MirOS Manual: keynote(1)

KEYNOTE(1)                   BSD Reference Manual                   KEYNOTE(1)

NAME

     keynote - command line tool for keynote operations

SYNOPSIS

     keynote keygen AlgorithmName KeySize PublicKeyFile PrivateKeyFile
            [print-offset] [print-length]

     keynote sign [-v] AlgorithmName AssertionFile PrivateKeyFile [print-
            offset] [print-length]

     keynote sigver [AssertionFile]

     keynote verify [-h] [-e file] -l file -r retlist [-k file] [-l file]
            [file ...]

DESCRIPTION

     For more details on KeyNote, see RFC 2704.

KEY GENERATION

     keynote keygen creates a public/private key of size KeySize (in bits),
     for the algorithm specified by AlgorithmName. Typical keysizes are 512,
     1024, or 2048 (bits). The minimum key size for DSA keys is 512 (bits).
     Supported AlgorithmName identifiers are:

           dsa-hex:
           dsa-base64:
           rsa-hex:
           rsa-base64:

     Notice that the trailing colon is required. The resulting public key is
     stored in file PublicKeyFile. Similarly, the resulting private key is
     stored in file PrivateKeyFile. Either of the filenames can be specified
     to be '-', in which case the corresponding key(s) will be printed to
     standard output.

     The optional parameters print-offset and print-length specify the offset
     from the beginning of the line where the key will be printed, and the
     number of characters of the key that will be printed per line. print-
     length includes AlgorithmName for the first line and has to be longer (by
     at least 2) than AlgorithmName. print-length also accounts for the line-
     continuation character (backslash) at the end of each line, and the dou-
     ble quotes at the beginning and end of the key encoding. Default values
     are 12 and 50 respectively.

ASSERTION SIGNING

     keynote sign reads the assertion contained in AssertionFile and generates
     a signature specified by AlgorithmName using the private key stored in
     PrivateKeyFile. The private key is expected to be of the form output by
     keynote keygen. The private key algorithm and the AlgorithmName specified
     as an argument are expected to match. There is no requirement for the
     internal or ASCII encodings to match. Valid AlgorithmName identifiers
     are:

           sig-dsa-sha1-hex:
           sig-dsa-sha1-base64:
           sig-rsa-sha1-hex:
           sig-rsa-sha1-base64:
           sig-rsa-md5-hex:
           sig-rsa-md5-base64:
           sig-x509-sha1-hex:
           sig-x509-sha1-base64:

     Notice that the trailing colon is required. The resulting signature is
     printed to standard output. This can then be added (via cut-and-paste or
     some script) at the end of the assertion, in the Signature field.

     The public key corresponding to the private key in PrivateKeyFile is ex-
     pected to already be included in the Authorizer field of the assertion,
     either directly or indirectly (i.e., through use of a Local-Constants at-
     tribute). Furthermore, the assertion must have a Signature field (even if
     it is empty), as the signature is computed on everything between the
     KeyNote-Version and Signature keywords (inclusive), and the AlgorithmName
     string.

     If the -v flag is provided, keynote sign will also verify the newly-
     created signature using the Authorizer field key.

     The optional parameters print-offset and print-length specify the offset
     from the beginning of the line where the signature will be printed, and
     the number of characters of the signature that will be printed per line.
     print-length includes AlgorithmName for the first line and has to be
     longer (by at least 2) than AlgorithmName. print-length also accounts for
     the line-continuation character (backslash) at the end of each line, and
     the double quotes at the beginning and end of the signature encoding. De-
     fault values are 12 and 50 respectively.

SIGNATURE VERIFICATION

     keynote sigver reads the assertions contained in AssertionFile and veri-
     fies the public-key signatures on all of them.

QUERY TOOL

     For each operand that names a file, keynote verify reads the file and
     parses the assertions contained therein (one assertion per file).

     The options are as follows:

     -e file  Specify a file containing environment variables and their
              values, in the following format:

                    varname = "value"

              varname can begin with any letter (upper or lower case) or
              number, and can contain underscores. value is a quoted string,
              and can contain any character, and escape (backslash) processing
              is performed, as specified in the KeyNote RFC.

     -h       Print a usage message and exit.

     -k file  Add a key from file in the action authorizers.

     -l file  Specify a file containing trusted assertions (no signature ve-
              rification is performed), and the Authorizer field can contain
              non-key principals. There should be at least one assertion with
              the POLICY keyword in the Authorizer field.

     -r retlist
              Specify a comma-separated list of return values, in increasing
              order of compliance from left to right.

     Exactly one -r and at least one each of the -e, -l, and -k flags should
     be given per invocation. If no flags are given, keynote verify prints the
     usage message and exits with error code -1.

     keynote verify exits with code -1 if there was an error, and 0 on suc-
     cess.

SEE ALSO

     keynote(3), keynote(4), keynote(5)

     M. Blaze, J. Feigenbaum, and A. D. Keromytis, The KeyNote Trust-
     Management System, Version 2, RFC 2704, 1999.

     M. Blaze, J. Feigenbaum, and J. Lacy, "Decentralized Trust Management",
     IEEE Conference on Privacy and Security, 1996.

     M. Blaze, J. Feigenbaum, and M. Strauss, "Compliance-Checking in the
     PolicyMaker Trust Management System", Financial Crypto Conference, 1998.

AUTHORS

     Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>

WEB PAGE

     http://www.cis.upenn.edu/~keynote

BUGS

     None that we know of. If you find any, please report them at
     <keynote@research.att.com>.

MirOS BSD #10-current           April 29, 1999                               2

Generated on 2014-07-04 21:17:45 by $MirOS: src/scripts/roff2htm,v 1.79 2014/02/10 00:36:11 tg Exp $

These manual pages and other documentation are copyrighted by their respective writers; their source is available at our CVSweb, AnonCVS, and other mirrors. The rest is Copyright © 2002‒2014 The MirOS Project, Germany.
This product includes material provided by Thorsten Glaser.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report – diffs preferred.