keymaster(1M) keymaster(1M)
NAME
keymaster - cr1 key data base administration
SYNOPSIS
keymaster [-k | -cn] [-s scheme]
DESCRIPTION
The keymaster command starts the cr1 key management daemon and
sets the master key that is used to encrypt and decrypt the
shared keys stored in the keys file [see cr1(1M)].
A shared key is a bit string, known only to the parties in an
exchange, that is used to authenticate a connection. When
shared keys are entered, they are stored in a keys file by a
daemon process. If a master key exists, the shared keys in
the file are encrypted.
When keymaster is first entered, it forks a process that
continues as the key management daemon.
Files
/etc/iaf/cr1/keys cr1 key data base
Exit Codes
keymaster passes a request to the key management daemon either
by becoming the daemon, or by writing to the current daemon's
pipe. If the daemon returns success, keymaster exits with a
value of 0; otherwise, it prints an error message and exits
with a non-zero value.
Note that, if keymaster successfully starts the key management
daemon, it indicates success to the user, even though the
daemon may subsequently fail.
USAGE
Use of keymaster is restricted to the privileged user. The
privileged user is the owner of the keys file.
The options to keymaster have the following meanings:
-c Indicates that the master key is to be changed. When
the -c option is entered, the command first prompts the
user to enter the old master key, then a new master key.
Copyright 1994 Novell, Inc. Page 1
keymaster(1M) keymaster(1M)
-n Indicates that the keys file is not encrypted. When the
-n option is used, the keymaster command does not prompt
for a master key.
-k Indicates that the key management daemon is to be
stopped. No key is required to stop the key management
daemon. This option takes precedence over both -c and
-n.
-s scheme
Specifies the name of the scheme to be used. The
default for scheme is cr1, which uses DES encryption,
and requires that the Encryption Utilities package be
installed. If this package is not available, ENIGMA
encryption can be used by specifying cr1.enigma as the
scheme.
When no options are specified, keymaster prompts for the
current master key. If the master key is entered correctly,
the keymaster daemon is started.
keymaster does not echo keys as they are typed. It confirms a
new master key by requiring the user to enter the key a second
time. If the second entry does not match the first, the
operation is not executed.
REFERENCES
cr1(1M), cryptkey(1), getkey(3N)
Copyright 1994 Novell, Inc. Page 2