src/become.c: Reintroduce missing newline in usage message.

[become] / manual / become.texi

diff --git a/manual/become.texi b/manual/become.texi
index 6097465..5944e9a 100644 (file)
--- a/manual/become.texi
+++ b/manual/become.texi
@@ -1,40 +1,12 @@
 \input texinfo @c -*-texinfo-*-
 @c
 \input texinfo @c -*-texinfo-*-
 @c

-@c $Id: become.texi,v 1.7 2003/11/29 23:39:16 mdw Exp $
+@c $Id: become.texi,v 1.9 2004/04/17 10:54:21 mdw Exp $

 @c
 @c Documentation for `become'
 @c
 @c (c) 1998 EBI
 @c
 
 @c
 @c Documentation for `become'
 @c
 @c (c) 1998 EBI
 @c
 

-@c ----- Revision history ---------------------------------------------------
-@c
-@c $Log: become.texi,v $
-@c Revision 1.7  2003/11/29 23:39:16  mdw
-@c Debianization.
-@c
-@c Revision 1.6  2003/10/26 11:57:46  mdw
-@c Fix key reloading core dumps.  Change advice on keys.
-@c
-@c Revision 1.5  2003/10/12 00:14:49  mdw
-@c Major overhaul.  Now uses DSA signatures rather than the bogus symmetric
-@c encrypt-and-hope thing.  Integrated with mLib and Catacomb.
-@c
-@c Revision 1.4  1998/04/23 13:16:14  mdw
-@c Include `texinice' to produce decent printed output.  Add documentation
-@c for new `bcquery' program.  Various fixes, including spelling mistakes,
-@c and some factual inaccuracies.
-@c
-@c Revision 1.3  1998/01/20 14:37:43  mdw
-@c Fix typo.  Short form of `--preserve' should be `-e', not `-p'.
-@c
-@c Revision 1.2  1998/01/12 16:41:31  mdw
-@c Tidying for new release versions.  Fix copyright date.
-@c
-@c Revision 1.1  1997/09/18 11:16:34  mdw
-@c Brand new Texinfo manual, with wider scope than the original LaTeX one.
-@c
-

 @c ----- Standard boilerplate -----------------------------------------------
 
 @c %**start of header
 @c ----- Standard boilerplate -----------------------------------------------
 
 @c %**start of header


@@ -1535,7 +1507,7 @@ The key file can be generated using Catacomb's @code{key} program.  The
 commands
 
 @example
 commands
 
 @example

-key -k /etc/become/become.key add -adsa -e"now + 1 year" become-dsa 
+key -k /etc/become/become.key add -adsa -e"now + 1 year" become

 key -k /etc/become/become.key extract -f -secret /etc/become/become.pubkey
 @end example
 
 key -k /etc/become/become.key extract -f -secret /etc/become/become.pubkey
 @end example
 


@@ -1545,6 +1517,17 @@ install the public key on all of your client computers, writable only by
 root.  The private key should be only on the server, and readable or writable
 only by root.
 
 root.  The private key should be only on the server, and readable or writable
 only by root.
 

+You can also use elliptic-curve DSA.  The key-generation runes are more
+complicated in this case.  For example,
+
+@example
+key -k /etc/become/become.key add -aec -Cnist-p256 -e"now + 1 year" \
+    become sig=ecdsa hash=sha256
+@end example
+The @code{hash=sha256} is not required, but it's good to have a hash function
+as strong as your curve.  See the manpage for @code{key} for more details
+about generating elliptic curve keys, and for the kinds of curves supported.
+

 If you have multiple servers, they can all have different private keys.
 You'll need to put all of the public keys in the
 @file{/etc/become/become.pubkey} file. 
 If you have multiple servers, they can all have different private keys.
 You'll need to put all of the public keys in the
 @file{/etc/become/become.pubkey} file.