
210	option.
211	.PP
212	By default, a single line of output is generated for each, showing
213	keyids, types, expiry and deletion dates, and comments. Additional
214	.RB ` \-v '
215	options show more information, such as the exact time of day for expiry
216	and deletion, key attributes, and a hex dump of the actual key data.
217	.SS tidy
218	Simply reads the keyring from file and writes it back again. This has
219	the effect of removing any deleted keys from the file.
220	.SS extract
221	Writes a selection of keys to the named
222	.IR file ,
223	which may be
224	.RB ` \- '
225	to designate standard output. The keys to extract are listed by their
226	.IR keyid s.
227	The output is a valid keyring file.
228	.SS merge
229	Merges the keys from the named
230	.IR file ,
231	which may be
232	.RB ` \- '
233	to designate standard input, with the keyring. Keys already in the
234	keyring are not overwritten: you must explicitly remove them first if
235	you want them to be replaced during the merge.
236	.SH BUGS
237	The ability to generate keys for specific algorithms ought to be added,
238	for DES (setting the parity bits correctly), RSA, ElGamal and DSA, at
239	the very least. (None of these systems are actually implemented in
240	Catacomb at the moment, however.)
241	.SH "SEE ALSO"
242	.BR keyring (5).
243	.SH AUTHOR
244	Mark Wooding, <mdw@nsict.org>
245