The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

keypkg (1)
  • >> keypkg (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • 
    NAME
         keypkg - create, delete, modify, and view key package
    
    SYNOPSIS
         keypkg -A [-h [-L virtual_host]] [-s | -v] [input_file]
    
         keypkg -C [-h] [-s | -v] [-e [public_exponent] [-l key_size]
         [-k keypkg_owner]
    
         keypkg -D [-h [-L virtual_host]] [-s | -v]
    
         keypkg -D -k keypkg_owner [-s | -v]
    
         keypkg -F [-s | -v] [-h [-L virtual_host]] [output_file]
    
         keypkg -G [-h [-L virtual_host]] [-s | -v]
    
         keypkg -P [-h [-L virtual_host]] [-s | -v]
    
         keypkg -R [-h [-L virtual_host]] [-s | -v]
         [-a authority -n number | -t trusted_key_owner]
    
    AVAILABILITY
         SUNWski
    
    DESCRIPTION
         A key package contains the public and private key components
         of an RSA keypair, the owner's identity (X.500 distinguished
         name), a list of trusted public keys, and a  digital  signa-
         ture  computed over the key package contents.  Each entry in
         the list of trusted public keys contains a  public  key  and
         the identity (X.500 Distinguished Name) of its owner.
    
         The trusted key list initially contains the user's own  pub-
         lic  key.   The  trusted key list in a user's key package is
         accessed when the user validates a digital signature and its
         supporting certificate chain (see skiverify(1)), in order to
         determine if the certificate chain contains any public  keys
         trusted  by  the user; if the user does not trust any of the
         public keys in the received chain, the verification  of  the
         digital signature fails.
    
         The private key component of the key package  is  stored  in
         encrypted  form in the key package, using triple DES encryp-
         tion.  keypkg will prompt the user for his or her encryption
         password.
    
         Before the private key of the generated key package  can  be
         used, it must be registered with the SKI keyserver using the
         skilogin(1) command.
    
    
         The key package is stored in the  configured  name  service,
         such as NIS or NIS+.
    
      Creating a key package
         The keypkg -C utility generates an RSA keypair and places it
         (along  with the information described below) in a container
         referred to as the key package.  The key package is automat-
         ically stored into the configured naming service.
    
         keypkg_owner identifies the owner of the key package in  the
         form  of  an X.500 distinguished name (for example, "cn=john
         smith, o=sun microsystems, c=us").
    
      Adding trusted public keys to your key package
         The keypkg -A command adds the public keys of  one  or  more
         certificates  to a user's or host's key package.  The certi-
         ficates are read from input_file, which is the path name  of
         a regular file.  Each certificate must be provided in print-
         able encoding format as  defined  by  the  Internet  RFC1421
         standard,  and  may be created using the skicert(1) utility.
         Each certificate must be bounded at the beginning by:
         "-----BEGIN CERTIFICATE-----",
         and bounded at the end by
         "-----END CERTIFICATE-----".
         Each of the  boundaries  must  be  followed  by  a  NEWLINE.
         Please  refer  to  the  example  below.  If no input file is
         given, the certificates are read from stdin.
    
         The certificates whose public keys are being  added  to  the
         key  package  are  assumed  to have already been verified by
         some out-of-band mechanism (for example,  by  comparing  the
         digest of the received certificate with the digest generated
         by the  trusted  source  which  provided  the  certificate).
         Therefore, no cryptographic checks are applied to the certi-
         ficates before their public key information is added to  the
         list of trusted public keys in the key package.
    
         Adding public keys to a key package allows users to securely
         communicate  with  others who do not exist within their cer-
         tification domain.  In this  context,  the  key  package  is
         essentially being used as a "public key ring".
    
         Note: If another user's private key has been compromised and
         the  certificate  for  the  public key has been revoked, the
         keypkg -R command should be used to delete that  public  key
         from the list of trusted public keys.
    
         keypkg -A requires that the user has registered his  or  her
         private key with the SKI keyserver (see skilogin(1)).
    
      Deleting a key package
         The keypkg -D command deletes a user's or host's key package
         from the name service.  keypkg -D must be executed by a sys-
         tem administrator.  The system administrator does  not  have
         to enter the key package password to delete the key package.
         If the key package owner had previously performed a skilogin
         (1), then a duplicate copy of the key package was registered
         with skiserv (1M) under that user.  The system administrator
         should inform the user to skilogout (1).
    
      Storing a key package in a file
         The keypkg -F command retrieves a user's or host's key pack-
         age  and  stores  it  in  output_file.  If no output file is
         specified,  the  key  package  is  output  to  stdout.    If
         output_file already exists, it is overwritten. The key pack-
         age is stored in printable encoding format,  as  defined  by
         the Internet RFC1421 standard.
    
         keypkg -F requires that the user has registered his  or  her
         private key with the SKI keyserver (see skilogin(1)).
    
      Viewing the contents of a key package
         The keypkg -G command retrieves a user's or host's key pack-
         age and displays its contents.
    
         keypkg -G requires that the user has registered his  or  her
         private key with the SKI keyserver (see skilogin(1)).
    
      Changing your key package password
         The keypkg -P command changes the password under  which  the
         private   key  in  the  user's  or  host's  key  package  is
         encrypted.
    
         keypkg -P prompts the user for his or her old password,  and
         then  prompts for the new password twice. When the new pass-
         word is entered a second time, the two  copies  of  the  new
         password   are  compared.  If the two copies are not identi-
         cal, the keypkg command exits with an error message.
    
      Removing trusted public keys
         The keypkg -R command removes one or more trusted keys  from
         the user's or host's key package.
    
         The trusted key(s) to be removed can be  identified  in  two
         different ways:  by a serial number/issuer combination or by
         the trusted key owner's name.
    
         If a serial number/issuer combination is  given,  a  trusted
         key  with  the matching combination is removed from the list
         of trusted public keys.
    
         If a trusted key owner's name is provided, all trusted  keys
         pertaining  to the specified owner are removed from the list
         of trusted public keys.
         keypkg -R requires that the user has registered his  or  her
         private key with the SKI key server (see skilogin(1)).
    
    OPTIONS
         keypkg can be run in the following modes:
    
         -A      Add one or more public keys to the list  of  trusted
                 public keys in your key package.
    
         -C      Create your key package and store it into the naming
                 service.
    
         -D      Delete a user's or host's key package from the  nam-
                 ing service.
    
         -F      Retrieve a user's or host's  key  package  from  the
                 naming service and store it in a file.
    
         -G      Retrieve a user's or host's key package and  display
                 its contents.
    
         -P      Change your key package password.
    
         -R      Remove one or more public  keys  from  the  list  of
                 trusted keys in your key package.
    
         The following options are supported for all modes of
                 keypkg:
    
         -h      For each mode, operate on the host's key package.
    
         -s      Run application silently (no status or error  infor-
                 mation displayed).
    
         -v      Give verbose output.  If both  the  -v  and  the  -s
                 options are specified, the -v option is ignored.
    
         The following option applies to all modes of keypkg,  except
         for keypkg -C:
    
         -L virtual_host
              Name or dot separated IP address of the virtual host on
              whose  behalf  the  command is run.  This option can be
              specified only with -h option.
    
         The following options apply to keypkg -C:
    
         -k keypkg_owner
              Identity of key package owner. This is  an  X.500  dis-
              tinguished  name in string representation, for example,
              "cn=Alice   Smith,   ou=SunSoft,   o=SUN,   c=US"    or
              "cn=hostname.eng.sun.com".
    
         -l key_size
              This is the key length. By default, a 768  bit  key  is
              used.  Other  supported key sizes are 512 and 1024. The
              higher the security requirements, the greater  the  key
              length should be.
    
         -e public_exponent
              Public exponent  for  RSA  key  generation.  Either  F0
              (numeric  value  3)  or  F4 (Fermat 4). By default, the
              public exponent is F4.
    
         The following options apply to keypkg -R:
    
         -a authority
              Identity (given  as  an  X.500  distinguished  name  in
              string representation, for example, "ou=CA, ou=SunSoft,
              o=SUN, c=US") of Certification Authority who  issued  a
              certificate  for  the public key to be removed from the
              list of trusted public keys.
    
         -n number
              Certificate serial number.
    
         -t trusted_key_owner
              Identity (given  as  an  X.500  distinguished  name  in
              string  representation,  for  example, "cn=Alice Smith,
              ou=SunSoft, o=SUN, c=US") of entity whose public key is
              to be removed from the list of trusted public keys.
    
         The following option applies to keypkg -D:
    
         -k keypkg_owner
              Key package owner. This value may be  the  key  package
              owner's  username or the key package owner's X.500 dis-
              tinguished name in string representation, for  example,
              "cn=Alice  Smith, ou=SunSoft, o=SUN, c=US".  If the key
              package owner is not specified with the -k option,  the
              key  package  accessed  will  be the key package of the
              user running the command.
    
    EXAMPLES
         The command (executed by the user, alice):
    
              example% keypkg -G
    
         allows alice to view the contents of her  key  package.  The
         private  key  is  not displayed.  Typically, this is used to
         view the list of trusted public keys stored in the key pack-
         age.
    
         The command (executed by alice):
    
              example% keypkg -F local
    
         allows alice to retrieve her key  package  from  the  naming
         service  and  store  it  in  the file "local" in the current
         directory, which she then can copy to  an  external  device,
         for example, a lap top.
    
         The command (executed by alice):
    
              example% keypkg -P
    
         allows alice to change her key package password.
    
         The command (run by alice):
    
              example% keypkg -A certfile
    
         allows alice to add one or more  trusted  keys  to  her  key
         package.  The trusted keys are read from the file "certfile"
         (the trusted keys are stored as certificates in the file  --
         encoding  based  on  the Internet RFC1421 standard).  "cert-
         file" should have the following format:
    
         -----BEGIN CERTIFICATE-----
         MIIBRDCB7wIEMe0zZzANBgkqhkiG9w0BAQQFADAbMQswCQYDVQQGEwJVUzEMMAoG
         A1UEChQDU1VOMB4XDTk2MDcxNzE4MzkzNVoXDTk5MDcxNzE4MzkzNVowPTELMAkG
         A1UEBhMCVVMxDDAKBgNVBAoUA1NVTjEPMA0GA1UEDRQGZHVtbXkxMQ8wDQYDVQQD
         FAZkdW1teTEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAt9LgN5oT1WtlCJFXLmhc
         SY4kN7OcNkBYq9iT4R8K0uZIrgp9/hSe0DFgQaAZkIUjqB0YkeIFPmy6/K3bp0l9
         1QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAdolKCynL2WjOxHmmsRbEg51dwB2u/ExM
         2ZMaZvLMXHX5VIsjxfLSCXu3iI/RdMIi5dGfZhrp2XBkg0gkii+Mkw==
         -----END CERTIFICATE-----
         -----BEGIN CERTIFICATE-----
         MIIBSjCB9QIEMe0zYTANBgkqhkiG9w0BAQQFADAbMQswCQYDVQQGEwJVUzEMMAoG
         A1UEChQDU1VOMB4XDTk2MDcxNzE4MzkyOVoXDTk5MDcxNzE4MzkyOVowQzELMAkG
         A1UEBhMCVVMxDDAKBgNVBAoUA1NVTjEQMA4GA1UEDRQHY2hhcmxpZTEUMBIGA1UE
         AxQLY2hhcmxpZSBsYWkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxQzeNvx72Dkp
         GI9r6hALR3nVBG13PA/2wKrsT25xQGoSp104klnVgRfp4mbeiHEIfKG7Q9Z0bOei
         luT4fG5EQQIDAQABMA0GCSqGSIb3DQEBBAUAA0EAUahDuBR5ONKIGvV4wvk2ZfVi
         ms2TwKEDhtAkdQe0B3xeZk7e1/h6iK8QrXz2VtSCXde4onRr84Afj8je5gAkoQ==
         -----END CERTIFICATE-----
    
         If the trusted_key_owner  of  the  public  key  is   "cn=Bob
         Smith, o=Company X, c=US", then the command (run by alice):
    
              example% keypkg -R  -t   "cn=Bob  Smith,  o=Company  X,
              c=US"
    
         allows alice to remove the public  key  of   "cn=Bob  Smith,
         o=Company  X,  c=US" from the list of trusted public keys in
         her key package.
    
         The command (run by a system administrator):
    
              example% keypkg -D -k alice
    
         allows an administrator to delete alice's key  package  from
         the naming service. The same result would have been achieved
         by running
    
              example% keypkg -D -k  "cn=Alice Smith, ou=eng,  o=SUN,
              c=US"
    
         provided that alice's distinguished name is "cn=Alice Smith,
         ou=eng, o=SUN, c=US".
    
         The following command, run by user "sun_ca":
    
              example% keypkg -C -l 1024 -k  "o=SUN, c=US"
    
         generates a key package for "o=SUN, c=US" and stores  it  in
         the  configured  name  service under the user "sun_ca".  The
         newly generated RSA keypair contained in the key package has
         a  keysize  of  1024  bits  and a public exponent with value
         0x010001.
    
         The following command, run by user "root":
    
              example%    keypkg     -C     -h     -l     1024     -k
               "cn=yosemite.eng.sun.com"
    
         generates a key package for the host  "yosemite.eng.sun.com"
         and  stores it in the configured name service under the host
         "yosemite".
    
    EXIT STATUS
         The keypkg command exits with 0 if successful and  1  other-
         wise.
    
    SEE ALSO
         certreq(1), skilogin(1), skicert(1)
    
    NOTES
         For software shipped outside North America, only 512 bit RSA
         key sizes are generated and supported.
    
         If the key package is stored in NIS, then the create  opera-
         tions (-C) can only be done by NIS Administrator.
    
    
    
    


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру