diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-04-03 07:59:35 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-04-03 07:59:35 +0000 |
commit | f42531334c05b7f49ae43c0a27e347a487fb2667 (patch) | |
tree | e7a40dd5265005869a4e85eb1e96fdc588b42ef0 /Documentation/nvme-gen-tls-key.txt | |
parent | Adding upstream version 2.3. (diff) | |
download | nvme-cli-f42531334c05b7f49ae43c0a27e347a487fb2667.tar.xz nvme-cli-f42531334c05b7f49ae43c0a27e347a487fb2667.zip |
Adding upstream version 2.4.upstream/2.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | Documentation/nvme-gen-tls-key.txt | 49 |
1 files changed, 44 insertions, 5 deletions
diff --git a/Documentation/nvme-gen-tls-key.txt b/Documentation/nvme-gen-tls-key.txt index cfa8614..9a03e3a 100644 --- a/Documentation/nvme-gen-tls-key.txt +++ b/Documentation/nvme-gen-tls-key.txt @@ -8,18 +8,52 @@ nvme-gen-tls-key - Generate a NVMe TLS PSK SYNOPSIS -------- [verse] -'nvme gen-tls-key' [--hmac=<hmac-id> | -h <hmac-id>] +'nvme gen-tls-key' [--keyring=<name> | -k <name>] + [--keytype=<type> | -t <type> ] + [--hostnqn=<nqn> | -n <nqn>] + [--subsysnqn=<nqn> | -c <nqn>] + [--hmac=<hmac-id> | -h <hmac-id>] [--secret=<secret> | -s <secret> ] + [--insert | -i ] DESCRIPTION ----------- -Generate a base64-encoded NVMe TLS pre-shared key (PSK) in -the PSK interchange format -NVMeTLSkey-1:01:VRLbtnN9AQb2WXW3c9+wEf/DRLz0QuLdbYvEhwtdWwNf9LrZ: -and prints it to stdout. +Generate a base64-encoded NVMe TLS pre-shared key (PSK). +The resulting key is either printed in the PSK interchange format +'NVMeTLSkey-1:01:<base64 encoded data>:', +inserted as a 'retained' key into the specified keyring, or both. +When the PSK should be inserted into the keyring a 'retained' key +is derived from the secret key material, and the resulting 'retained' +key is stored with the identity +'NVMe0R0<hmac> <host NQN> <subsystem NQN>' +in the keyring. +The 'retained' key is derived from the secret key material, +the specified subsystem NQN, and the host NQN. +Once the 'retained' key is stored in the keyring the original +secret key material cannot be retrieved. OPTIONS ------- +-k <name>:: +--keyring=<name>:: + Name of the keyring into which the 'retained' TLS key should be + stored. Default is '.nvme'. + +-t <type>:: +--keytype=<type>:: + Type of the key for resulting TLS key. + Default is 'psk'. + +-n <nqn>:: +--hostnqn=<nqn>:: + Host NVMe Qualified Name (NQN) to be used to derive the + 'retained' TLS key + +-c <nqn>:: +--subsysnqn=<nqn>:: + Subsystem NVMe Qualified Name (NQN) to be used to derive the + 'retained' TLS key + -h <hmac-id>:: --hmac=<hmac-id>:: Select a HMAC algorithm to use. Possible values are: @@ -31,6 +65,11 @@ OPTIONS Secret value (in hexadecimal) to be used for the key. If none are provided a random value is used. +-i:: +--insert:: + Insert the resulting TLS key into the keyring without printing out + the key in PSK interchange format. + EXAMPLES -------- No Examples |