5. wanboot_keygen - create and display client and server keys for WAN wanboot_keygen

wanboot_keygen - create and display client and server keys for WAN wanboot_keygen 


  • System Administration Commands				    wanboot_keygen(1M)



NAME
       wanboot_keygen  -  create  and  display	client and server keys for WAN
       booting

SYNOPSIS
       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=3des


       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=aes


       /usr/lib/inet/wanboot/keygen -m


       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=sha1


       /usr/lib/inet/wanboot/keygen -d -m


       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=keytype


DESCRIPTION
       The keygen utility has three purposes:

	   o	  Using	the -c flag, to	generate and store per-client 3DES/AES
		  encryption keys, avoiding any	DES weak keys.

	   o	  Using	 the  -m  flag,	 to generate and store a "master" HMAC
		  SHA-1	key for	WAN install, and to derive from	the master key
		  per-client HMAC SHA-1	hashing	keys, in a manner described in
		  RFC 3118, Appendix A.

	   o	  Using	the -d flag along with either the -c  or  -m  flag  to
		  indicate the key repository, to display a key	of type	speci-
		  fied by keytype, which must be one of	3des, aes, or sha1.


       The net and cid arguments are used to identify a	specific client.  Both
       arguments  are  optional.  If  the  cid option is not provided, the key
       being created or	displayed will have a per-network scope.  If  the  net
       option  is not provided,	then the key will have a global	scope. Default
       net and code values are used to derive an HMAC SHA-1 key	if the	values
       are not provided	by the user.

OPTIONS
       The following options are supported:

       -c    Generate  and store per-client 3DES/AES encryption	keys, avoiding
	     any DES weak keys.	Also  generates	 and  stores  per-client  HMAC
	     SHA-1 keys. Used in conjunction with -o.


       -d    Display  a	key of type specified by keytype, which	must be	one of
	     3des, aes,	or sha1. Use -d	with -m	or with	-c and -o.


       -m    Generate and store	a "master" HMAC	SHA-1 key for WAN install.


       -o    Specifies the WANboot client and/or keytype.


EXAMPLES
       Example 1 Generate a Master HMAC	SHA-1 Key

	 # keygen -m



       Example 2 Generate and Then Display a Client-Specific Master HMAC SHA-1
       Key

	 # keygen -c -o	net=172.16.174.0,cid=010003BA0E6A36,type=sha1
	 # keygen -d -c	-o net=172.16.174.0,cid=010003BA0E6A36,type=sha1



       Example 3 Generate and Display a	3DES Key with a	Per-Network Scope

	 # keygen -c -o	net=172.16.174.0,type=3des
	 # keygen -d -o	net=172.16.174.0,type=3des



EXIT STATUS
       0     Successful	operation.


       >0    An	error occurred.


ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:




       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |system/boot/wanboot	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Obsolete			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       attributes(5)



SunOS 5.11			  18 Apr 2003		    wanboot_keygen(1M)
solaris manpages 2041
Log in to reply
 

© Lightnetics 2024