keygen - Generate and manipulate crypto keys for mcntp
keygen [-h]
keygen [-f] [-b bits] [-i system-id] - generate new keys
keygen [-f] [-r keyring] [-a new key] - add a key to a keyring
keygen [-r keyring] [-d key to delete] - delete a key from a keyring
keygen [-r keyring] [-l] - list all keys on a keyring
The keygen command has two modes of operation that are mutually exclu- sive.
In the first it generates the public and private keys that are used for signing articles that are distributed via mcntp. In order to generate a key you have to supply the number of bits it should have and the identi- fier of the system the key should belong to. The system-id identifier is normally the fully qualified hostname or as it is usual with NetNews the path entry - in order to support more than one key per sender (e.g. to have different keys for different groups), this can also be different. The system-id can be at most 40 Bytes in size. After the key is produced a ripe-md 160 fingerprint of the public key is produced thus enabling ev- eryone to check if the key is intact. The more bits you select the bet- ter is security, but also signing articles takes much longer. On my i486dx2/80 you get the following times:
Size Signing Verifying 512 Bits 0.35 seconds 0.04 seconds 768 Bits 1.11 seconds 0.07 seconds 1024 Bits 2.62 seconds 0.13 seconds Keygen does not override existing keys - if you want to do this, specify the -f option on the command line.
The second mode is to list, add, replace or delete a public key in the keyring where you keep the public keys of the senders you trust. If you receive a key from someone you should first check its integrity by run- ning rmd(1) over it and comparing the fingerprints.
The keyring you want to operate on is specified by -r - there is no de- fault. To add a key you specify the file it is in with the -a option. If a key for the same system-id already exists, then you are asked if you want to overwrite it or not unless the -f flag is given. To delete a key use option -d and specify the system-id of the key. You are asked if you really want to delete the specific key unless -f is given. To list all keys in the ring use the -l option.
Generate a 512 bit key pair for the host ``snert''.
localhost> keygen -b 512 -i snert
Generating keys with 512 Bit length .. may take a while
Ripe-md160 fingerprint for the public key is :
71d897cff15e4edb7a3f10e592a4579739aa2e5a
To create a new (empty) keyring just touch it:
localhost> touch ring
Add a public key to it:
localhost> keygen -a mcntp-key.pub -r ring
Show the contents of the keyring:
localhost> keygen -l -r ring
Add second key and then show contents:
localhost> keygen -a otherkey.pub -r ring
localhost> keygen -l -r ring
Delete an entry from a keyring:
localhost> keygen -d snert -r ring Found key for <snert> deleting it
mcntp-key.pub
The public key. This is uses by the clients to check if messages
come from the right sender.
mcntp-key.priv
The private key. This is used to sign articles before sending them
off. Keep this one private as otherwise it would enable others to
pretend that messages come from you which in fact don't.
mcntp(8) , mcrcv(8) , mcxmit(8) , rmd(1) , rmd(3)
The keygen command is part of the diploma thesis Transport of NetNews via IP-multicast.
Please report all bugs that you find at the respective tracker at http://sourceforge.net/projects/mcntp/
$Id: keygen.8.html,v 1.8 2001/11/22 10:24:37 pilhuhn Exp $