GEN_DSS_KEY(8) BSD System Manager's Manual GEN_DSS_KEY(8)NAME
gen_dss_key - generate public/private DSS key pair.
SYNOPSISadd_preshr_key address key
add_pub_key [RSA] filename
dump_key [RSA]
fingerprint [RSA] [ascii file]
gen_dss_key
gen_rsa_key
list_keys [RSA]
show_preshr
DESCRIPTION
Both public keys and pre-shared keys are kept in flat files (a known se-
curity hole!) and are managed by a suite of routines and an interface li-
brary in the auth directory.
Key rings are kept in a directory specified in authdef.h (KEYPATH) under
the names <hostname>.dsspriv and <hostname>.dsspub for DSS keys, <host-
name>.rsapriv and <hostname>.rsapub for RSA keys, and <host-
name>.preshr.priv and <hostname>.preshr.pub for pre-shared keys. For ex-
ample, using the default KEYPATH of /var/db on host joe.blow.org, the DSS
private key file would be /var/db/joe.blow.org.dsspriv; the public key
ring would be the file /var/db/joe.blow.org.dsspub. Edit the authdef.h
file and set the KEYPATH directory if the default is not satisfactory.
The supplied routines are:
gen_dss_key This routine will generate a public/private DSS key pair and
store the result in $KEYPATH/<hostname>.dsspriv.
gen_rsa_key This routine will generate a public/private RSA key pair and
store the result in $KEYPATH/<hostname>.rsapriv.
dump_key Generate an ASCII rendition of your public key. This routine
is used to create a file suitable for sharing with other
parties with whom you would like to authenticate.
add_pub_key Add another party's public key to your public key ring. It
is assumed that the file to add was created by the other
party with dump_key.
list_keys Print out ASCII renderings of all entries in your public key
ring.
fingerprint Obtain the fingerprint of a public key. This routine is used
to verify that a public key has not been tampered with.
This routine is either passed the filename of an ASCII file
which contains the public key of another party, in which
case it will generate a fingerprint from it, or nothing, in
which case it will generate a fingerprint from the public
key of the current host.
add_preshr_key
Add a key to the pre-shared key ring. The address is an IP
address and the key can be up to 128 bytes long.
show_preshr Print out ASCII renderings of all entries in your pre-shared
key ring.
dump_key, add_pub_key, list_keys, and fingerprint all take an optional
parameter (RSA) to denote which public key ring to operate on. The de-
fault is DSS.
In addition to these routines the libauth.a library contains subroutines
which can be used by applications wishing to access the key files. The
authdef.h file defines appropriate structures and prototypes for this li-
brary. Using the aforementioned routines and library, individuals can
generate, exchange, and manage public keys and pre-shared keys. At this
time there is no facility for indirect trust-- a key in your public key
ring in implicitly trusted.
DISCLAIMER OF LIABILITY
THIS SOFTWARE IS PROVIDED BY CISCO SYSTEMS, INC. ("CISCO") ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IM-
PLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL CISCO BE LIABLE FOR ANY DIRECT, INDI-
RECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUD-
ING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
LICENSE
All software in this package is provided under the following license:
"In no event shall Cisco's or its suppliers' liability to Licensee,
whether in contract, tort (including negligence), or otherwise, exceed
the price paid by Licensee.
This License is effective until terminated. Licensee may terminate this
License at any time by destroying all copies of software including any
documentation. This License will terminate immediately without notice
from Cisco if Licensee fails to comply with any provision of this Li-
cense. Upon termination, Licensee must destroy all copies of software.
This License shall be governed by and construed in accordance with the
laws of the State of California, United States of America, as if per-
formed wholly within the state and without giving effect to the princi-
ples of conflict of law. If any portion hereof is found to be void or un-
enforceable, the remaining provisions of this License shall remain in
full force and effect. This License constitutes the entire License be-
tween the parties with respect to the use of the software."
If licensee is the U.S. Government, then the following restrictions ap-
ply: Restricted Rights - Cisco's software is provided to non-DOD agencies
with RESTRICTED RIGHTS and its supporting documentation is provided with
LIMITED RIGHTS. Use, duplication, or disclosure by the Government is sub-
ject to the restrictions as set forth in subparagraph "C" of the Commer-
cial Computer Software - Restricted Rights clause at FAR 52.227-19. In
the event the sale is to a DOD agency, the government's rights in soft-
ware, supporting documentation, and technical data are governed by the
restrictions in the Technical Data Commercial Items clause at DFARS
252.227-7015 and DFARS 227.7202.
FILES
/var/db/<hostname>.dsspub Public DSS key.
/var/db/<hostname>.dsspriv Private DSS key.
/var/db/<hostname>.rsapriv Public RSA key.
/var/db/<hostname>.rsapub Private RSA key.
/var/db/<hostname>.preshr.pub Public pre-shared key.
/var/db/<hostname>.preshr.priv Private pre-shared key.
BUGS
An application to remove a key from the public key ring is left as an ex-
ercise for the reader.
A BSAFE version of the RSA specific routines has been written but is not
part of this distribution.
IKE Jan 1, 1998 2