aespasswd(1)aespasswd(1)NAMEaespasswd - Used to create and manage an AES keyfile.
SYNOPSISaespasswd [-n] [-d] -f keyfile identity
OPTIONS-n Create the keyfile
-d Delete given identity from keyfile
-f keyfile
Specifies file that holds identity/key pairs
DESCRIPTIONaespasswd is used to create and manage files that hold identity/key
pairs. It is primarily used to manage the bwctld.keys file for bwctld
and the owampd.keys file for owampd.
If the -d option is not specified, then aespasswd prompts the caller
for a passphrase. The passphrase is hashed using an internal MD5 algo‐
rithm to generate a key that is then saved in the keyfile associated
with the given identity. If the given identity already exists in the
keyfile, the previous key is overwritten with the new one.
keyfiles generated by aespasswd are formatted for use with BWCTL and
OWAMP.
KEYFILE FORMATaespasswd generates lines of the format:
test 54b0c58c7ce9f2a8b551351102ee0938
An identity, followed by whitespace, followed by a hex encoded 128-bit
number, that is suitable to be used as a symmetric AES key.
No other text is allowed on these lines; however, comment lines may be
added. Comment lines are any line where the first non-white space char‐
acter is '#'.
EXAMPLESaespasswd-f /usr/local/etc/bwctld.keys testuser
Adds a key for the identity testuser. The user is prompted for a
passphrase. If the file does not exist, an error message will be
printed and no action will be taken.
aespasswd-f /usr/local/etc/bwctld.keys -n testuser
Creates the file before doing the same as above. If the file
already exists, an error message will be printed and no action
will be taken.
aespasswd-f /usr/local/etc/bwctld.keys -d testuser
Deletes the identity testuser from the keyfile. If the file
does not exist, an error message will be printed and no action
will be taken.
SECURITY CONSIDERATIONS
The keys in the keyfile are not encrypted in any way. The security of
these keys is completely dependent upon the security of the system and
the discretion of the system administrator.
RESTRICTIONS
identity names are restricted to 16 characters, and passphrases are
limited to 1024 characters.
SEE ALSOowping(1), owampd(1), bwctl(1), bwctld(1) and the
http://e2epi.internet2.edu/owamp and http://e2epi.internet2.edu/bwctl
web sites.
ACKNOWLEDGMENTS
This material is based in part on work supported by the National Sci‐
ence Foundation (NSF) under Grant No. ANI-0314723. Any opinions, find‐
ings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect the views of the
NSF.
2004 Feb 8 aespasswd(1)