NAME

       ekeyd.conf - entropy key configuration

SYNOPSIS

       /etc/entropykey/resolv.conf

DESCRIPTION

       The  ekeyd  daemon allows Entropy Keys to transfer their random data to the kernels random
       pool. The daemon configuration file is a series of statements each controlling  an  aspect
       of the daemons operation.

       If this file does not exist the daemon will not start.

       The different configuration options are:

       TCPControlSocket TCP port number to listen on.
              The  daemon can be controlled using a TCP network connection. Any number of control
              connections may be made by repeating this statement  with  differnt  port  numbers,
              there  is  no  authentication  or  protection  against clients which connet to this
              interface. The socket is always bound to localhost (127.0.0.1).

       UnixControlSocket UNIX domain socket to use.
              The   daemon   is   typically   controlled   using    a    unix    domain    socket
              (/var/run/ekeyd.sock). Authentication is as for any file on a UNIX filesystem.

       Keyring The keyring file to use.
              The  Entropy  Key  encrypts  the data it sends to the host. To successfully decrypt
              this data the host requires the current encryption  key.  The  keyring  is  a  file
              containing  a  list of serial numbers and encryption keys. The keyring is generally
              updated using the ekey-lt-rekey(8) tool.

       SetOutputToKernel bits per byte to add to kernel pool.
              The Kernel maintains an entropy pool into which the ekeyd(8)  injects  the  entropy
              gathered  from  the  Entropy  Keys.  The data gathered from the Entropy Keys may be
              considered to have one shannon per bit so every bit gathered from the  devices  may
              be  injected  into  the  kernel  pool. However, by default, to be conservative only
              seven of eight bits are entered into the kernel pool.

       EGDUnixSocket UNIX domain socket to use
              In this mode, which is mutually exclusive with the SetOutputToKernel  output  mode,
              ekeyd(8)  gathers the entropy from the attached Entropy Keys and presents an EGD(8)
              compatible interface on the named UNIX domain socket to access the data.  This  may
              optionally  take an octal mode string and username and group to chmod and chown the
              socket to. If you do not wish to change the user or group, use empty  strings.  You
              cannot  change  the user/group without also providing a mode string. The default is
              to leave the user/group alone and set the socket to mode 0600

       EGDTCPSocket TCP port number to listen on.
              In this mode, which is mutually exclusive with the SetOutputToKernel  output  mode,
              ekeyd(8)  gathers the entropy from the attached Entropy Keys and presents an EGD(8)
              compatible interface on a socket on the specified port  to  access  the  data.  The
              socket  is  bound to localhost (127.0.0.1) by default, but a second optional string
              parameter can be used to specify a different IP address, so that the  EGD  protocol
              is exported more widely (e.g. for egd-linux to read from another machine).

       AddEntropyKey Device node of entropy key.
              Add an Entropy key to be managed by the ekeyd(8) daemon. The encryption key for the
              added device should be available in the keyring.

       AddEntropyKeys Directory of device nodes of entropy keys.
              Adds one or more Entropy keys to be managed by the ekeyd(8) daemon. The  encryption
              key for the added devices should be available in the keyring. This is generally set
              to /dev/entropykey which is the location the default  UDEV  rules  create  symbolic
              links.

FILES

       /etc/entropykey/resolv.conf, /var/run/ekeyd.sock, /dev/entropykey

SEE ALSO

       ekeyd(8), ekeydctl(8), ekey-lt-rekey(8)

AUTHOR

       Copyright © 2009 Simtec Electronics.  All rights reserved.

       Permission  is  hereby  granted,  free  of  charge, to any person obtaining a copy of this
       software and associated documentation files (the "Software"),  to  deal  in  the  Software
       without  restriction, including without limitation the rights to use, copy, modify, merge,
       publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
       to whom the Software is furnished to do so, subject to the following conditions:

       The  above  copyright notice and this permission notice shall be included in all copies or
       substantial portions of the Software.

       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT  WARRANTY  OF  ANY  KIND,  EXPRESS  OR  IMPLIED,
       INCLUDING  BUT  NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
       PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE  LIABLE
       FOR  ANY  CLAIM,  DAMAGES  OR  OTHER  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
       OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR  THE  USE  OR  OTHER
       DEALINGS IN THE SOFTWARE.

                                            2009-07-21                              EKEYD.CONF(5)