X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/290ddb617fe530512a3496de61318a98ae623fe7..a90d420cbe87490c844ae422c966e746d3134b07:/progs/key.1 diff --git a/progs/key.1 b/progs/key.1 index a2ac3376..f5b64455 100644 --- a/progs/key.1 +++ b/progs/key.1 @@ -373,9 +373,8 @@ The length of the subsidiary key or parameter, in bits. Not all key-generation algorithms have a subsidiary key size. .TP .BI "\-p, \-\-parameters " tag -Selects a key containing parameter values to copy. Not all -key-generation algorithms allow the use of shared parameters. A new key -also inherits attributes from its parameter key. +Selects a key containing parameter values to copy. +A new key also inherits attributes from its parameter key. .TP .BI "\-A, \-\-seedalg " seed-alg Use the deterministic random number generator algorithm @@ -473,6 +472,14 @@ using a passphrase. Suppresses the progress indication which is usually generated while time-consuming key generation tasks are being performed. .TP +.BI "\-E, \-\-public-exponent" +Set the public exponent for RSA keys. +The default is 65537, +because this seems to be the overwhelmingly popular choice +among practitioners +and because it was the exponent used before this option was introduced. +The value 3 is fine unless you use a completely terrible padding scheme. +.TP .BI "\-L, \-\-lim-lee" When generating Diffie\(enHellman parameters, generate a Lim\(enLee prime rather than a random (or safe) prime. See the details on @@ -846,6 +853,42 @@ the public point is then .I x \(mu .IR G . +.TP +.B x25519 +Generate a private scalar and a corresponding public point on the +(Montgomery-form) Curve25519 elliptic curve. +The scalar is simply a random 256-bit string; +the public key is the +.IR x -coordinate +of the corresponding point. +.TP +.B x448 +Generate a private scalar and a corresponding public point on the +(Montgomery-form) Ed448-Goldilocks elliptic curve. +The scalar is simply a random 256-bit string; +the public key is the +.IR x -coordinate +of the corresponding point. +.TP +.B ed25519 +Generate a private key and a corresponding public point on the +(twisted Edwards-form) Curve25519 elliptic curve. +The private key is simply a random 256-bit string, +from which a scalar and secret prefix are derived; +the public key is the compressed form of the corresponding point. +.TP +.B ed448 +Generate a private key and a corresponding public point on the +(Edwards-form) Ed448-Goldilocks elliptic curve. +The private key is simply a random 456-bit string, +from which a scalar and secret prefix are derived; +the public key is the compressed form of the corresponding point. +.TP +.B empty +Generate an empty key, with trivial contents. +This is useful as a `parameters' key, +carrying attributes to be applied to other keys +if they don't require more detailed parameters. .SS "expire" Forces keys to immediately expire. An expired key is not chosen when a program requests a key by its type. The keys to expire are listed by @@ -863,7 +906,12 @@ new tag to be set. If no second argument is given, the existing tag, if any, is removed and no new tag is set. It is an error to set a tag which already exists on another key, unless you give the .B \-r -option, which removes the tag first. +option. +.PP +The following options are recognized. +.TP +.B "\-r, \-\-retag" +Untag the existing key with the desired new tag, if any. .SS "setattr" Attaches attributes to a key. The key to which the attributes should be attached is given by its @@ -918,9 +966,9 @@ keyids, types, expiry and deletion dates, and comments. Additional .RB ` \-v ' options show more information, such as the exact time of day for expiry and deletion, key attributes, and a dump of the actual key data. If the -verbosity level is sufficiently high, passphrases are requested to -decrypt locked keys. Make sure nobody is looking over your shoulder -when you do this! +verbosity level is sufficiently high, secret parts of keys are printed, +and passphrases are requested to decrypt locked keys. Make sure nobody +is looking over your shoulder when you do this! .SS "fingerprint" Reports a fingerprint (secure hash) on components of requested keys. The following options are supported: