'\" te .\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH WANBOOT_KEYGEN 1M "Apr 18, 2003" .SH NAME wanboot_keygen \- create and display client and server keys for WAN booting .SH SYNOPSIS .LP .nf \fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=3des .fi .LP .nf \fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=aes .fi .LP .nf \fB/usr/lib/inet/wanboot/keygen\fR \fB-m\fR .fi .LP .nf \fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=sha1 .fi .LP .nf \fB/usr/lib/inet/wanboot/keygen\fR \fB-d\fR \fB-m\fR .fi .LP .nf \fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=\fIkeytype\fR .fi .SH DESCRIPTION .sp .LP The \fBkeygen\fR utility has three purposes: .RS +4 .TP .ie t \(bu .el o Using the \fB-c\fR flag, to generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys. .RE .RS +4 .TP .ie t \(bu .el o Using the \fB-m\fR flag, to generate and store a "master" HMAC SHA-1 key for WAN install, and to derive from the master key per-client HMAC SHA-1 hashing keys, in a manner described in RFC 3118, Appendix A. .RE .RS +4 .TP .ie t \(bu .el o Using the \fB-d\fR flag along with either the \fB-c\fR or \fB-m\fR flag to indicate the key repository, to display a key of type specified by \fIkeytype\fR, which must be one of \fB3des\fR, \fBaes\fR, or \fBsha1\fR. .RE .sp .LP The \fBnet\fR and \fBcid\fR arguments are used to identify a specific client. Both arguments are optional. If the \fBcid\fR option is not provided, the key being created or displayed will have a per-network scope. If the \fBnet\fR option is not provided, then the key will have a global scope. Default net and code values are used to derive an HMAC SHA-1 key if the values are not provided by the user. .SH OPTIONS .sp .LP The following options are supported: .sp .ne 2 .na \fB\fB-c\fR\fR .ad .RS 6n Generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys. Also generates and stores per-client HMAC SHA-1 keys. Used in conjunction with \fB-o\fR. .RE .sp .ne 2 .na \fB\fB-d\fR\fR .ad .RS 6n Display a key of type specified by \fIkeytype\fR, which must be one of \fB3des\fR, \fBaes\fR, or \fBsha1\fR. Use \fB-d\fR with \fB-m\fR or with \fB-c\fR and \fB-o\fR. .RE .sp .ne 2 .na \fB\fB-m\fR\fR .ad .RS 6n Generate and store a "master" HMAC SHA-1 key for WAN install. .RE .sp .ne 2 .na \fB\fB-o\fR\fR .ad .RS 6n Specifies the WANboot client and/or keytype. .RE .SH EXAMPLES .LP \fBExample 1 \fRGenerate a Master HMAC SHA-1 Key .sp .in +2 .nf # keygen -m .fi .in -2 .sp .LP \fBExample 2 \fRGenerate and Then Display a Client-Specific Master HMAC SHA-1 Key .sp .in +2 .nf # keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1 # keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1 .fi .in -2 .sp .LP \fBExample 3 \fRGenerate and Display a 3DES Key with a Per-Network Scope .sp .in +2 .nf # keygen -c -o net=172.16.174.0,type=3des # keygen -d -o net=172.16.174.0,type=3des .fi .in -2 .sp .SH EXIT STATUS .sp .ne 2 .na \fB\fB0\fR\fR .ad .RS 6n Successful operation. .RE .sp .ne 2 .na \fB\fB>0\fR\fR .ad .RS 6n An error occurred. .RE .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS box; c | c l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE _ Interface Stability Obsolete .TE .SH SEE ALSO .sp .LP \fBattributes\fR(5)