Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ keymaster(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

cr1(1M)

cryptkey(1)

getkey(3N)






       keymaster(1M)                                          keymaster(1M)


       NAME
             keymaster - cr1 key data base administration

       SYNOPSIS
             keymaster [-k | -cn] [-s scheme]

       DESCRIPTION
             The keymaster command starts the cr1 key management daemon and
             sets the master key that is used to encrypt and decrypt the
             shared keys stored in the keys file [see cr1(1M)].

             A shared key is a bit string, known only to the parties in an
             exchange, that is used to authenticate a connection.  When
             shared keys are entered, they are stored in a keys file by a
             daemon process.  If a master key exists, the shared keys in
             the file are encrypted.

             When keymaster is first entered, it forks a process that
             continues as the key management daemon.

          Files
             /etc/iaf/cr1/keys     cr1 key data base

          Exit Codes
             keymaster passes a request to the key management daemon either
             by becoming the daemon, or by writing to the current daemon's
             pipe.  If the daemon returns success, keymaster exits with a
             value of 0; otherwise, it prints an error message and exits
             with a non-zero value.

             Note that, if keymaster successfully starts the key management
             daemon, it indicates success to the user, even though the
             daemon may subsequently fail.

       USAGE
             Use of keymaster is restricted to the privileged user.  The
             privileged user is the owner of the keys file.

             The options to keymaster have the following meanings:

             -c    Indicates that the master key is to be changed.  When
                   the -c option is entered, the command first prompts the
                   user to enter the old master key, then a new master key.





                           Copyright 1994 Novell, Inc.               Page 1













      keymaster(1M)                                          keymaster(1M)


            -n    Indicates that the keys file is not encrypted.  When the
                  -n option is used, the keymaster command does not prompt
                  for a master key.

            -k    Indicates that the key management daemon is to be
                  stopped.  No key is required to stop the key management
                  daemon.  This option takes precedence over both -c and
                  -n.

            -s scheme
                  Specifies the name of the scheme to be used.  The
                  default for scheme is cr1, which uses DES encryption,
                  and requires that the Encryption Utilities package be
                  installed.  If this package is not available, ENIGMA
                  encryption can be used by specifying cr1.enigma as the
                  scheme.

            When no options are specified, keymaster prompts for the
            current master key.  If the master key is entered correctly,
            the keymaster daemon is started.

            keymaster does not echo keys as they are typed.  It confirms a
            new master key by requiring the user to enter the key a second
            time.  If the second entry does not match the first, the
            operation is not executed.

      REFERENCES
            cr1(1M), cryptkey(1), getkey(3N)




















                          Copyright 1994 Novell, Inc.               Page 2








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026