Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

wanboot_keygen


NAME
     wanboot_keygen - create and display client and  server  keys
     for WAN booting

SYNOPSIS
     /usr/lib/inet/wanboot/keygen     -c      -o      net=a.b.c.d
     ,cid=client_ID,type=3des

     /usr/lib/inet/wanboot/keygen     -c      -o      net=a.b.c.d
     ,cid=client_ID,type=aes

     /usr/lib/inet/wanboot/keygen -m

     /usr/lib/inet/wanboot/keygen     -c      -o      net=a.b.c.d
     ,cid=client_ID,type=sha1

     /usr/lib/inet/wanboot/keygen -d -m

     /usr/lib/inet/wanboot/keygen     -c      -o      net=a.b.c.d
     ,cid=client_ID,type=keytype

DESCRIPTION
     The keygen utility has three purposes:

       o  Using the -c flag, to  generate  and  store  per-client
          3DES/AES encryption keys, avoiding any DES weak keys.

       o  Using the -m flag, to generate  and  store  a  "master"
          HMAC  SHA-1 key for WAN install, and to derive from the
          master key per-client HMAC SHA-1  hashing  keys,  in  a
          manner described in RFC 3118, Appendix A.

       o  Using the -d flag along with either the -c or  -m  flag
          to  indicate  the  key  repository, to display a key of
          type specified by keytype, which must be one  of  3des,
          aes, or sha1.


     The net and cid arguments are used to  identify  a  specific
     client.  Both  arguments  are optional. If the cid option is
     not provided, the key being created or displayed will have a
     per-network  scope.  If the net option is not provided, then
     the key will have a  global  scope.  Default  net  and  code
     values  are  used  to derive an HMAC SHA-1 key if the values
     are not provided by the user.

OPTIONS
     The following options are supported:

     -c

         Generate and store per-client 3DES/AES encryption  keys,
         avoiding  any  DES  weak keys. Also generates and stores
         per-client HMAC SHA-1 keys. Used in conjunction with -o.



     -d

         Display a key of type specified by keytype,  which  must
         be  one of 3des, aes, or sha1. Use -d with -m or with -c
         and -o.



     -m

         Generate and store a "master" HMAC  SHA-1  key  for  WAN
         install.



     -o

         Specifies the WANboot client and/or keytype.



EXAMPLES
     Example 1: Generate a Master HMAC SHA-1 Key

     # keygen -m

     Example 2: Generate and Then Display a Client-Specific  Mas-
     ter HMAC SHA-1 Key

     # keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
     # keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1

     Example 3: Generate and Display  a  3DES  Key  with  a  Per-
     Network Scope

     # keygen -c -o net=172.16.174.0,type=3des
     # keygen -d -o net=172.16.174.0,type=3des

EXIT STATUS
     0

         Successful operation.



     >0

         An error occurred.



ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWwbsup                   |
    |_____________________________|_____________________________|
    | Interface Stability         | Obsolete                    |
    |_____________________________|_____________________________|


SEE ALSO
     attributes(5)










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments