keymaster(1Mbnu)


keymaster -- cr1 key database administration

Synopsis

keymaster [-k | -cn] [-s scheme]

Description

The keymaster command starts the cr1 key management daemon and sets the master key that is used to encrypt and decrypt the shared keys stored in the keys file (see cr1(1Mbnu)).

A shared key is a bit string, known only to the parties in an exchange, that is used to authenticate a connection. When shared keys are entered, they are stored in a keys file by a daemon process. If a master key exists, the shared keys in the file are encrypted.

When keymaster is first entered, it forks a process that continues as the key management daemon.

Options

The options to keymaster are as follows:

-c
Indicates that the master key is to be changed. keymaster first prompts the user to enter the old master key, then a new master key.

-n
Indicates that the keys file is not encrypted. keymaster does not prompt for a master key.

-k
Indicates that the key management daemon is to be stopped. No key is required to stop the key management daemon. This option takes precedence over both -c and -n.

-s scheme
Specifies the name of the scheme to be used. The default scheme is cr1, which uses DES encryption, and requires that the Encryption Utilities package be installed. If this package is not available, ENIGMA encryption can be used by specifying cr1.enigma for scheme.

When no options are specified, keymaster prompts for the current master key. If the master key is entered correctly, the keymaster daemon is started.

keymaster does not echo keys as they are typed. It confirms a new master key by requiring the user to enter the key a second time. If the second entry does not match the first, the operation is not executed.

Files


/etc/iaf/cr1/keys
cr1 key database

Usage

Use of keymaster is restricted to the privileged user. The privileged user is the owner of the keys file.

Exit codes

keymaster passes a request to the key management daemon either by becoming the daemon, or by writing to the current daemon's pipe. If the daemon returns success, keymaster exits with a value of 0; otherwise, it prints an error message and exits with a non-zero value.

Note that, if keymaster successfully starts the key management daemon, it indicates success to the user, even though the daemon may subsequently fail.

References

Config(4bnu), cr1(1Mbnu), cryptkey(1bnu), getkey(3N), Permissions(4bnu)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004