opensolaris man page for wanboot_keygen

Opensolaris Man Pages All Man Pages Latest Topics Forum Categories

Query: wanboot_keygen

OS: opensolaris

Section: 1m

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

wanboot_keygen(1M)					  System Administration Commands					wanboot_keygen(1M)


NAME

       wanboot_keygen - create and display client and server keys for WAN booting


SYNOPSIS

       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=3des

       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=aes

       /usr/lib/inet/wanboot/keygen -m

       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=sha1

       /usr/lib/inet/wanboot/keygen -d -m

       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=keytype


DESCRIPTION

       The keygen utility has three purposes:

	   o	  Using the -c flag, to generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys.

	   o	  Using the -m flag, to generate and store a "master" HMAC SHA-1 key for WAN install, and to derive from the master key per-client
		  HMAC SHA-1 hashing keys, in a manner described in RFC 3118, Appendix A.

	   o	  Using the -d flag along with either the -c or -m flag to indicate the key repository, to display a key of type specified by key-
		  type, which must be one of 3des, aes, or sha1.

       The  net  and cid arguments are used to identify a specific client. Both arguments are optional. If the cid option is not provided, the key
       being created or displayed will have a per-network scope. If the net option is not provided, then the key will have a global scope. Default
       net and code values are used to derive an HMAC SHA-1 key if the values are not provided by the user.


OPTIONS

       The following options are supported:

       -c    Generate  and  store per-client 3DES/AES encryption keys, avoiding any DES weak keys. Also generates and stores per-client HMAC SHA-1
	     keys. Used in conjunction with -o.

       -d    Display a key of type specified by keytype, which must be one of 3des, aes, or sha1. Use -d with -m or with -c and -o.

       -m    Generate and store a "master" HMAC SHA-1 key for WAN install.

       -o    Specifies the WANboot client and/or keytype.


EXAMPLES

       Example 1 Generate a Master HMAC SHA-1 Key

	 # keygen -m

       Example 2 Generate and Then Display a Client-Specific Master HMAC SHA-1 Key

	 # keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
	 # keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1

       Example 3 Generate and Display a 3DES Key with a Per-Network Scope

	 # keygen -c -o net=172.16.174.0,type=3des
	 # keygen -d -o net=172.16.174.0,type=3des


EXIT STATUS

       0     Successful operation.

       >0    An error occurred.


ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWwbsup 		   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Obsolete			   |
       +-----------------------------+-----------------------------+


SEE ALSO

       attributes(5)

SunOS 5.11							    18 Apr 2003 						wanboot_keygen(1M)
Related Man Pages
wanboot_keygen(1m) - opensolaris
wanboot_keymgmt(1m) - opensolaris
ickey(1m) - sunos
digest(1) - netbsd
digest(1) - linux
Similar Topics in the Unix Linux Community
Security for network
LANforge FIRE & ICE 5.0.9 (Default branch)
bash/grep/awk/sed: How to extract every appearance of text between two specific strings
3DES encryption
Solaris Routing