. ds ue
. ds *b \fIbeta\fP
.\}
+.de VS
+.sp 1
+.RS
+.nf
+.ft B
+..
+.de VE
+.ft R
+.fi
+.RE
+.sp 1
+..
.TH key 1 "5 June 1999" "Straylight/Edgeware" "Catacomb cryptographic library"
.SH NAME
key \- simple key management system
.I command
is one of:
.PP
+.B help
+.RI [ command ...]
+.br
+.B show
+.RI [ item ...]
+.br
.B add
.RB [ \-lqrLS ]
.RB [ \-a
.IR tag ]
.br
\h'8n'
+.RB [ \-A
+.IR seed-alg ]
+.RB [ \-s
+.IR seed ]
+.RB [ \-n
+.IR bits ]
+.br
+\h'8n'
.RB [ \-e
.IR expire ]
.RB [ \-t
.I "global options"
may be given. The following global options are supported:
.TP
-.BR "\-h, \-\-help " [ \fIcommand ]
+.BR "\-h, \-\-help " [ \fIcommand ...]
Writes a brief summary of
.BR key 's
various options to standard output, and
-returns a successful exit status. With a command name, gives help on
-that command.
+returns a successful exit status. With command names, gives help on
+those commands.
.TP
.B "\-v, \-\-version"
Writes the program's version number to standard output, and returns a
attributes may have meaning for particular applications or key types;
others may be assigned global meanings in future.
.SH "COMMAND REFERENCE"
+.SS help
+The
+.B help
+command behaves exactly as the
+.B \-\-help
+option. With no arguments, it shows an overview of
+.BR key 's
+options; with arguments, it describes the named subcommands.
+.SS show
+The
+.B show
+command prints various lists of tokens understood by
+.BR key .
+With no arguments, it prints all of the lists; with arguments, it prints
+just the named lists, in order. The recognized lists can be enumerated
+using the
+.VS
+key show list
+.VE
+command. The lists are as follows.
+.TP
+.B list
+The lists which can be enumerated by the
+.B show
+command.
+.TP
+.B hash
+The hash functions which can be used with the
+.B fingerprint
+command.
+.TP
+.B ec
+The built-in elliptic curves which can be used with the
+.B add \-a ec
+command.
+.TP
+.B dh
+The built-in Diffie-Hellman groups which can be used with the
+.B add \-a dh
+command.
+.TP
+.B keygen
+The key-generation algorithms which are acceptable to the
+.B \-a
+option of the
+.B add
+command.
+.TP
+.B seed
+The pseudorandom generators which are acceptable to the
+.B \-s
+option of the
+.B add
+command.
.SS add
The
.B add
.BI "\-a, \-\-algorithm " alg
Selects a key generation algorithm. The default algorithm is
.BR binary ;
-the different algorithms are described below.
+the different algorithms are described below. The command
+.B key show keygen
+lists the recognized key-generation algorithms.
.TP
.BI "\-b, \-\-bits " bits
The length of the key to generate, in bits. The default, if this option
key-generation algorithms allow the use of shared parameters. A new key
also inherits attributes from its parameter key.
.TP
+.BI "\-A, \-\-seedalg " seed-alg
+Use the deterministic random number generator algorithm
+.I seed-alg
+to generate the key. Use
+.I before
+the
+.B \-s
+or
+.B \-n
+options; without one of these,
+.B \-A
+has no effect. The default algorithm is
+.BR rmd160-mgf .
+The command
+.B key show seed
+shows a list of recognized seeding algorithms. The seeding algorithm
+used to generate a key is recorded as the key's
+.B seedalg
+attribute.
+.TP
+.BI "\-s, \-\-seed " seed
+Generate the key deterministically using the given
+.IR seed ,
+which should be a Base64-encoded binary string. This is mainly useful
+for parameters keys (types
+.BR dsa-param
+and
+.BR dh-param ),
+to demonstrate that a set of parameters has been generated in an honest
+fashion. The
+.B dsarand
+generation algorithm can be used to generate
+.B dsa-param
+keys as required by FIPS186. The requested seed is recorded,
+Base64-encoded, as the new key's
+.B seed
+attribute.
+.TP
+.BI "\-n, \-\-newseed " bits
+Generate a new seed, with the given length in
+.IR bits .
+The generated seed is recorded, Base64-encoded, as the new key's
+.B seed
+attribute.
+.TP
.BI "\-e, \-\-expire " expire
The expiry date for the generated key. This may be the string
.RB ` forever '