icon Top 9 categories map      RocketAware >


Tips: Browse or Search all pages for efficient awareness of more than 6000 of the most popular reusable and open source applications, functions, libraries, and FAQs.

The "RKT couplings" below include links to source code, updates, additional information, advice, FAQs, and overviews.


Search all pages


By activity
Professions, Sciences, Humanities, Business, ...

User Interface
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...

Text Strings
Conversions, tests, processing, manipulation,...

Integer, Floating point, Matrix, Statistics, Boolean, ...

Algorithms, Memory, Process control, Debugging, ...

Stored Data
Data storage, Integrity, Encryption, Compression, ...

Networks, protocols, Interprocess, Remote, Client Server, ...

Hard World
Timing, Calendar and Clock, Audio, Video, Printer, Controls...

File System
Management, Filtering, File & Directory access, Viewers, ...


RocketLink!--> Man page versions:

keynote(1)                 OpenBSD Reference Manual                 keynote(1)

     keynote - command line tool for KeyNote(3) operations

     keynote keygen AlgorithmName KeySize PublicKeyFile PrivateKeyFile
            [print-offset] [print-length]

     keynote sign [-v] AlgorithmName AssertionFile PrivateKeyFile

     keynote sigver [AssertionFile]

     keynote verify [-h] [-e file] -l file -r retlist [-k file] [-l file]
            [file ...]

     For more details on KeyNote, see RFC 2704.

     "keynote keygen" creates a public/private key of size KeySize, (in bits)
     for the algorithm specified by AlgorithmName. Typical keysizes are 512,
     1024, or 2048 (bits). The minimum key size for DSA keys is 512 (bits).
     Supported AlgorithmName identifiers are:







     Notice that the trailing colon is required. The resulting public key is
     stored in file PublicKeyFile. Similarly, the resulting private key is
     stored in file PrivateKeyFile. Either of the filenames can be specified
     to be ``-'', in which case the corresponding key(s) will be printed in
     standard output.

     The optional parameters print-offset and print-length specify the offset
     from the beginning of the line where the key will be printed, and the
     number of characters of the key that will be printed per line.  print-
     length includes AlgorithmName for the first line and has to be longer (by
     at least 2) than AlgorithmName. print-length also accounts for the line-
     continuation character (backslash) at the end of each line, and the dou-
     blequotes at the beginning and end of the key encoding.  Default values
     are 12 and 50 respectively.

     "keynote sign" reads the assertion contained in AssertionFile and gener-
     ates a signature specified by AlgorithmName using the private key stored
     in PrivateKeyFile. The private key is expected to be of the form output
     by "keynote keygen".  The private key algorithm and the AlgorithmName
     specified as an argument are expected to match. There is no requirement
     for the internal or ASCII encodings to match.  Valid AlgorithmName iden-
     tifiers are:









     Notice that the trailing colon is required.  The resulting signature is
     printed in standard output. This can then be added (via cut-and-paste or
     some script) at the end of the assertion, in the Signature field.

     The public key corresponding to the private key in PrivateKeyFile is ex-
     pected to already be included in the Authorizer field of the assertion,
     either directly or indirectly (i.e., through use of a Local-Constants at-
     tribute). Furthermore, the assertion must have a Signature field (even if
     it is empty), as the signature is computed on everything between the
     KeyNote-Version and Signature keywords (inclusive), and the AlgorithmName

     If the -v flag is provided, "keynote sign" will also verify the newly-
     created signature using the Authorizer field key.

     "keynote sigver" reads the assertion contained in AssertionFile and veri-
     fies the public-key signature on it.

     For each operand that names a "keynote verify" reads the file and parses
     the assertions contained therein (one assertion per file).

     Files given with the -l flag are assumed to contain trusted assertions
     (no signature verification is performed, and the Authorizer field can
     contain non-key principals.  There should be at least one assertion with
     the POLICY keyword in the Authorizer field.

     The -r flag is used to provide a comma-separated list of return values,
     in increasing order of compliance from left to right.

     Files given with the -e flag are assumed to contain environment variables
     and their values, in the format:

            varname = "value"

     varname can begin with any letter (upper or lower case) or number, and
     can contain underscores.  value is a quoted string, and can contain any
     character, and escape (backslash) processing is performed, as specified
     in the KeyNote RFC.

     The remaining options are:

     -h      Print a usage message and exit.

     -k file
             Add a key from file in the action authorizers.

     Exactly one -r and least one of each -e, -l, and -k flags should be given
     per invocation. If no flags are given, "keynote verify" prints the usage
     message and exits with error code -1.

     "keynote verify" exits with code -1 if there was an error, and 0 on suc-

     keynote(3),  keynote(4),  keynote(5)

     ``The KeyNote Trust-Management System, Version 2''
              M. Blaze, J. Feigenbaum, A. D. Keromytis, Internet Drafts, RFC

     ``Decentralized Trust Management''
              M. Blaze, J. Feigenbaum, J. Lacy, 1996 IEEE Conference on Priva-
              cy and Security

     ``Compliance-Checking in the PolicyMaker Trust Management System''
              M. Blaze, J. Feigenbaum, M. Strauss, 1998 Financial Crypto Con-

     Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)


     None that we know of.  If you find any, please report them at

OpenBSD 2.6                     April 29, 1999                               3

Source: OpenBSD 2.6 man pages. Copyright: Portions are copyrighted by BERKELEY
SOFTWARE DESIGN, INC., The Regents of the University of California, Massachusetts
Institute of Technology, Free Software Foundation, FreeBSD Inc., and others.

(Corrections, notes, and links courtesy of RocketAware.com)

[Detailed Topics]

[Overview Topics]

RocketLink!--> Man page versions:

Rapid-Links: Search | About | Comments | Submit Path: RocketAware > keynote.1/
RocketAware.com is a service of Mib Software
Copyright 1999, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments