From: mdw Date: Sat, 17 Apr 2004 10:54:21 +0000 (+0000) Subject: Update Debianization stuff. X-Git-Url: https://git.distorted.org.uk/~mdw/become/commitdiff_plain/ac67be2ec5a39ccfef5bdacd7975e874952eaa33 Update Debianization stuff. --- diff --git a/debian/changelog b/debian/changelog index 17a520e..2418664 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +become (1.4.1) experimental; urgency=low + + * Support elliptic-curve DSA and larger hash functions. + + -- Mark Wooding Sat, 17 Apr 2004 11:54:07 +0100 + become (1.4.0) experimental; urgency=low * Debianization! diff --git a/debian/control b/debian/control index 405bf5d..98a0046 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: become Section: admin Priority: extra Maintainer: Mark Wooding -Build-Depends: mlib (>= 2.0.2), catacomb (>= 2.0.1) +Build-Depends: mlib (>= 2.0.2), catacomb (>= 2.1.0) Standards-Version: 3.1.1 Package: become diff --git a/manual/become.texi b/manual/become.texi index a08a128..5944e9a 100644 --- a/manual/become.texi +++ b/manual/become.texi @@ -1,6 +1,6 @@ \input texinfo @c -*-texinfo-*- @c -@c $Id: become.texi,v 1.8 2004/04/08 01:36:20 mdw Exp $ +@c $Id: become.texi,v 1.9 2004/04/17 10:54:21 mdw Exp $ @c @c Documentation for `become' @c @@ -1507,7 +1507,7 @@ The key file can be generated using Catacomb's @code{key} program. The commands @example -key -k /etc/become/become.key add -adsa -e"now + 1 year" become-dsa +key -k /etc/become/become.key add -adsa -e"now + 1 year" become key -k /etc/become/become.key extract -f -secret /etc/become/become.pubkey @end example @@ -1517,6 +1517,17 @@ install the public key on all of your client computers, writable only by root. The private key should be only on the server, and readable or writable only by root. +You can also use elliptic-curve DSA. The key-generation runes are more +complicated in this case. For example, + +@example +key -k /etc/become/become.key add -aec -Cnist-p256 -e"now + 1 year" \ + become sig=ecdsa hash=sha256 +@end example +The @code{hash=sha256} is not required, but it's good to have a hash function +as strong as your curve. See the manpage for @code{key} for more details +about generating elliptic curve keys, and for the kinds of curves supported. + If you have multiple servers, they can all have different private keys. You'll need to put all of the public keys in the @file{/etc/become/become.pubkey} file.