EnglishFrenchSpanish

Ad


OnWorks favicon

dacskey - Online in the Cloud

Run dacskey in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command dacskey that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


dacskey - generate encryption keys for DACS

SYNOPSIS


dacskey [dacsoptions[1]]
[-check | -gen | -priv | -private | -pub | -public]
[-p | -pf passphrase-file] [-pem] [-vfs] [-rsa_key_bits number] [--] keyfile

DESCRIPTION


This program is part of the DACS suite.

The dacskey utility generates encryption keys for DACS that are cryptographically sound.
Keys are represented externally as an XML document called a keyfile. The program can also
validate a keyfile or display a key.

Keys are created for at least three different purposes, although every keyfile has the
same format:

· Keys that are shared by all of the jurisdictions within the same DACS federation,
identified by the virtual filestore item type federation_keys. It is through these
"master" keys that any jurisdiction is able to decrypt and validate credentials
created by any other jurisdiction within the same federation quickly and without any
additional communication. These keys are generated initially by a designated
federation administrator at the time a federation is created. These keys can be
generated at any jurisdiction within the federation.

Ideally, new keys should be generated at regular intervals and also whenever warranted
to maintain security, such as when a jurisdiction leaves the federation or if a key
may have been compromised. When a jurisdiction joins a federation, it must receive a
copy of the current keys. There is currently no automated key management support;
administrators must distribute these keys to all jurisdictions over a secure channel
whenever they are changed. Besides using some method of encryption to ensure the keys
remain private during distribution, take care not to mangle the XML document (e.g.,
through line breaks or truncation).

· Keys that are used by a jurisdiction for its own purposes, identified by the virtual
filestore item type jurisdiction_keys. These keys are kept private to the jurisdiction
(they are not shared with any other jurisdiction) and are ordinarily generated at that
jurisdiction. These keys should be regenerated periodically as a routine security
measure.

· Keys that are used by a DACS application at a particular jurisdiction for its own
purposes (dacsgrid(1)[2], for instance). These keys should be regenerated
periodically, but take care to retain the old keys so that they can be used for
decryption before information is re-encrypted using the new keys.

The program ordinarily uses OpenSSL's ssl(3)[3] library to acquire high-quality random
material. In certain situations, an experienced administrator might find the -p and -pf
options useful; others should avoid them, however.

When keys are generated, the output is written to keyfile, which is either created or
truncated. In this context, keyfile must be a pathname. Unless directly written to where
federation_keys (or jurisdiction_keys) points, keyfile must be copied there.

Assuming that the default site configuration file (conf/site.conf-std, which establishes
default locations for these files) has been installed:

% dacskey -u mysite.example.com -q fkeys
% install -o root -g www -m 0640 fkeys \
/usr/local/dacs/federations/example.com/federation_keyfile
% dacskey -u mysite.example.com -q jkeys
% install -o root -g www -m 0640 jkeys \
/usr/local/dacs/federations/example.com/mysite/jurisdiction_keyfile

The owner, group, and mode assigned to these files in this example are typical but are
only suggestions.

Security
A keyfile generated by this command must be accessible (readable and writable) only by
DACS web services and the DACS administrator. It must be kept unreadable and
unwritable by all others.

When not generating keys, by default keyfile is a pathname. If the -vfs flag is given,
then keyfile is a DACS URI, item type, or absolute pathname.

OPTIONS


In addition to the standard dacsoptions[1], dacskey recognizes these options:

-gen
Generate new keys. This is the default operation.

-check
Validate keyfile, an existing keyfile. The keyfile is expressed as a vfs-ref or an
absolute filename (see dacs.conf(5)[4]).

-priv
-private
Print the private key found in keyfile, an existing keyfile, to stdout. The private
key is not encrypted. If the -pem flag is present, the PEM format is used, otherwise
the DACS base-64 encoding is used (the latter is used when keys appear in XML
attribute values).

-pub
-public
Print the public key found in keyfile, an existing keyfile, to stdout. If the -pem
flag is present, the PEM format is used, otherwise the DACS base-64 encoding is used
(the latter is used when keys appear in XML attribute values).

-p
Rather than using the default source for generating random strings, derive the random
strings from material read from the standard input. The user is prompted for input.
This option should not be used under normal circumstances.

-pem
When printing a key, use the PEM format.

-pf passphrase-file
Rather than using the default source for generating random strings, derive the random
strings from material read from passphrase-file. If the filename argument is "-", the
standard input is read. This option should not be used under normal circumstances.

-rsa_key_bits number
This specifies the length of the RSA modulus, in bits, used for asymmetric key
generation. Used as the num argument to RSA_generate_key(3)[5], the value must satisfy
that function's constraints.

--
This argument explicitly marks the end of the flags.

DIAGNOSTICS


The program exits 0 if everything was fine, 1 if an error occurred.

Use dacskey online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    strace
    strace
    The strace project has been moved to
    https://strace.io. strace is a
    diagnostic, debugging and instructional
    userspace tracer for Linux. It is used
    to monitor a...
    Download strace
  • 2
    gMKVExtractGUI
    gMKVExtractGUI
    A GUI for mkvextract utility (part of
    MKVToolNix) which incorporates most (if
    not all) functionality of mkvextract and
    mkvinfo utilities. Written in C#NET 4.0,...
    Download gMKVExtractGUI
  • 3
    JasperReports Library
    JasperReports Library
    JasperReports Library is the
    world's most popular open source
    business intelligence and reporting
    engine. It is entirely written in Java
    and it is able to ...
    Download JasperReports Library
  • 4
    Frappe Books
    Frappe Books
    Frappe Books is a free and open source
    desktop book-keeping software that's
    simple and well-designed to be used by
    small businesses and freelancers. It'...
    Download Frappe Books
  • 5
    Numerical Python
    Numerical Python
    NEWS: NumPy 1.11.2 is the last release
    that will be made on sourceforge. Wheels
    for Windows, Mac, and Linux as well as
    archived source distributions can be fou...
    Download Numerical Python
  • 6
    CMU Sphinx
    CMU Sphinx
    CMUSphinx is a speaker-independent large
    vocabulary continuous speech recognizer
    released under BSD style license. It is
    also a collection of open source tools ...
    Download CMU Sphinx
  • 7
    Old Feren OS Repositories
    Old Feren OS Repositories
    This was the Official Repository for
    Feren OS. To add the latest one, run
    this command: (16.04-based) echo
    "deb ...
    Download Old Feren OS Repositories
  • More »

Linux commands

Ad