diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-04-22 01:50:16 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-04-22 01:50:16 +0000 |
| commit | 1b1d402bf0fd039aa29ac0c26f52a1e44e523b85 (patch) | |
| tree | 82c10f42f94b28c838406891505f243e5f5cb748 /sbin/ipsecadm | |
| parent | 9e4387465b05cac1cbd310915736503e1bdacf41 (diff) | |
Document -authkeyfile/-keyfile
Diffstat (limited to 'sbin/ipsecadm')
| -rw-r--r-- | sbin/ipsecadm/ipsecadm.8 | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/sbin/ipsecadm/ipsecadm.8 b/sbin/ipsecadm/ipsecadm.8 index c7583a687a4..0615163650c 100644 --- a/sbin/ipsecadm/ipsecadm.8 +++ b/sbin/ipsecadm/ipsecadm.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecadm.8,v 1.25 2000/04/21 17:33:41 deraadt Exp $ +.\" $OpenBSD: ipsecadm.8,v 1.26 2000/04/22 01:50:15 angelos Exp $ .\" .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. @@ -82,9 +82,11 @@ modifiers are: .Fl enc , .Fl auth , .Fl authkey , +.Fl authkeyfile , .Fl forcetunnel , +.Fl key , and -.Fl key . +.Fl keyfile . .It old esp Setup a SA which uses the old esp transforms. Only encryption algorithms can be applied. @@ -96,8 +98,9 @@ Allowed modifiers are: .Fl enc , .Fl halfiv , .Fl forcetunnel , +.Fl key , and -.Fl key . +.Fl keyfile . .It new ah Setup a SA which uses the new ah transforms. Authentication will be done with HMAC using the specified hash algorithm. @@ -108,8 +111,9 @@ Allowed modifiers are: .Fl spi , .Fl forcetunnel , .Fl auth , +.Fl key , and -.Fl key . +.Fl keyfile . .It old ah Setup a SA which uses the old ah transforms. Simple keyed hashes will be used for authentication. @@ -120,8 +124,9 @@ Allowed modifiers are: .Fl spi , .Fl forcetunnel , .Fl auth , +.Fl key , and -.Fl key . +.Fl keyfile . .It ip4 Setup an SA which uses the IP-in-IP encapsulation protocol. This mode @@ -331,6 +336,10 @@ It is very important that the key is not guessable. One practical way of generating keys is by using the .Xr random 4 device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1) +.It Fl keyfile +Read the key from a file. May be used instead of the +.Fl key +flag, and has the same syntax considerations. .It Fl authkey The secret key material used for authentication if additional authentication in new esp mode is required. @@ -348,6 +357,10 @@ It is very important that the key is not guessable. One practical way of generating keys is by using the .Xr random 4 device (e.g., dd if=/dev/urandom bs=1024 count=1 | sha1) +.It Fl authkeyfile +Read the authkey from a file. May be used instead of the +.Fl authkey +flag, and has the same syntax considerations. .It Fl iv This option has been deprecated. The argument is ignored. |