1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
<HTML><HEAD><TITLE>Manpage of aespasswd</TITLE>
</HEAD><BODY>
<H1>aespasswd</H1>
Section: User Commands (1)<BR>Updated: 2004 Feb 8<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB"> </A>
<H2>NAME</H2>
aespasswd - Used to create and manage an AES keyfile.
<A NAME="lbAC"> </A>
<H2>SYNOPSIS</H2>
<B>aespasswd </B>
[<I>-n</I>] [<I>-d</I>] <I>-f keyfile identity
</I><A NAME="lbAD"> </A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-n</B><DD>
Create the keyfile
<DT><B>-d</B><DD>
Delete given identity from keyfile
<DT><B>-f keyfile</B><DD>
Specifies file that holds identity/key pairs
</DL>
<A NAME="lbAE"> </A>
<H2>DESCRIPTION</H2>
<B>aespasswd</B>
is used to create and manage files that hold identity/key pairs. It is
primarily used to manage the <I>bwctld.keys</I> file for <B>bwctld</B>
and the <I>owampd.keys</I> file for <B>owampd</B>.
<P>
If the <I>-d</I> option is not specified, then <B>aespasswd</B> prompts
the caller for a passphrase. The passphrase is hashed using an internal
MD5 algorithm to generate a key that is then saved in the <I>keyfile</I>
associated with the given <I>identity</I>. If the given <I>identity</I>
already exists in the <I>keyfile</I>, the previous key is overwritten with
the new one.
<P>
<I>keyfiles</I> generated by <B>aespasswd</B> are formatted for use with
<B>BWCTL</B> and <B>OWAMP</B>.
<A NAME="lbAF"> </A>
<H2>KEYFILE FORMAT</H2>
<B>aespasswd</B> generates lines of the format:
<P>
test<TT> </TT>54b0c58c7ce9f2a8b551351102ee0938<BR>
<P>
An <I>identity</I>, followed by whitespace, followed by a hex encoded 128-bit
number, that is suitable to be used as a symmetric AES key.
<P>
No other text is allowed on these lines; however, comment lines may be
added. Comment lines are any line where the first non-white space character
is '<B>#</B>'.
<A NAME="lbAG"> </A>
<H2>EXAMPLES</H2>
<B>aespasswd -f /usr/local/etc/bwctld.keys testuser</B>
<DL COMPACT>
<DT><DD>
Adds a key for the identity <I>testuser</I>. The user is prompted for
a passphrase. If the file does not exist, an error message will
be printed and no action will be taken.
</DL>
<P>
<B>aespasswd -f /usr/local/etc/bwctld.keys -n testuser</B>
<DL COMPACT>
<DT><DD>
Creates the file before doing the same as above. If the file already
exists, an error message will be printed and no action will be taken.
</DL>
<P>
<B>aespasswd -f /usr/local/etc/bwctld.keys -d testuser</B>
<DL COMPACT>
<DT><DD>
Deletes the identity <I>testuser</I> from the keyfile.
If the file does not exist, an error message will be printed and no action will be taken.
</DL>
<P>
<A NAME="lbAH"> </A>
<H2>SECURITY CONSIDERATIONS</H2>
The keys in the <I>keyfile</I> are not encrypted in any way. The security
of these keys is completely dependent upon the security of the system and the
discretion of the system administrator.
<A NAME="lbAI"> </A>
<H2>RESTRICTIONS</H2>
<I>identity</I> names are restricted to 16 characters, and passphrases
are limited to 1024 characters.
<A NAME="lbAJ"> </A>
<H2>SEE ALSO</H2>
<A HREF="owping.man.html">owping</A>(1), <A HREF="owampd.man.html">owampd</A>(1), <A HREF="bwctl.man.html">bwctl</A>(1), <A HREF="bwctld.man.html">bwctld</A>(1)
and the <A HREF="http://e2epi.internet2.edu/owamp">http://e2epi.internet2.edu/owamp</A> and
<A HREF="http://e2epi.internet2.edu/bwctl">http://e2epi.internet2.edu/bwctl</A> web sites.
<A NAME="lbAK"> </A>
<H2>ACKNOWLEDGMENTS</H2>
This material is based in part on work supported by the National Science
Foundation (NSF) under Grant No. ANI-0314723. Any opinions, findings and
conclusions or recommendations expressed in this material are those of
the author(s) and do not necessarily reflect the views of the NSF.
<P>
<HR>
<A NAME="index"> </A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">OPTIONS</A><DD>
<DT><A HREF="#lbAE">DESCRIPTION</A><DD>
<DT><A HREF="#lbAF">KEYFILE FORMAT</A><DD>
<DT><A HREF="#lbAG">EXAMPLES</A><DD>
<DT><A HREF="#lbAH">SECURITY CONSIDERATIONS</A><DD>
<DT><A HREF="#lbAI">RESTRICTIONS</A><DD>
<DT><A HREF="#lbAJ">SEE ALSO</A><DD>
<DT><A HREF="#lbAK">ACKNOWLEDGMENTS</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 19:05:04 GMT, February 17, 2014
</BODY>
</HTML>
|