lunar (1) uftp_keymgt.1.gz

Provided by: uftp_4.10.2-1.1build2_amd64 bug

NAME

       uftp_keymgt - Encrypted UDP based ftp with multicast - key management utility

SYNOPSIS

       uftp_keymgt [ -m ] [ key_file [ key_file ...] ]

       uftp_keymgt [ -m ] -g { rsa:key_length | ec:curve } key_file

       uftp_keymgt [ -m ] -d key_file

DESCRIPTION

       uftp_keymgt  is a utility for creating, viewing, and deleting RSA and EC private keys used
       by the UFTP suite.  Although keys can be generated on the fly by  uftp(1),  uftpd(1),  and
       uftpproxyd(1), this utility gives a more straightforward way of doing so without having to
       kick off a dummy process just to create/view a key.

       The definition of key_file is dependent on the crypto library UFTP is compiled to use.

       On Windows systems, UFTP can built to use either CNG, which is the new  API  supported  by
       Windows  Vista  and  Windows  7,  or  CryptoAPI,  which is the legacy API and the only one
       available to Windows XP.

       Under CryptoAPI, all RSA private keys must be stored in a key container (technically  only
       keys  used  to  sign  data, but for UFTP's purposes this is the case).  Key containers are
       internal to Windows, and each user (and the system) has its own set of key containers.  In
       this  case, key_file is actually the name of the key container.  Elliptic Curve algorithms
       are not supported under CryptoAPI.

       Under CNG, RSA and ECDSA private keys are also stored in  key  containers,  and  RSA  keys
       created  by  CrypoAPI may be read by CNG.  Like CryptoAPI, key_file also specifies the key
       container name.   CNG  only  supports  3  named  EC  curves:  prime256v1,  secp384r1,  and
       secp521r1.

       All  other  systems use OpenSSL for the crypto library (although under Windows UFTP can be
       also be built to use it).  In this case, key_file specifies a file name where the  RSA  or
       ECDSA  private key is stored unencrypted in PEM format (the OS is expected to protect this
       file).

       The -g option is used to generate a key of  a  given  type  and  store  it  in  the  given
       key_file.   The  key  size and key fingerprint are then printed.  Under OpenSSL, a key can
       actually be generated by the openssl(1) command line utility, although you'll  still  need
       to run uftp_keymgt on it to see the fingerprint.

       The -d option is available only on Windows systems using CryptoAPI or CNG.  It deletes the
       key container specified by key_file.

       When neither -g or -d are specified, the type and  fingerprint  of  all  keys  listed  are
       printed.   If  no  keys are specified under Windows with CryptoAPI or CNG, the private key
       for all key containers for the current user are printed.  Note that  some  key  containers
       may  exist that an application other than UFTP is using, and some of those may not have an
       RSA or EC private key.

OPTIONS

       The following options are supported:

       -g  { rsa:key_length | ec:curve } key_file
              Specifies the type of new key and the key_file  to  store  it  in.   New  keys  are
              specified  as  either  rsa:key_length,  which creates an RSA private key key_length
              bits wide, or as ec:curve, which creates an EC key using the curve "curve".

              The list of supported EC curves is as follows (availability may vary  depending  on
              system settings and crypto library used):

              sect163k1  sect163r1  sect163r2  sect193r1  sect193r2 sect233k1 sect233r1 sect239k1
              sect283k1 sect283r1 sect409k1 sect409r1  sect571k1  sect571r1  secp160k1  secp160r1
              secp160r2  secp192k1  prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1
              secp521r1

       -d key_file
              Specifies the Windows key container to delete.

       -m     For Windows systems using CryptoAPI or CNG, private keys are normally stored in the
              key  container  of  the  running  user.   Specifying this option stores keys in the
              system key container.  On non-Windows systems, this option has no effect.

EXIT STATUS

       The following exit values are returned:

       0      The command completed successfully.

       1      An invalid command line parameter was specified.

SEE ALSO

       uftp(1), uftpd(1), uftpproxyd(1).

NOTES

       The latest version of UFTP can be found at http://uftp-multicast.sourceforge.net.  UFTP is
       covered  by the GNU General Public License.  Commercial licenses and support are available
       from Dennis Bush (bush@tcnj.edu).