Manual Pages for UNIX Operating System command usage for man wanboot_keygen

System Administration Commands                 wanboot_keygen(1M)



NAME
     wanboot_keygen - create and display client and  server  keys
     for WAN booting

SYNOPSIS
     /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=3des


     /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=aes


     /usr/lib/inet/wanboot/keygen -m


     /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=sha1


     /usr/lib/inet/wanboot/keygen -d -m


     /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=keytype


DESCRIPTION
     The keygen utility has three purposes:

         o    Using the -c flag, to generate and store per-client
              3DES/AES  encryption  keys,  avoiding  any DES weak
              keys.

         o    Using the -m flag, to generate and store a "master"
              HMAC  SHA-1 key for WAN install, and to derive from
              the master key per-client HMAC SHA-1 hashing  keys,
              in a manner described in RFC 3118, Appendix A.

         o    Using the -d flag along with either the  -c  or  -m
              flag  to  indicate the key repository, to display a
              key of type specified by keytype, which must be one
              of 3des, aes, or sha1.


     The net and cid arguments are used to  identify  a  specific
     client.  Both  arguments  are optional. If the cid option is
     not provided, the key being created or displayed will have a
     per-network  scope.  If the net option is not provided, then
     the key will have a  global  scope.  Default  net  and  code
     values  are  used  to derive an HMAC SHA-1 key if the values
     are not provided by the user.

OPTIONS
     The following options are supported:




SunOS 5.11          Last change: 18 Apr 2003                    1






System Administration Commands                 wanboot_keygen(1M)



     -c    Generate  and  store  per-client  3DES/AES  encryption
           keys,  avoiding  any DES weak keys. Also generates and
           stores per-client HMAC SHA-1 keys. Used in conjunction
           with -o.


     -d    Display a key of type specified by keytype, which must
           be  one  of 3des, aes, or sha1. Use -d with -m or with
           -c and -o.


     -m    Generate and store a "master" HMAC SHA-1 key  for  WAN
           install.


     -o    Specifies the WANboot client and/or keytype.


EXAMPLES
     Example 1 Generate a Master HMAC SHA-1 Key

       # keygen -m



     Example 2 Generate and Then Display a Client-Specific Master
     HMAC SHA-1 Key

       # keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
       # keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1



     Example 3 Generate and Display a 3DES Key with a Per-Network
     Scope

       # keygen -c -o net=172.16.174.0,type=3des
       # keygen -d -o net=172.16.174.0,type=3des



EXIT STATUS
     0     Successful operation.


     >0    An error occurred.


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:




SunOS 5.11          Last change: 18 Apr 2003                    2






System Administration Commands                 wanboot_keygen(1M)



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | system/boot/wanboot         |
    |_____________________________|_____________________________|
    | Interface Stability         | Obsolete                    |
    |_____________________________|_____________________________|


SEE ALSO
     attributes(5)












































SunOS 5.11          Last change: 18 Apr 2003                    3