OPTIONS
+ --output-version NUMBER
+
+ Write backward-compatible sites file output,
+ targeting a particular sites format. Values of
+ NUMBER that are understood are:
+ 1 The original format, pre signing key
+ negotiation.
+ 2 Signing key algorithm agility and negotiation.
+ If NUMBER is higher than make-secnet-sites supports,
+ it writes out what it can.
+
+ --pubkeys-install
+
+ Specifies that public keys are to be installed in the
+ live pubkeys area (and not hardcoded in secnet conf
+ files). With this option, generated site configs
+ refer to keys in PUBKEYS; also, the generated secnet
+ configuration enables live peer public update.
+
+ --pubkeys-dir PUBKEYS
+
+ Specifies the live pubkeys area pathname.
+ The default is /var/lib/secnet/pubkeys.
+
+ Key files are named
+ PUBKEYS/peer.<mangled-peer-name>[~...]
+ mangled-peer-name is chosen by make-secnet-sites
+ / => ,
+
--debug | -D
Increase amount of debugging output.
Assigns a public-key closure to the `key' key,
constructed as `rsa-public(E, N)'. The argument HUNOZ
must be an integer, but is otherwise ignored; it's
- conventionally the length of N in bits. Acceptable only
- at site level; required at site level.
+ conventionally the length of N in bits.
+ Acceptable only at site level. See `pub'.
mobile BOOL
Assigns BOOL to the `mobile' key. Acceptable only at
Defines a public key. ALG is an algorithm name and
DATA91S is the public key data, encoded according to
secnet-base91 (see below).
- Not yet suported in make-secnet-sites.
+ Gives make-public("ALG","DATAB91S") in sites.conf;
+ at least one `pub' or `pubkey' must be specified.
serial SETIDHEX
Specifies the key set id (8 hex digits representing
4 bytes: each pair is the value of the next byte).
May appear at most once. If not present, 00000000.
- Not yet suported in make-secnet-sites.
pkg GROUPIDHEX
pkgf GROUPIDHEX
~ianmdlvl / secnet.git / blobdiff