Provided by: i2util-tools_1.6-1_amd64 bug

NAME

       aespasswd - Used to create and manage an AES keyfile.

SYNOPSIS

       aespasswd [-n] [-d] -f keyfile identity

OPTIONS

       -n     Create the keyfile

       -d     Delete given identity from keyfile

       -f keyfile
              Specifies file that holds identity/key pairs

DESCRIPTION

       aespasswd is used to create and manage files that hold identity/key pairs. It is primarily
       used to manage the bwctld.keys file for bwctld and the owampd.keys file for owampd.

       If the -d option is not specified, then aespasswd prompts the caller for a passphrase. The
       passphrase  is hashed using an internal MD5 algorithm to generate a key that is then saved
       in the keyfile associated with the given identity. If the given identity already exists in
       the keyfile, the previous key is overwritten with the new one.

       keyfiles generated by aespasswd are formatted for use with BWCTL and OWAMP.

KEYFILE FORMAT

       aespasswd generates lines of the format:

       test 54b0c58c7ce9f2a8b551351102ee0938

       An  identity,  followed  by  whitespace, followed by a hex encoded 128-bit number, that is
       suitable to be used as a symmetric AES key.

       No other text is allowed on these lines; however, comment  lines  may  be  added.  Comment
       lines are any line where the first non-white space character is '#'.

EXAMPLES

       aespasswd -f /etc/bwctl/bwctld.keys testuser

              Adds a key for the identity testuser. The user is prompted for a passphrase. If the
              file does not exist, an error message will be printed and no action will be taken.

       aespasswd -f /etc/bwctl/bwctld.keys -n testuser

              Creates the file before doing the same as above. If the  file  already  exists,  an
              error message will be printed and no action will be taken.

       aespasswd -f /etc/bwctl/bwctld.keys -d testuser

              Deletes  the  identity  testuser  from the keyfile.  If the file does not exist, an
              error message will be printed and no action will be taken.

SECURITY CONSIDERATIONS

       The keys in the keyfile are not encrypted in any  way.  The  security  of  these  keys  is
       completely  dependent  upon  the  security  of the system and the discretion of the system
       administrator.

RESTRICTIONS

       identity names are restricted to 16  characters,  and  passphrases  are  limited  to  1024
       characters.

SEE ALSO

       owping(1),  owampd(1),  bwctl(1),  bwctld(1)  and the http://e2epi.internet2.edu/owamp and
       http://e2epi.internet2.edu/bwctl web sites.

ACKNOWLEDGMENTS

       This material is based in part on work supported by the National Science Foundation  (NSF)
       under  Grant  No.  ANI-0314723.  Any opinions, findings and conclusions or recommendations
       expressed in this material are those of the author(s) and do not necessarily  reflect  the
       views of the NSF.

                                            2004 Feb 8                               aespasswd(1)