diff options
Diffstat (limited to '')
| -rw-r--r-- | templates/man1/systemd-cryptenroll.1.pot | 211 |
1 files changed, 192 insertions, 19 deletions
diff --git a/templates/man1/systemd-cryptenroll.1.pot b/templates/man1/systemd-cryptenroll.1.pot index d31f3bae..12d63dd8 100644 --- a/templates/man1/systemd-cryptenroll.1.pot +++ b/templates/man1/systemd-cryptenroll.1.pot @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2024-03-01 17:10+0100\n" +"POT-Creation-Date: 2024-06-01 06:26+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -24,7 +24,7 @@ msgid "SYSTEMD-CRYPTENROLL" msgstr "" #. type: TH -#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: archlinux fedora-40 mageia-cauldron #, no-wrap msgid "systemd 255" msgstr "" @@ -84,8 +84,7 @@ msgid "" msgstr "" #. type: Plain text -#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide -#: mageia-cauldron +#: archlinux debian-bookworm fedora-40 mageia-cauldron msgid "" "PKCS#11 security tokens and smartcards that may carry an RSA key pair (e\\&." "g\\&. various YubiKeys)" @@ -597,8 +596,7 @@ msgid "LIMITATIONS" msgstr "" #. type: Plain text -#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide -#: mageia-cauldron +#: archlinux debian-bookworm fedora-40 mageia-cauldron msgid "" "Note that currently when enrolling a new key of one of the five supported " "types listed above, it is required to first provide a passphrase, a recovery " @@ -610,8 +608,7 @@ msgid "" msgstr "" #. type: Plain text -#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide -#: mageia-cauldron +#: archlinux debian-bookworm fedora-40 mageia-cauldron msgid "" "Also note that support for enrolling multiple FIDO2 tokens is currently " "limited\\&. When multiple FIDO2 tokens are enrolled, B<systemd-cryptseup> " @@ -770,8 +767,7 @@ msgid "B<--pkcs11-token-uri=>I<URI>" msgstr "" #. type: Plain text -#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide -#: mageia-cauldron +#: archlinux debian-bookworm fedora-40 mageia-cauldron msgid "" "Enroll a PKCS#11 security token or smartcard (e\\&.g\\&. a YubiKey)\\&. " "Expects a PKCS#11 smartcard URI referring to the token\\&. Alternatively the " @@ -831,8 +827,7 @@ msgid "" msgstr "" #. type: Plain text -#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide -#: mageia-cauldron +#: archlinux debian-bookworm fedora-40 mageia-cauldron msgid "Note that your authenticator may not support some algorithms\\&." msgstr "" @@ -1061,8 +1056,7 @@ msgid "This should not be changed unless you know what you are doing\\&." msgstr "" #. type: Plain text -#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide -#: mageia-cauldron +#: archlinux debian-bookworm fedora-40 mageia-cauldron msgid "B<--tpm2-pcrs=> [PCR...]" msgstr "" @@ -1134,8 +1128,7 @@ msgid "" msgstr "" #. type: Plain text -#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide -#: mageia-cauldron +#: archlinux debian-bookworm fedora-40 mageia-cauldron msgid "" "B<--tpm2-public-key=> [PATH], B<--tpm2-public-key-pcrs=> [PCR...], B<--tpm2-" "signature=> [PATH]" @@ -1189,7 +1182,7 @@ msgid "" msgstr "" #. type: Plain text -#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron +#: archlinux fedora-40 mageia-cauldron msgid "B<--tpm2-pcrlock=> [PATH]" msgstr "" @@ -1204,8 +1197,7 @@ msgid "" msgstr "" #. type: Plain text -#: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide -#: mageia-cauldron +#: archlinux debian-bookworm fedora-40 mageia-cauldron msgid "B<--wipe-slot=> [SLOT...]" msgstr "" @@ -1390,3 +1382,184 @@ msgid "" "only\\&. If an empty string is specified, binds the enrollment to no PCRs at " "all\\&. See the table above for a list of available PCRs\\&." msgstr "" + +#. type: TH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "systemd 256~rc3" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"PKCS#11 security tokens and smartcards that may carry an RSA or EC key pair " +"(e\\&.g\\&. various YubiKeys)" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"B<systemd-cryptsetup> operates on the device backing /var/ if no device is " +"specified explicitly, and no wipe operation is requested\\&. (Note that in " +"the typical case where /var/ is on the same file system as the root file " +"system, this hence enrolls a key into the backing device of the root file " +"system\\&.)" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"Note that currently when enrolling a new key of one of the five supported " +"types listed above, it is required to first provide a passphrase, a recovery " +"key, a FIDO2 token, or a TPM2 key\\&. It\\*(Aqs currently not supported to " +"unlock a device with a PKCS#11 key in order to enroll a new PKCS#11 key\\&. " +"Thus, if in future key roll-over is desired it\\*(Aqs generally recommended " +"to ensure a passphrase, a recovery key, a FIDO2 token, or a TPM2 key is " +"always enrolled\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"Also note that support for enrolling multiple FIDO2 tokens is currently " +"limited\\&. When multiple FIDO2 tokens are enrolled, B<systemd-cryptsetup> " +"will perform pre-flight requests to attempt to identify which of the " +"enrolled tokens are currently plugged in\\&. However, this is not possible " +"for FIDO2 tokens with user verification (UV, usually via biometrics), in " +"which case it will fall back to attempting each enrolled token one by " +"one\\&. This will result in multiple prompts for PIN and user " +"verification\\&. This limitation does not apply to PKCS#11 tokens\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "B<--unlock-tpm2-device=>I<PATH>" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"Use a TPM2 device instead of a password/passhprase read from stdin to unlock " +"the volume\\&. Expects a device node path referring to the TPM2 chip (e\\&." +"g\\&. /dev/tpmrm0)\\&. Alternatively the special value \"auto\" may be " +"specified, in order to automatically determine the device node of a " +"currently discovered TPM2 device (of which there must be exactly one)\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "Added in version 256\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"Enroll a PKCS#11 security token or smartcard (e\\&.g\\&. a YubiKey)\\&. " +"Expects a PKCS#11 URI that allows finding an X\\&.509 certificate or a " +"public key on the token\\&. The URI must also be suitable to find a related " +"private key after changing the type of object in it\\&. Alternatively the " +"special value \"auto\" may be specified, in order to automatically determine " +"the suitable URI if a single security token containing a single key pair is " +"plugged in\\&. The special value \"list\" may be used to enumerate all " +"suitable PKCS#11 tokens currently plugged in\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"The PKCS#11 token must contain an RSA or EC key pair which will be used to " +"unlock a LUKS2 volume\\&. For RSA, a randomly generated volume key is " +"encrypted with a public key in the token, and stored in the LUKS2 JSON token " +"header area\\&. To unlock a volume, the stored encrypted volume key will be " +"decrypted with a private key in the token\\&. For ECC, ECDH algorithm is " +"used: we generate a pair of EC keys in the same EC group, then derive a " +"shared secret using the generated private key and the public key in the " +"token\\&. The derived shared secret is used as a volume key\\&. The " +"generated public key is stored in the LUKS2 JSON token header area\\&. The " +"generated private key is erased\\&. To unlock a volume, we derive the shared " +"secret with the stored public key and a private key in the token\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"Note that your authenticator may choose not to support some algorithms\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "B<--tpm2-pcrs=>I<PCR>I<[+PCR\\&.\\&.\\&.]>" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"B<--tpm2-public-key=>I<PATH>, B<--tpm2-public-key-pcrs=>I<PCR>I<[+PCR\\&.\\&." +"\\&.]>, B<--tpm2-signature=>I<PATH>" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "B<--tpm2-pcrlock=>I<PATH>" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "B<--wipe-slot=>I<SLOT>I<[,SLOT\\&.\\&.\\&.]>" +msgstr "" + +#. type: SH +#: debian-unstable fedora-rawhide +#, no-wrap +msgid "CREDENTIALS" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"B<systemd-cryptenroll> supports the service credentials logic as implemented " +"by I<ImportCredential=>/I<LoadCredential=>/I<SetCredential=> (see B<systemd." +"exec>(5) for details)\\&. The following credentials are used when passed in:" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "I<cryptenroll\\&.passphrase>, I<cryptenroll\\&.new-passphrase>" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"May contain the passphrase to unlock the volume with/to newly enroll\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "I<cryptenroll\\&.tpm2-pin>, I<cryptenroll\\&.new-tpm2-pin>" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "May contain the TPM2 PIN to unlock the volume with/to newly enroll\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "I<cryptenroll\\&.fido2-pin>" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "If a FIDO2 token is enrolled this may contain the PIN of the token\\&." +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "I<cryptenroll\\&.pkcs11-pin>" +msgstr "" + +#. type: Plain text +#: debian-unstable fedora-rawhide +msgid "" +"If a PKCS#11 token is enrolled this may contain the PIN of the token\\&." +msgstr "" |