Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
aespasswd(1)		    General Commands Manual		  aespasswd(1)

NAME
       aespasswd - Used	to create and manage an	AES keyfile.

SYNOPSIS
       aespasswd [-n] [-d] -f keyfile identity

OPTIONS
       -n     Create the keyfile

       -d     Delete given identity from keyfile

       -f keyfile
	      Specifies	file that holds	identity/key pairs

DESCRIPTION
       aespasswd  is  used  to	create and manage files	that hold identity/key
       pairs. It is primarily used to manage the bwctld.keys file  for	bwctld
       and the owampd.keys file	for owampd.

       If  the	-d  option is not specified, then aespasswd prompts the	caller
       for a passphrase. The passphrase	is hashed using	an internal MD5	 algo-
       rithm  to  generate  a key that is then saved in	the keyfile associated
       with the	given identity.	If the given identity already  exists  in  the
       keyfile,	the previous key is overwritten	with the new one.

       keyfiles	 generated  by	aespasswd are formatted	for use	with BWCTL and
       OWAMP.

KEYFILE	FORMAT
       aespasswd generates lines of the	format:

       test 54b0c58c7ce9f2a8b551351102ee0938

       An identity, followed by	whitespace, followed by	a hex encoded  128-bit
       number, that is suitable	to be used as a	symmetric AES key.

       No  other text is allowed on these lines; however, comment lines	may be
       added. Comment lines are	any line where the first non-white space char-
       acter is	'#'.

EXAMPLES
       aespasswd -f /usr/local/etc/bwctld.keys testuser

	      Adds a key for the identity testuser. The	user is	prompted for a
	      passphrase. If the file does not exist, an error message will be
	      printed and no action will be taken.

       aespasswd -f /usr/local/etc/bwctld.keys -n testuser

	      Creates the file before doing the	same as	above. If the file al-
	      ready exists, an error message will be  printed  and  no	action
	      will be taken.

       aespasswd -f /usr/local/etc/bwctld.keys -d testuser

	      Deletes  the  identity  testuser	from the keyfile.  If the file
	      does not exist, an error message will be printed and  no	action
	      will be taken.

SECURITY CONSIDERATIONS
       The  keys  in the keyfile are not encrypted in any way. The security of
       these keys is completely	dependent upon the security of the system  and
       the discretion of the system administrator.

RESTRICTIONS
       identity	 names	are  restricted	 to 16 characters, and passphrases are
       limited to 1024 characters.

SEE ALSO
       owping(1),     owampd(1),     bwctl(1),	   bwctld(1)	  and	   the
       http://e2epi.internet2.edu/owamp	 and  http://e2epi.internet2.edu/bwctl
       web sites.

ACKNOWLEDGMENTS
       This material is	based in part on work supported	by the	National  Sci-
       ence  Foundation	(NSF) under Grant No. ANI-0314723. Any opinions, find-
       ings and	conclusions or recommendations expressed in this material  are
       those  of the author(s) and do not necessarily reflect the views	of the
       NSF.

				  2004 Feb 8			  aespasswd(1)

NAME | SYNOPSIS | OPTIONS | DESCRIPTION | KEYFILE FORMAT | EXAMPLES | SECURITY CONSIDERATIONS | RESTRICTIONS | SEE ALSO | ACKNOWLEDGMENTS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=aespasswd&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help