DragonFly On-Line Manual Pages

Search: Section:  

aespasswd(1)           DragonFly General Commands Manual          aespasswd(1)


NAME

       aespasswd - Used to create and manage an AES keyfile.


SYNOPSIS

       aespasswd [-n] [-d] -f keyfile identity


OPTIONS

       -n     Create the keyfile

       -d     Delete given identity from keyfile

       -f keyfile
              Specifies file that holds identity/key pairs


DESCRIPTION

       aespasswd is used to create and manage files that hold identity/key
       pairs. It is primarily used to manage the bwctld.keys file for bwctld
       and the owampd.keys file for owampd.

       If the -d option is not specified, then aespasswd prompts the caller
       for a passphrase. The passphrase is hashed using an internal MD5
       algorithm to generate a key that is then saved in the keyfile
       associated with the given identity. If the given identity already
       exists in the keyfile, the previous key is overwritten with the new
       one.

       keyfiles generated by aespasswd are formatted for use with BWCTL and
       OWAMP.


KEYFILE FORMAT

       aespasswd generates lines of the format:

       test 54b0c58c7ce9f2a8b551351102ee0938

       An identity, followed by whitespace, followed by a hex encoded 128-bit
       number, that is suitable to be used as a symmetric AES key.

       No other text is allowed on these lines; however, comment lines may be
       added. Comment lines are any line where the first non-white space
       character is '#'.


EXAMPLES

       aespasswd -f /usr/local/etc/bwctld.keys testuser

              Adds a key for the identity testuser. The user is prompted for a
              passphrase. If the file does not exist, an error message will be
              printed and no action will be taken.

       aespasswd -f /usr/local/etc/bwctld.keys -n testuser

              Creates the file before doing the same as above. If the file
              already exists, an error message will be printed and no action
              will be taken.

       aespasswd -f /usr/local/etc/bwctld.keys -d testuser

              Deletes the identity testuser from the keyfile.  If the file
              does not exist, an error message will be printed and no action
              will be taken.


SECURITY CONSIDERATIONS

       The keys in the keyfile are not encrypted in any way. The security of
       these keys is completely dependent upon the security of the system and
       the discretion of the system administrator.


RESTRICTIONS

       identity names are restricted to 16 characters, and passphrases are
       limited to 1024 characters.


SEE ALSO

       owping(1), owampd(1), bwctl(1), bwctld(1) and the
       http://e2epi.internet2.edu/owamp and http://e2epi.internet2.edu/bwctl
       web sites.


ACKNOWLEDGMENTS

       This material is based in part on work supported by the National
       Science Foundation (NSF) under Grant No. ANI-0314723. Any opinions,
       findings and conclusions or recommendations expressed in this material
       are those of the author(s) and do not necessarily reflect the views of
       the NSF.

                                  2004 Feb 8                      aespasswd(1)

Search: Section: