summaryrefslogtreecommitdiffstats
path: root/Documentation/nvme-check-tls-key.txt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--Documentation/nvme-check-tls-key.txt79
1 files changed, 79 insertions, 0 deletions
diff --git a/Documentation/nvme-check-tls-key.txt b/Documentation/nvme-check-tls-key.txt
new file mode 100644
index 0000000..2df4fca
--- /dev/null
+++ b/Documentation/nvme-check-tls-key.txt
@@ -0,0 +1,79 @@
+nvme-check-tls-key(1)
+========================
+
+NAME
+----
+nvme-check-tls-key - Check a generated NVMe TLS PSK
+
+SYNOPSIS
+--------
+[verse]
+'nvme check-tls-key' [--keyring=<name> | -k <name>]
+ [--keytype=<type> | -t <type>]
+ [--hostnqn=<nqn> | -n <nqn>]
+ [--subsysnqn=<nqn> | -c <nqn>]
+ [--keydata=<key> | -d <key>]
+ [--output-format=<fmt> | -o <fmt>]
+ [--identity=<id-vers> | -I <id-vers>]
+ [--insert | -i ]
+ [--verbose | -v]
+
+DESCRIPTION
+-----------
+Checks if the key is a valid NVMe TLS PSK in the PSK interchange format
+'NVMeTLSkey-1:01:<base64-encoded data>:'. If '--insert' is specified the
+the derived 'retained' TLS key is stored in the keyring, otherwise the
+TLS identity of the key is printed out.
+
+OPTIONS
+-------
+-k <name>::
+--keyring=<name>::
+ Name of the keyring into which the 'retained' TLS key should be
+ stored. Default is '.nvme'.
+
+-t <type>::
+--keytype=<type>::
+ Type of the key for resulting TLS key.
+ Default is 'psk'.
+
+-n <nqn>::
+--hostnqn=<nqn>::
+ Host NVMe Qualified Name (NQN) to be used to derive the
+ 'retained' TLS key
+
+-c <nqn>::
+--subsysnqn=<nqn>::
+ Subsystem NVMe Qualified Name (NQN) to be used to derive the
+ 'retained' TLS key
+
+-d <key>::
+--keydata=<key>::
+ Key to be checked.
+
+-I <id-vers>::
+--identity=<id-vers>::
+ NVMe TLS key identity version to be used; '0' for the default
+ identity, and '1' for the TLS identity suffixed by the PSK hash
+ as specified in TP8018.
+
+-i:
+--insert:
+ Insert the derived 'retained' key in the keyring.
+
+-o <fmt>::
+--output-format=<fmt>::
+ Set the reporting format to 'normal', 'json' or 'binary'. Only one
+ output format can be used at a time.
+
+-v::
+--verbose::
+ Increase the information detail in the output.
+
+EXAMPLES
+--------
+No Examples
+
+NVME
+----
+Part of the nvme-user suite