1wanboot_keygen(1M) System Administration Commands wanboot_keygen(1M)
2
3
4
6 wanboot_keygen - create and display client and server keys for WAN
7 booting
8
10 /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=3des
11
12
13 /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=aes
14
15
16 /usr/lib/inet/wanboot/keygen -m
17
18
19 /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=sha1
20
21
22 /usr/lib/inet/wanboot/keygen -d -m
23
24
25 /usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=keytype
26
27
29 The keygen utility has three purposes:
30
31 o Using the -c flag, to generate and store per-client 3DES/AES
32 encryption keys, avoiding any DES weak keys.
33
34 o Using the -m flag, to generate and store a "master" HMAC
35 SHA-1 key for WAN install, and to derive from the master key
36 per-client HMAC SHA-1 hashing keys, in a manner described in
37 RFC 3118, Appendix A.
38
39 o Using the -d flag along with either the -c or -m flag to
40 indicate the key repository, to display a key of type speci‐
41 fied by keytype, which must be one of 3des, aes, or sha1.
42
43
44 The net and cid arguments are used to identify a specific client. Both
45 arguments are optional. If the cid option is not provided, the key
46 being created or displayed will have a per-network scope. If the net
47 option is not provided, then the key will have a global scope. Default
48 net and code values are used to derive an HMAC SHA-1 key if the values
49 are not provided by the user.
50
52 The following options are supported:
53
54 -c Generate and store per-client 3DES/AES encryption keys, avoiding
55 any DES weak keys. Also generates and stores per-client HMAC
56 SHA-1 keys. Used in conjunction with -o.
57
58
59 -d Display a key of type specified by keytype, which must be one of
60 3des, aes, or sha1. Use -d with -m or with -c and -o.
61
62
63 -m Generate and store a "master" HMAC SHA-1 key for WAN install.
64
65
66 -o Specifies the WANboot client and/or keytype.
67
68
70 Example 1 Generate a Master HMAC SHA-1 Key
71
72 # keygen -m
73
74
75
76 Example 2 Generate and Then Display a Client-Specific Master HMAC SHA-1
77 Key
78
79 # keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
80 # keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
81
82
83
84 Example 3 Generate and Display a 3DES Key with a Per-Network Scope
85
86 # keygen -c -o net=172.16.174.0,type=3des
87 # keygen -d -o net=172.16.174.0,type=3des
88
89
90
92 0 Successful operation.
93
94
95 >0 An error occurred.
96
97
99 See attributes(5) for descriptions of the following attributes:
100
101
102
103
104 ┌─────────────────────────────┬─────────────────────────────┐
105 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
106 ├─────────────────────────────┼─────────────────────────────┤
107 │Availability │SUNWwbsup │
108 ├─────────────────────────────┼─────────────────────────────┤
109 │Interface Stability │Obsolete │
110 └─────────────────────────────┴─────────────────────────────┘
111
113 attributes(5)
114
115
116
117SunOS 5.11 18 Apr 2003 wanboot_keygen(1M)