wanboot_keygen(1M)

NAME

     wanboot_keygen - create and display client and  server  keys
     for WAN booting

SYNOPSIS

     /usr/lib/inet/wanboot/keygen     -c      -o      net=a.b.c.d
     ,cid=client_ID,type=3des

     /usr/lib/inet/wanboot/keygen     -c      -o      net=a.b.c.d
     ,cid=client_ID,type=aes

     /usr/lib/inet/wanboot/keygen -m

     /usr/lib/inet/wanboot/keygen     -c      -o      net=a.b.c.d
     ,cid=client_ID,type=sha1

     /usr/lib/inet/wanboot/keygen -d -m

     /usr/lib/inet/wanboot/keygen     -c      -o      net=a.b.c.d
     ,cid=client_ID,type=keytype

DESCRIPTION

     The keygen utility has three purposes:

        o  Using the -c flag, to generate  and  store  per-client
           3DES/AES encryption keys, avoiding any DES weak keys.

        o  Using the -m flag, to generate and  store  a  "master"
           HMAC SHA-1 key for WAN install, and to derive from the
           master key per-client HMAC SHA-1 hashing  keys,  in  a
           manner described in RFC 3118, Appendix A.

        o  Using the -d flag along with either the -c or -m  flag
           to  indicate  the  key repository, to display a key of
           type specified by keytype, which must be one of  3des,
           aes, or sha1.

     The net and cid arguments are used to  identify  a  specific
     client.  Both  arguments  are optional. If the cid option is
     not provided, the key being created or displayed will have a
     per-network  scope.  If the net option is not provided, then
     the key will have a  global  scope.  Default  net  and  code
     values  are  used  to derive an HMAC SHA-1 key if the values
     are not provided by the user.

OPTIONS

     The following options are supported:

     -c    Generate  and  store  per-client  3DES/AES  encryption
           keys,  avoiding  any DES weak keys. Also generates and
           stores per-client HMAC SHA-1 keys. Used in conjunction
           with -o.

     -d    Display a key of type specified by keytype, which must
           be  one  of 3des, aes, or sha1. Use -d with -m or with
           -c and -o.

     -m    Generate and store a "master" HMAC SHA-1 key  for  WAN
           install.

     -o    Specifies the WANboot client and/or keytype.

EXAMPLES

     Example 1: Generate a Master HMAC SHA-1 Key

     # keygen -m

     Example 2: Generate and Then Display a Client-Specific  Mas-
     ter HMAC SHA-1 Key

     # keygen -c -o net=129.148.174.0,cid=010003BA0E6A36,type=sha1
     # keygen -d -c -o net=129.148.174.0,cid=010003BA0E6A36,type=sha1

     Example 3: Generate and Display  a  3DES  Key  with  a  Per-
     Network Scope

     # keygen -c -o net=129.148.174.0,type=3des
     # keygen -d -o net=129.148.174.0,type=3des

EXIT STATUS

     0     Successful operation.

     >0    An error occurred.

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWwbsup                   |
    |_____________________________|_____________________________|
    | Interface Stability         | Obsolete                    |
    |_____________________________|_____________________________|

SEE ALSO

     attributes(5)