1TANGD-ROTATE-KEYS(1)                                      TANGD-ROTATE-KEYS(1)
2
3
4

NAME

6       tangd-rotate-keys - Perform rotation of tang keys
7

SYNOPSIS

9       tangd-rotate-keys [-h] [-v] -d <KEYDIR>
10

DESCRIPTION

12       in order to preserve the security of the system over the long run, you
13       need to periodically rotate your keys. The precise interval at which
14       you should rotate depends upon your application, key sizes and
15       institutional policy. For some common recommendations, see:
16       https://www.keylength.com.
17
18       tangd-rotate-keys generates new keys in the key database directory
19       given by the -d option. This is typically /var/db/tang. It also rename
20       the old keys to have a leading . in order to hide them from
21       advertisement.
22
23       Tang will immediately pick up all changes. No restart is required.
24
25       At this point, new client bindings will pick up the new keys and old
26       clients can continue to utilize the old keys. Once you are sure that
27       all the old clients have been migrated to use the new keys, you can
28       remove the old keys. Be aware that removing the old keys while clients
29       are still using them can result in data loss. You have been warned.
30

OPTIONS

32-d <KEYDIR>: The directory with the keys, e.g. /var/db/tang
33
34-h: Display the usage information
35
36-v: Verbose. Display additional info on keys created/rotated
37

AUTHOR

39       Sergio Correia <scorreia@redhat.com>
40

SEE ALSO

42       tang(8)
43
44
45
46                                  01/22/2022              TANGD-ROTATE-KEYS(1)
Impressum