aespasswd
Section: User Commands (1)
Updated: 2004 Feb 8
Index
Return to Main Contents
NAME
aespasswd - Used to create and manage an AES keyfile.
SYNOPSIS
aespasswd
[-n] [-d] -f keyfile identity
OPTIONS
- -n
-
Create the keyfile
- -d
-
Delete given identity from keyfile
- -f keyfile
-
Specifies file that holds identity/key pairs
DESCRIPTION
aespasswd
is used to create and manage files that hold identity/key pairs. It is
primarily used to manage the bwctld.keys file for bwctld
and the owampd.keys file for owampd.
If the -d option is not specified, then aespasswd prompts
the caller for a passphrase. The passphrase is hashed using an internal
MD5 algorithm to generate a key that is then saved in the keyfile
associated with the given identity. If the given identity
already exists in the keyfile, the previous key is overwritten with
the new one.
keyfiles generated by aespasswd are formatted for use with
BWCTL and OWAMP.
KEYFILE FORMAT
aespasswd generates lines of the format:
test 54b0c58c7ce9f2a8b551351102ee0938
An identity, followed by whitespace, followed by a hex encoded 128-bit
number, that is suitable to be used as a symmetric AES key.
No other text is allowed on these lines; however, comment lines may be
added. Comment lines are any line where the first non-white space character
is '#'.
EXAMPLES
aespasswd -f /usr/local/etc/bwctld.keys testuser
-
Adds a key for the identity testuser. The user is prompted for
a passphrase. If the file does not exist, an error message will
be printed and no action will be taken.
aespasswd -f /usr/local/etc/bwctld.keys -n testuser
-
Creates the file before doing the same as above. If the file already
exists, an error message will be printed and no action will be taken.
aespasswd -f /usr/local/etc/bwctld.keys -d testuser
-
Deletes the identity testuser from the keyfile.
If the file does not exist, an error message will be printed and no action will be taken.
SECURITY CONSIDERATIONS
The keys in the keyfile are not encrypted in any way. The security
of these keys is completely dependent upon the security of the system and the
discretion of the system administrator.
RESTRICTIONS
identity names are restricted to 16 characters, and passphrases
are limited to 1024 characters.
SEE ALSO
owping(1), owampd(1), bwctl(1), bwctld(1)
and the http://e2epi.internet2.edu/owamp and
http://e2epi.internet2.edu/bwctl web sites.
ACKNOWLEDGMENTS
This material is based in part on work supported by the National Science
Foundation (NSF) under Grant No. ANI-0314723. Any opinions, findings and
conclusions or recommendations expressed in this material are those of
the author(s) and do not necessarily reflect the views of the NSF.
Index
- NAME
-
- SYNOPSIS
-
- OPTIONS
-
- DESCRIPTION
-
- KEYFILE FORMAT
-
- EXAMPLES
-
- SECURITY CONSIDERATIONS
-
- RESTRICTIONS
-
- SEE ALSO
-
- ACKNOWLEDGMENTS
-
This document was created by
man2html,
using the manual pages.
Time: 18:40:19 GMT, August 11, 2010