+become (1.4.1) experimental; urgency=low
+
+ * Support elliptic-curve DSA and larger hash functions.
+
+ -- Mark Wooding <mdw@nsict.org> Sat, 17 Apr 2004 11:54:07 +0100
+
become (1.4.0) experimental; urgency=low
* Debianization!
Section: admin
Priority: extra
Maintainer: Mark Wooding <mdw@nsict.org>
-Build-Depends: mlib (>= 2.0.2), catacomb (>= 2.0.1)
+Build-Depends: mlib (>= 2.0.2), catacomb (>= 2.1.0)
Standards-Version: 3.1.1
Package: become
\input texinfo @c -*-texinfo-*-
@c
-@c $Id: become.texi,v 1.8 2004/04/08 01:36:20 mdw Exp $
+@c $Id: become.texi,v 1.9 2004/04/17 10:54:21 mdw Exp $
@c
@c Documentation for `become'
@c
commands
@example
-key -k /etc/become/become.key add -adsa -e"now + 1 year" become-dsa
+key -k /etc/become/become.key add -adsa -e"now + 1 year" become
key -k /etc/become/become.key extract -f -secret /etc/become/become.pubkey
@end example
root. The private key should be only on the server, and readable or writable
only by root.
+You can also use elliptic-curve DSA. The key-generation runes are more
+complicated in this case. For example,
+
+@example
+key -k /etc/become/become.key add -aec -Cnist-p256 -e"now + 1 year" \
+ become sig=ecdsa hash=sha256
+@end example
+The @code{hash=sha256} is not required, but it's good to have a hash function
+as strong as your curve. See the manpage for @code{key} for more details
+about generating elliptic curve keys, and for the kinds of curves supported.
+
If you have multiple servers, they can all have different private keys.
You'll need to put all of the public keys in the
@file{/etc/become/become.pubkey} file.