wanboot_keygen(1m)

1wanboot_keygen(1M)      System Administration Commands      wanboot_keygen(1M)
2
3
4

NAME

6       wanboot_keygen  -  create  and  display  client and server keys for WAN
7       booting
8

SYNOPSIS

10       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=3des
11
12
13       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=aes
14
15
16       /usr/lib/inet/wanboot/keygen -m
17
18
19       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=sha1
20
21
22       /usr/lib/inet/wanboot/keygen -d -m
23
24
25       /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=keytype
26
27

DESCRIPTION

29       The keygen utility has three purposes:
30
31           o      Using the -c flag, to generate and store per-client 3DES/AES
32                  encryption keys, avoiding any DES weak keys.
33
34           o      Using  the  -m  flag,  to generate and store a "master" HMAC
35                  SHA-1 key for WAN install, and to derive from the master key
36                  per-client HMAC SHA-1 hashing keys, in a manner described in
37                  RFC 3118, Appendix A.
38
39           o      Using the -d flag along with either the -c  or  -m  flag  to
40                  indicate the key repository, to display a key of type speci‐
41                  fied by keytype, which must be one of 3des, aes, or sha1.
42
43
44       The net and cid arguments are used to identify a specific client.  Both
45       arguments  are  optional.  If  the  cid option is not provided, the key
46       being created or displayed will have a per-network scope.  If  the  net
47       option  is not provided, then the key will have a global scope. Default
48       net and code values are used to derive an HMAC SHA-1 key if the  values
49       are not provided by the user.
50

OPTIONS

52       The following options are supported:
53
54       -c    Generate  and store per-client 3DES/AES encryption keys, avoiding
55             any DES weak keys. Also  generates  and  stores  per-client  HMAC
56             SHA-1 keys. Used in conjunction with -o.
57
58
59       -d    Display  a key of type specified by keytype, which must be one of
60             3des, aes, or sha1. Use -d with -m or with -c and -o.
61
62
63       -m    Generate and store a "master" HMAC SHA-1 key for WAN install.
64
65
66       -o    Specifies the WANboot client and/or keytype.
67
68

EXAMPLES

70       Example 1 Generate a Master HMAC SHA-1 Key
71
72         # keygen -m
73
74
75
76       Example 2 Generate and Then Display a Client-Specific Master HMAC SHA-1
77       Key
78
79         # keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
80         # keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
81
82
83
84       Example 3 Generate and Display a 3DES Key with a Per-Network Scope
85
86         # keygen -c -o net=172.16.174.0,type=3des
87         # keygen -d -o net=172.16.174.0,type=3des
88
89
90

EXIT STATUS

92       0     Successful operation.
93
94
95       >0    An error occurred.
96
97

ATTRIBUTES

99       See attributes(5) for descriptions of the following attributes:
100
101
102
103
104       ┌─────────────────────────────┬─────────────────────────────┐
105       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
106       ├─────────────────────────────┼─────────────────────────────┤
107       │Availability                 │SUNWwbsup                    │
108       ├─────────────────────────────┼─────────────────────────────┤
109       │Interface Stability          │Obsolete                     │
110       └─────────────────────────────┴─────────────────────────────┘
111