man pages section 1M: System Administration Commands

Exit Print View

 
Updated: July 2014
 
 

wanboot_keygen(1M)

Name

wanboot_keygen - create and display client and server keys for WAN booting

Synopsis

/usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=3des
/usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=aes
/usr/lib/inet/wanboot/keygen -m
/usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=sha1
/usr/lib/inet/wanboot/keygen -d -m
/usr/lib/inet/wanboot/keygen -c -o net=a.b.c.d ,cid=client_ID,type=keytype

Description

The keygen utility has three purposes:

  • Using the –c flag, to generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys.

  • Using the –m flag, to generate and store a “master” HMAC SHA-1 key for WAN install, and to derive from the master key per-client HMAC SHA-1 hashing keys, in a manner described in RFC 3118, Appendix A.

  • Using the –d flag along with either the –c or –m flag to indicate the key repository, to display a key of type specified by keytype, which must be one of 3des, aes, or sha1.

The net and cid arguments are used to identify a specific client. Both arguments are optional. If the cid option is not provided, the key being created or displayed will have a per-network scope. If the net option is not provided, then the key will have a global scope. Default net and code values are used to derive an HMAC SHA-1 key if the values are not provided by the user.

Options

The following options are supported:

–c

Generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys. Also generates and stores per-client HMAC SHA-1 keys. Used in conjunction with –o.

–d

Display a key of type specified by keytype, which must be one of 3des, aes, or sha1. Use –d with –m or with –c and –o.

–m

Generate and store a “master” HMAC SHA-1 key for WAN install.

–o

Specifies the WANboot client and/or keytype.

Examples

Example 1 Generate a Master HMAC SHA-1 Key 
# keygen -m
Example 2 Generate and Then Display a Client-Specific Master HMAC SHA-1 Key 
# keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
# keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
Example 3 Generate and Display a 3DES Key with a Per-Network Scope 
# keygen -c -o net=172.16.174.0,type=3des
# keygen -d -o net=172.16.174.0,type=3des

Exit Status

0

Successful operation.

>0

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/boot/wanboot
Interface Stability
Obsolete

See also

attributes(5)

Copyright © 1993, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next