'\" te
.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
.TH wanboot_keygen 1M "18 Apr 2003" "SunOS 5.11" "System Administration Commands"
.SH NAME
wanboot_keygen \- create and display client and server keys for WAN booting
.SH SYNOPSIS
.LP
.nf
\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=3des
.fi

.LP
.nf
\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=aes
.fi

.LP
.nf
\fB/usr/lib/inet/wanboot/keygen\fR \fB-m\fR
.fi

.LP
.nf
\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=sha1
.fi

.LP
.nf
\fB/usr/lib/inet/wanboot/keygen\fR \fB-d\fR \fB-m\fR
.fi

.LP
.nf
\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=\fIkeytype\fR
.fi

.SH DESCRIPTION
.sp
.LP
The \fBkeygen\fR utility has three purposes:
.RS +4
.TP
.ie t \(bu
.el o
Using the \fB-c\fR flag, to generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys.
.RE
.RS +4
.TP
.ie t \(bu
.el o
Using the \fB-m\fR flag, to generate and store a "master" HMAC SHA-1 key for WAN install, and to derive from the master key per-client HMAC SHA-1 hashing keys, in a manner described in RFC 3118, Appendix A.
.RE
.RS +4
.TP
.ie t \(bu
.el o
Using the \fB-d\fR flag along with either the \fB-c\fR or \fB-m\fR flag to indicate the key repository, to display a key of type specified by \fIkeytype\fR, which must be one of \fB3des\fR, \fBaes\fR, or \fBsha1\fR.
.RE
.sp
.LP
The \fBnet\fR and \fBcid\fR arguments are used to identify a specific client. Both arguments are optional. If the \fBcid\fR option is not provided, the key being created or displayed will have a per-network scope. If the \fBnet\fR option is not provided, then the key will have a global scope. Default net and code values are used to derive an HMAC SHA-1 key if the values are not provided by the user.
.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.mk
.na
\fB\fB-c\fR\fR
.ad
.RS 6n
.rt  
Generate and store per-client 3DES/AES encryption keys, avoiding any DES weak keys. Also generates and stores per-client HMAC SHA-1 keys. Used in conjunction with \fB-o\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-d\fR\fR
.ad
.RS 6n
.rt  
Display a key of type specified by \fIkeytype\fR, which must be one of \fB3des\fR, \fBaes\fR, or \fBsha1\fR. Use \fB-d\fR with \fB-m\fR or with \fB-c\fR and \fB-o\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-m\fR\fR
.ad
.RS 6n
.rt  
Generate and store a "master" HMAC SHA-1 key for WAN install.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-o\fR\fR
.ad
.RS 6n
.rt  
Specifies the WANboot client and/or keytype.
.RE

.SH EXAMPLES
.LP
\fBExample 1 \fRGenerate a Master HMAC SHA-1 Key
.sp
.in +2
.nf
# keygen -m
.fi
.in -2
.sp

.LP
\fBExample 2 \fRGenerate and Then Display a Client-Specific Master HMAC SHA-1 Key
.sp
.in +2
.nf
# keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
# keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
.fi
.in -2
.sp

.LP
\fBExample 3 \fRGenerate and Display a 3DES Key with a Per-Network Scope
.sp
.in +2
.nf
# keygen -c -o net=172.16.174.0,type=3des
# keygen -d -o net=172.16.174.0,type=3des
.fi
.in -2
.sp

.SH EXIT STATUS
.sp
.ne 2
.mk
.na
\fB\fB0\fR\fR
.ad
.RS 6n
.rt  
Successful operation.
.RE

.sp
.ne 2
.mk
.na
\fB\fB>0\fR\fR
.ad
.RS 6n
.rt  
An error occurred.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Availabilitysystem/boot/wanboot
_
Interface StabilityObsolete
.TE

.SH SEE ALSO
.sp
.LP
\fBattributes\fR(5)