-
Notifications
You must be signed in to change notification settings - Fork 5
/
uftp_keymgt_man.txt
110 lines (78 loc) · 4.61 KB
/
uftp_keymgt_man.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
uftp_keymgt(1) uftp_keymgt(1)
NAME
uftp_keymgt - Encrypted UDP based ftp with multicast - key management
utility
SYNOPSIS
uftp_keymgt [ -m ] [ key_file [ key_file ...] ]
uftp_keymgt [ -m ] -g { rsa:key_length | ec:curve } key_file
uftp_keymgt [ -m ] -d key_file
DESCRIPTION
uftp_keymgt is a utility for creating, viewing, and deleting RSA and EC
private keys used by the UFTP suite. Although keys can be generated on
the fly by uftp(1), uftpd(1), and uftpproxyd(1), this utility gives a
more straightforward way of doing so without having to kick off a dummy
process just to create/view a key.
The definition of key_file is dependent on the crypto library UFTP is
compiled to use.
On Windows systems, UFTP can built to use either CNG, which is the new
API supported by Windows Vista and Windows 7, or CryptoAPI, which is
the legacy API and the only one available to Windows XP.
Under CryptoAPI, all RSA private keys must be stored in a key container
(technically only keys used to sign data, but for UFTP's purposes this
is the case). Key containers are internal to Windows, and each user
(and the system) has its own set of key containers. In this case,
key_file is actually the name of the key container. Elliptic Curve
algorithms are not supported under CryptoAPI.
Under CNG, RSA and ECDSA private keys are also stored in key contain‐
ers, and RSA keys created by CrypoAPI may be read by CNG. Like Cryp‐
toAPI, key_file also specifies the key container name. CNG only sup‐
ports 3 named EC curves: prime256v1, secp384r1, and secp521r1.
All other systems use OpenSSL for the crypto library (although under
Windows UFTP can be also be built to use it). In this case, key_file
specifies a file name where the RSA or ECDSA private key is stored
unencrypted in PEM format (the OS is expected to protect this file).
The -g option is used to generate a key of a given type and store it in
the given key_file. The key size and key fingerprint are then printed.
Under OpenSSL, a key can actually be generated by the openssl(1) com‐
mand line utility, although you'll still need to run uftp_keymgt on it
to see the fingerprint.
The -d option is available only on Windows systems using CryptoAPI or
CNG. It deletes the key container specified by key_file.
When neither -g or -d are specified, the type and fingerprint of all
keys listed are printed. If no keys are specified under Windows with
CryptoAPI or CNG, the private key for all key containers for the cur‐
rent user are printed. Note that some key containers may exist that an
application other than UFTP is using, and some of those may not have an
RSA or EC private key.
OPTIONS
The following options are supported:
-g { rsa:key_length | ec:curve } key_file
Specifies the type of new key and the key_file to store it in.
New keys are specified as either rsa:key_length, which creates
an RSA private key key_length bits wide, or as ec:curve, which
creates an EC key using the curve "curve".
The list of supported EC curves is as follows (availability may
vary depending on system settings and crypto library used):
sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1
sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1
sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1
prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1
secp521r1
-d key_file
Specifies the Windows key container to delete.
-m For Windows systems using CryptoAPI or CNG, private keys are
normally stored in the key container of the running user. Spec‐
ifying this option stores keys in the system key container. On
non-Windows systems, this option has no effect.
EXIT STATUS
The following exit values are returned:
0 The command completed successfully.
1 An invalid command line parameter was specified.
SEE ALSO
uftp(1), uftpd(1), uftpproxyd(1)
NOTES
The latest version of UFTP can be found at http://uftp-multi‐
cast.sourceforge.net. UFTP is covered by the GNU General Public
License. Commercial licenses and support are available from Dennis
Bush ([email protected]).
UFTP 4.8 5 January 2016 uftp_keymgt(1)