*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->OpenBSD man pages -> keynote (1)              
Title
Content
Arch
Section
 

KEYNOTE(1)

Contents


NAME    [Toc]    [Back]

     keynote - command line tool for keynote(3) operations

SYNOPSIS    [Toc]    [Back]

     keynote   keygen   AlgorithmName    KeySize    PublicKeyFile
PrivateKeyFile
            [print-offset] [print-length]
     keynote sign [-v] AlgorithmName AssertionFile PrivateKeyFile
            [print-offset] [print-length]
     keynote sigver [AssertionFile]
     keynote verify [-h] [-e file] -l file -r retlist  [-k  file]
[-l file]
            [file ...]

DESCRIPTION    [Toc]    [Back]

     For more details on KeyNote, see RFC 2704.

KEY GENERATION    [Toc]    [Back]

     "keynote  keygen"  creates  a  public/private  key  of  size
KeySize, (in bits)
     for the algorithm specified by AlgorithmName.  Typical  keysizes are 512,
     1024,  or 2048 (bits).  The minimum key size for DSA keys is
512 (bits).
     Supported AlgorithmName identifiers are:

           ``dsa-hex:''
           ``dsa-base64:''
           ``rsa-hex:''
           ``rsa-base64:''

     Notice that the trailing colon is required.   The  resulting
public key is
     stored in file PublicKeyFile.  Similarly, the resulting private key is
     stored in file PrivateKeyFile.  Either of the filenames  can
be specified
     to  be ``-'', in which case the corresponding key(s) will be
printed to
     standard output.

     The optional parameters print-offset and print-length specify the offset
     from  the beginning of the line where the key will be printed, and the
     number of characters of the key that  will  be  printed  per
line.  print-
     length  includes AlgorithmName for the first line and has to
be longer (by
     at least 2) than AlgorithmName.  print-length also  accounts
for the linecontinuation
  character (backslash) at the end of each line,
and the double
 quotes at the beginning and end  of  the  key  encoding.
Default values
     are 12 and 50 respectively.

ASSERTION SIGNING    [Toc]    [Back]

     "keynote    sign"   reads   the   assertion   contained   in
AssertionFile and generates
 a signature specified by AlgorithmName using  the  private key stored
     in PrivateKeyFile.  The private key is expected to be of the
form output
     by "keynote keygen".  The  private  key  algorithm  and  the
AlgorithmName
     specified as an argument are expected to match.  There is no
requirement
     for  the  internal  or  ASCII  encodings  to  match.   Valid
AlgorithmName identifiers
 are:

           ``sig-dsa-sha1-hex:''
           ``sig-dsa-sha1-base64:''
           ``sig-rsa-sha1-hex:''
           ``sig-rsa-sha1-base64:''
           ``sig-rsa-md5-hex:''
           ``sig-rsa-md5-base64:''
           ``sig-x509-sha1-hex:''
           ``sig-x509-sha1-base64:''

     Notice  that  the trailing colon is required.  The resulting
signature is
     printed to standard output.  This can  then  be  added  (via
cut-and-paste or
     some  script)  at the end of the assertion, in the Signature
field.

     The  public  key  corresponding  to  the  private   key   in
PrivateKeyFile is expected
 to already be included in the Authorizer field of the
assertion,
     either directly  or  indirectly  (i.e.,  through  use  of  a
Local-Constants attribute).
   Furthermore, the assertion must have a Signature
field (even
     if it is empty), as the signature is computed on  everything
between the
     KeyNote-Version  and Signature keywords (inclusive), and the
AlgorithmName
     string.

     If the -v flag is provided, "keynote sign" will also  verify
the newlycreated
 signature using the Authorizer field key.

     The optional parameters print-offset and print-length specify the offset
     from the beginning of the line where the signature  will  be
printed, and
     the  number  of  characters  of  the  signature that will be
printed per line.
     print-length includes AlgorithmName for the first  line  and
has to be
     longer (by at least 2) than AlgorithmName.  print-length also accounts
     for the line-continuation character (backslash) at  the  end
of each line,
     and the double quotes at the beginning and end of the signature encoding.
     Default values are 12 and 50 respectively.

SIGNATURE VERIFICATION    [Toc]    [Back]

     "keynote  sigver"  reads   the   assertions   contained   in
AssertionFile and verifies
 the public-key signatures on all of them.

QUERY TOOL    [Toc]    [Back]

     For  each  operand that names a file, "keynote verify" reads
the file and
     parses the assertions contained therein (one  assertion  per
file).

     Files  given with the -l flag are assumed to contain trusted
assertions
     (no signature verification is performed), and the Authorizer
field can
     contain  non-key  principals.   There should be at least one
assertion with
     the POLICY keyword in the Authorizer field.

     The -r flag is used to provide a comma-separated list of return values,
     in increasing order of compliance from left to right.

     Files given with the -e flag are assumed to contain environment variables
     and their values, in the format:

           varname = "value"

     varname can begin with any letter (upper or lower  case)  or
number, and
     can  contain underscores.  value is a quoted string, and can
contain any
     character, and escape (backslash) processing  is  performed,
as specified
     in the KeyNote RFC.

     The remaining options are:

     -h       Print a usage message and exit.

     -k file  Add a key from file in the action authorizers.

     Exactly one -r and at least one of each -e, -l, and -k flags
should be
     given per invocation.  If no flags are given, "keynote verify" prints the
     usage message and exits with error code -1.

     "keynote  verify"  exits with code -1 if there was an error,
and 0 on success.

SEE ALSO    [Toc]    [Back]

      
      
     keynote(3), keynote(4), keynote(5)

     M. Blaze, J. Feigenbaum, and A. D.  Keromytis,  The  KeyNote
Trust-
     Management System, Version 2, RFC 2704, 1999.

     M.  Blaze,  J. Feigenbaum, and J. Lacy, "Decentralized Trust
Management",
     IEEE Conference on Privacy and Security, 1996.

     M. Blaze, J. Feigenbaum, and M. Strauss,  "Compliance-Checking in the
     PolicyMaker   Trust  Management  System",  Financial  Crypto
Conference, 1998.

AUTHORS    [Toc]    [Back]

     Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>

WEB PAGE    [Toc]    [Back]

     http://www.cis.upenn.edu/~keynote

BUGS    [Toc]    [Back]

     None that we know of.  If you find any, please  report  them
at
           <keynote@research.att.com>

OpenBSD      3.6                          April      29,     1999
[ Back ]
 Similar pages
Name OS Title
openssl OpenBSD OpenSSL command line tool
smcmd IRIX command-line web content administration and publishing tool
dhcptools HP-UX command line tool for DHCP elements of bootpd
prove OpenBSD A command-line tool for running tests against Test::Harness
edit Tru64 Edits a file line by line with a simplified command set
ipxfargc IRIX Returns the number of command-line arguments excluding the command name
VkForkIO IRIX Command-line interface to shell command component
tcl-tk Tru64 Tool Command Language
tcl Tru64 Tool Command Language
tk Tru64 Tool Command Language
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service