1 .\"# @(#)COPYRIGHT 1.1a (NRL) 17 August 1995
5 .\"All of the documentation and software included in this software
6 .\"distribution from the US Naval Research Laboratory (NRL) are
7 .\"copyrighted by their respective developers.
9 .\"This software and documentation were developed at NRL by various
10 .\"people. Those developers have each copyrighted the portions that they
11 .\"developed at NRL and have assigned All Rights for those portions to
12 .\"NRL. Outside the USA, NRL also has copyright on the software
13 .\"developed at NRL. The affected files all contain specific copyright
14 .\"notices and those notices must be retained in any derived work.
18 .\"NRL grants permission for redistribution and use in source and binary
19 .\"forms, with or without modification, of the software and documentation
20 .\"created at NRL provided that the following conditions are met:
22 .\"1. Redistributions of source code must retain the above copyright
23 .\" notice, this list of conditions and the following disclaimer.
24 .\"2. Redistributions in binary form must reproduce the above copyright
25 .\" notice, this list of conditions and the following disclaimer in the
26 .\" documentation and/or other materials provided with the distribution.
27 .\"3. All advertising materials mentioning features or use of this software
28 .\" must display the following acknowledgement:
30 .\" This product includes software developed at the Information
31 .\" Technology Division, US Naval Research Laboratory.
33 .\"4. Neither the name of the NRL nor the names of its contributors
34 .\" may be used to endorse or promote products derived from this software
35 .\" without specific prior written permission.
37 .\"THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
38 .\"IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
39 .\"TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
40 .\"PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
41 .\"CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
42 .\"EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
43 .\"PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
44 .\"PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
45 .\"LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
46 .\"NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 .\"SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
49 .\"The views and conclusions contained in the software and documentation
50 .\"are those of the authors and should not be interpreted as representing
51 .\"official policies, either expressed or implied, of the US Naval
52 .\"Research Laboratory (NRL).
54 .\"----------------------------------------------------------------------*/
56 .\" $ANA: keyadmin.8,v 1.3 1996/06/13 20:15:57 wollman Exp $
57 .\" $FreeBSD: src/usr.sbin/keyadmin/keyadmin.8,v 1.5.2.6 2003/03/11 21:13:50 trhodes Exp $
58 .\" $DragonFly: src/usr.sbin/keyadmin/keyadmin.8,v 1.2 2003/06/17 04:29:55 dillon Exp $
65 .Nd manually manipulate the kernel key management database
68 .Op Ar command Op Ar args
72 utility is used to manually enter security associations into the kernel
73 key/security association database. (See
76 Almost any operation offered in the
78 API is available to privileged users running
80 Until there is an implementation of an automated key management protocol,
81 which will manipulate the key database in a manner similar to how
85 manipulates the routing tables,
87 is the only way of establishing security associations.
91 is invoked without any arguments, it will enter an interactive mode, where
93 .Dq Ar command Op Ar args
97 .Dq Ar command Op Ar args .
99 can be one of the following:
101 .It Ic del Ar type spi source destination
103 Delete a security association between
113 delete esp 90125 anderson.yes.org rabin.yes.org
115 .It Ic get Ar type spi source destination
117 Retrieve (and print) a security association between
127 get ah 5150 eddie.vanhalen.com alex.vanhalen.com
131 Display the entire security association table. WARNING: This prints a lot
133 .It Ic load Ar filename
135 Load security association information from a file formatted as documented in
141 load keys from the standard input.
142 .It Ic save Ar filename
144 Save security association information to a file formatted as documented in
150 place the key file out on the standard output. (This can be used as a sort
156 command must create a new file; it will not write into an
157 existing file. This is to prevent writing into a world-readable file, or a
158 named pipe or UNIX socket (see
162 .It Ic help Op command
164 Offer brief help without an argument, or slightly more specific help on a
168 Erase all entries in the kernel security association table.
171 The following values for
173 are only available by using
175 in its interactive mode of operation:
177 .It Ic add Ar type spi source destination transform key
180 Add a security association of a particular
192 If a transform requires an initialization vector, the
194 argument contains it. This command is available only in interactive mode
197 makes no attempt to destroy its argument vector after use. A malicious user
200 command could determine security keys if
202 were allowed to be used straight from the command line. Example:
204 add esp 2112 temples.syrinx.org priests.syrinx.org des-cbc \\
205 a652a476a652a476 87ac9876deac9876
210 Exit interaction with
212 An EOF will also end interaction with
224 utility first appeared in NRL's
226 IPv6 networking distribution.
230 started its life as a pipe dream thought up by Dan McDonald, and came to
231 life through the excruciating efforts of Ran Atkinson, Dan McDonald,
232 Craig Metz, and Bao Phan.
233 The NRL version of the program was originally called
237 because of the conflict with
242 utility needs a -n flag like
244 to avoid name lookups.
250 commands currently display the first 30 or so entries.
projects / dragonfly.git / blob