Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ cryptkey(1) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

cr1(1M)

getkey(3N)

keymaster(1M)






       cryptkey(1)                                              cryptkey(1)


       NAME
             cryptkey - add, delete, or modify a key in the cr1 key data
             base

       SYNOPSIS
             cryptkey [-a | -c | -d] [-s scheme] [local_principal] remote_principal

       DESCRIPTION
             The cryptkey command adds, deletes, or modifies the key shared
             by two principals in an authentication exchange.  Typically, a
             shared key is used in a cr1 exchange [see cr1(1M)].  A shared
             key is a bit string, known only to the parties in an exchange,
             that is used to authenticate a connection.

          Files
             /etc/iaf/cr1/keys cr1 key data base

          Diagnostics
             If the daemon has been installed and is running, cryptkey
             determines success or failure based on the response of the
             daemon and indicates the result to the user.  If the request
             is processed successfully, cryptkey exits with a value of 0;
             otherwise, it prints an error message and exits with a non-
             zero value.

       USAGE
             The cryptkey command is used to enter the shared key and the
             identities of the principals (the local and remote hosts or
             users) that are required to use the key to complete
             authentication.  The cryptkey command can be used by both
             privileged and non-privileged users.  The privileged user is
             the owner of the keys file.  A non-privileged user must be the
             local principal for whom the key is being added, deleted, or
             modified.

             Once the shared key has been entered using the cryptkey
             command, it is stored in the keys file by a daemon process.
             If a master key exists, the shared keys in the file are
             encrypted, using that master key.

             The options to cryptkey have the following meanings:

             -a        Indicates that an entry for the specified principals
                       is to be added to the keys file.  The user will be
                       prompted for the new key.  To confirm the entry, the
                       system prompts the user to enter the key a second


                           Copyright 1994 Novell, Inc.               Page 1













      cryptkey(1)                                              cryptkey(1)


                      time.

            -c        Indicates that the entry in the keys file for the
                      specified principals is to be changed.  The system
                      prompts a non-privileged user to enter the old key.
                      The system then prompts the user for a new key.  To
                      confirm the new key, the system prompts the user to
                      enter it a second time.  A privileged user is not
                      required to enter the old key.

            -d        Indicates that the entry for the specified
                      principals is to be deleted from the keys file.  The
                      system prompts a non-privileged user to enter the
                      old key.  A privileged user is not required to enter
                      the old key.

            -s  scheme
                      Specifies the name of the scheme to be used.  The
                      default for scheme is cr1, which uses DES
                      encryption, and requires that the Encryption
                      Utilities package be installed.  If this package is
                      not available, ENIGMA encryption can be used by
                      specifying cr1.enigma as the scheme.

            local_principal
                      The name of the local principal sharing the key.
                      The name has one of the following forms, where
                      local_user is any logname in /etc/passwd:
                            [local_user][@ local_system]
                            [local_system!][local_user]

                      If local_principal is omitted, the principal name of
                      the effective user is assumed.

            remote_principal
                      The name of the remote principal sharing the key.
                      The name has one of the following forms, where
                      remote_user is the logname of a remote user:
                            [remote_user@]remote_system
                            remote_system[!remote_user]

            If cryptkey is entered without options, the -c option is
            assumed and an existing key for the specified principals will
            be modified.




                          Copyright 1994 Novell, Inc.               Page 2













       cryptkey(1)                                              cryptkey(1)


             The system confirms a request to enter a new key by prompting
             the user to enter the key a second time.  If the second entry
             does not match the first, the operation is not executed.

          Warnings
             For the local-principal, cryptkey does not validate the
             existence of system names when they are entered, although it
             requires that they be printable characters.  When entered by a
             privileged user, cryptkey does not validate lognames.

             For the remote-principal, cryptkey does not validate system
             names or log names at any time.

       REFERENCES
             cr1(1M), getkey(3N), keymaster(1M)

































                           Copyright 1994 Novell, Inc.               Page 3








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026