Provided by: ekeyd_1.1.4-1_i386 bug

NAME

       ekeyd.conf - entropy key configuration

SYNOPSIS

       /etc/entropykey/resolv.conf

DESCRIPTION

       The  ekeyd  daemon allows Entropy Keys to transfer their random data to
       the kernels random pool. The daemon configuration file is a  series  of
       statements each controlling an aspect of the daemons operation.

       If this file does not exist the daemon will not start.

       The different configuration options are:

       TCPControlSocket TCP port number to listen on.
              The daemon can be controlled using a TCP network connection. Any
              number of control connections may  be  made  by  repeating  this
              statement with differnt port numbers, there is no authentication
              or protection against clients which connet  to  this  interface.
              The socket is always bound to localhost (127.0.0.1).

       UnixControlSocket UNIX domain socket to use.
              The  daemon  is  typically controlled using a unix domain socket
              (/var/run/ekeyd.sock). Authentication is as for any  file  on  a
              UNIX filesystem.

       Keyring The keyring file to use.
              The  Entropy  Key  encrypts  the  data  it sends to the host. To
              successfully decrypt this data the  host  requires  the  current
              encryption  key.  The  keyring  is  a  file containing a list of
              serial numbers and encryption keys.  The  keyring  is  generally
              updated using the ekey-lt-rekey(8) tool.

       SetOutputToKernel bits per byte to add to kernel pool.
              The  Kernel  maintains  an  entropy pool into which the ekeyd(8)
              injects the entropy gathered from the  Entropy  Keys.  The  data
              gathered  from  the  Entropy  Keys may be considered to have one
              shannon per bit so every bit gathered from the  devices  may  be
              injected  into  the  kernel  pool.  However,  by  default, to be
              conservative only seven of  eight  bits  are  entered  into  the
              kernel pool.

       EGDUnixSocket UNIX domain socket to use
              In   this   mode,   which   is   mutually   exclusive  with  the
              SetOutputToKernel output mode, ekeyd(8) gathers the entropy from
              the  attached  Entropy  Keys  and  presents an EGD(8) compatible
              interface on the named UNIX domain socket to  access  the  data.
              This  may  optionally take an octal mode string and username and
              group to chmod and chown the socket to. If you do  not  wish  to
              change  the  user or group, use empty strings. You cannot change
              the user/group without also providing a mode string. The default
              is to leave the user/group alone and set the socket to mode 0600

       EGDTCPSocket TCP port number to listen on.
              In   this   mode,   which   is   mutually   exclusive  with  the
              SetOutputToKernel output mode, ekeyd(8) gathers the entropy from
              the  attached  Entropy  Keys  and  presents an EGD(8) compatible
              interface on a socket on the specified port to access the  data.
              The  socket  is bound to localhost (127.0.0.1) by default, but a
              second optional string  parameter  can  be  used  to  specify  a
              different  IP address, so that the EGD protocol is exported more
              widely (e.g. for egd-linux to read from another machine).

       AddEntropyKey Device node of entropy key.
              Add an Entropy key to be managed by  the  ekeyd(8)  daemon.  The
              encryption  key  for the added device should be available in the
              keyring.

       AddEntropyKeys Directory of device nodes of entropy keys.
              Adds one or more Entropy keys to  be  managed  by  the  ekeyd(8)
              daemon.  The  encryption  key  for  the  added devices should be
              available  in  the   keyring.   This   is   generally   set   to
              /dev/entropykey  which  is  the  location the default UDEV rules
              create symbolic links.

FILES

       /etc/entropykey/resolv.conf, /var/run/ekeyd.sock, /dev/entropykey

SEE ALSO

       ekeyd(8), ekeydctl(8), ekey-lt-rekey(8)

AUTHOR

       Copyright (C) 2009 Simtec Electronics.  All rights reserved.

       Permission is hereby granted, free of charge, to any person obtaining a
       copy   of   this  software  and  associated  documentation  files  (the
       "Software"), to deal in the  Software  without  restriction,  including
       without  limitation  the  rights  to use, copy, modify, merge, publish,
       distribute, sublicense, and/or sell copies  of  the  Software,  and  to
       permit  persons  to whom the Software is furnished to do so, subject to
       the following conditions:

       The above copyright notice and this permission notice shall be included
       in all copies or substantial portions of the Software.

       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
       OR  IMPLIED,  INCLUDING  BUT  NOT  LIMITED   TO   THE   WARRANTIES   OF
       MERCHANTABILITY,  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
       IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE  LIABLE  FOR  ANY
       CLAIM,  DAMAGES  OR  OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
       TORT OR OTHERWISE, ARISING FROM, OUT  OF  OR  IN  CONNECTION  WITH  THE
       SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

                                  2009-07-21                     EKEYD.CONF(5)