~mdw / become / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1554751)
Update Debianization stuff.
authormdw <mdw>
Sat, 17 Apr 2004 10:54:21 +0000 (10:54 +0000)
committermdw <mdw>
Sat, 17 Apr 2004 10:54:21 +0000 (10:54 +0000)
debian/changelog patch | blob | blame | history
debian/control patch | blob | blame | history
manual/become.texi patch | blob | blame | history

diff --git a/debian/changelog b/debian/changelog
index 17a520e..2418664 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+become (1.4.1) experimental; urgency=low
+
+  * Support elliptic-curve DSA and larger hash functions.
+
+ -- Mark Wooding <mdw@nsict.org>  Sat, 17 Apr 2004 11:54:07 +0100
+
 become (1.4.0) experimental; urgency=low
 
   * Debianization!
 become (1.4.0) experimental; urgency=low
 
   * Debianization!
diff --git a/debian/control b/debian/control
index 405bf5d..98a0046 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: become
 Section: admin
 Priority: extra
 Maintainer: Mark Wooding <mdw@nsict.org>
 Section: admin
 Priority: extra
 Maintainer: Mark Wooding <mdw@nsict.org>
-Build-Depends: mlib (>= 2.0.2), catacomb (>= 2.0.1)
+Build-Depends: mlib (>= 2.0.2), catacomb (>= 2.1.0)
 Standards-Version: 3.1.1
 
 Package: become
 Standards-Version: 3.1.1
 
 Package: become
diff --git a/manual/become.texi b/manual/become.texi
index a08a128..5944e9a 100644 (file)
--- a/manual/become.texi
+++ b/manual/become.texi
@@ -1,6 +1,6 @@
 \input texinfo @c -*-texinfo-*-
 @c
 \input texinfo @c -*-texinfo-*-
 @c
-@c $Id: become.texi,v 1.8 2004/04/08 01:36:20 mdw Exp $
+@c $Id: become.texi,v 1.9 2004/04/17 10:54:21 mdw Exp $
 @c
 @c Documentation for `become'
 @c
 @c
 @c Documentation for `become'
 @c
@@ -1507,7 +1507,7 @@ The key file can be generated using Catacomb's @code{key} program.  The
 commands
 
 @example
 commands
 
 @example
-key -k /etc/become/become.key add -adsa -e"now + 1 year" become-dsa 
+key -k /etc/become/become.key add -adsa -e"now + 1 year" become
 key -k /etc/become/become.key extract -f -secret /etc/become/become.pubkey
 @end example
 
 key -k /etc/become/become.key extract -f -secret /etc/become/become.pubkey
 @end example
 
@@ -1517,6 +1517,17 @@ install the public key on all of your client computers, writable only by
 root.  The private key should be only on the server, and readable or writable
 only by root.
 
 root.  The private key should be only on the server, and readable or writable
 only by root.
 
+You can also use elliptic-curve DSA.  The key-generation runes are more
+complicated in this case.  For example,
+
+@example
+key -k /etc/become/become.key add -aec -Cnist-p256 -e"now + 1 year" \
+    become sig=ecdsa hash=sha256
+@end example
+The @code{hash=sha256} is not required, but it's good to have a hash function
+as strong as your curve.  See the manpage for @code{key} for more details
+about generating elliptic curve keys, and for the kinds of curves supported.
+
 If you have multiple servers, they can all have different private keys.
 You'll need to put all of the public keys in the
 @file{/etc/become/become.pubkey} file. 
 If you have multiple servers, they can all have different private keys.
 You'll need to put all of the public keys in the
 @file{/etc/become/become.pubkey} file. 
Management for shared accounts