keymaster(1Mbnu)
keymaster --
cr1 key database administration
Synopsis
keymaster [-k | -cn] [-s scheme]
Description
The keymaster command
starts the cr1 key management daemon
and sets the master key
that is used to encrypt and decrypt the shared keys
stored in the keys file
(see
cr1(1Mbnu)).
A shared key is a bit string, known only to
the parties in an exchange,
that is used to authenticate a connection.
When shared keys are entered, they are stored
in a keys file by a daemon process.
If a master key exists, the shared keys in the file are encrypted.
When keymaster is first entered, it
forks a process that continues as the key management daemon.
Options
The options to keymaster are as follows:
-c-
Indicates that the master key is to be changed.
keymaster first prompts
the user to enter the old master key, then a new master key.
-n-
Indicates that the
keys file is not encrypted.
keymaster does not prompt for a master key.
-k-
Indicates that the
key management daemon is to be stopped.
No key is required to stop the key management daemon.
This option takes precedence over both -c and -n.
-s scheme-
Specifies the name of the scheme to be used.
The default scheme is cr1, which uses DES encryption, and
requires that the Encryption Utilities package be installed.
If this package is not available, ENIGMA encryption can be used by specifying
cr1.enigma for scheme.
When no options are specified, keymaster prompts for
the current master key.
If the master key is entered correctly,
the keymaster daemon is started.
keymaster does not echo keys as they are typed.
It confirms a new master key by requiring the user
to enter the key a second time.
If the second entry does not match the first, the
operation is not executed.
Files
/etc/iaf/cr1/keys-
cr1 key database
Usage
Use of keymaster is restricted to the privileged user.
The privileged user is the owner of the keys file.
Exit codes
keymaster passes a request to the key management daemon either
by becoming the daemon, or by writing to the current daemon's pipe.
If the daemon returns success, keymaster exits with a value
of 0; otherwise, it prints an error message and exits with a
non-zero value.
Note that, if keymaster successfully starts the key management daemon, it
indicates success to the user, even though the daemon may subsequently fail.
References
Config(4bnu),
cr1(1Mbnu),
cryptkey(1bnu),
getkey(3N),
Permissions(4bnu)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004