summaryrefslogtreecommitdiffstats
path: root/Documentation/nvme-gen-tls-key.txt
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2023-12-24 07:57:54 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2023-12-24 07:57:54 +0000
commit66e4b69042cd3b44acd42f1fad2109180c1bc48b (patch)
tree8bd8e664ae856167566375357963062e8112f181 /Documentation/nvme-gen-tls-key.txt
parentReleasing debian version 2.5-1. (diff)
downloadnvme-cli-66e4b69042cd3b44acd42f1fad2109180c1bc48b.tar.xz
nvme-cli-66e4b69042cd3b44acd42f1fad2109180c1bc48b.zip
Merging upstream version 2.7.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'Documentation/nvme-gen-tls-key.txt')
-rw-r--r--Documentation/nvme-gen-tls-key.txt40
1 files changed, 30 insertions, 10 deletions
diff --git a/Documentation/nvme-gen-tls-key.txt b/Documentation/nvme-gen-tls-key.txt
index 9a03e3a..772c7bc 100644
--- a/Documentation/nvme-gen-tls-key.txt
+++ b/Documentation/nvme-gen-tls-key.txt
@@ -9,24 +9,29 @@ SYNOPSIS
--------
[verse]
'nvme gen-tls-key' [--keyring=<name> | -k <name>]
- [--keytype=<type> | -t <type> ]
- [--hostnqn=<nqn> | -n <nqn>]
- [--subsysnqn=<nqn> | -c <nqn>]
- [--hmac=<hmac-id> | -h <hmac-id>]
- [--secret=<secret> | -s <secret> ]
- [--insert | -i ]
+ [--keytype=<type> | -t <type>]
+ [--hostnqn=<nqn> | -n <nqn>]
+ [--subsysnqn=<nqn> | -c <nqn>]
+ [--hmac=<hmac-id> | -h <hmac-id>]
+ [--identity=<id-vers> | -I <id-vers>]
+ [--secret=<secret> | -s <secret>]
+ [--insert | -i]
+ [--output-format=<fmt> | -o <fmt>] [--verbose | -v]
DESCRIPTION
-----------
Generate a base64-encoded NVMe TLS pre-shared key (PSK).
The resulting key is either printed in the PSK interchange format
-'NVMeTLSkey-1:01:<base64 encoded data>:',
-inserted as a 'retained' key into the specified keyring, or both.
+'NVMeTLSkey-1:01:<base64 encoded data>:' or inserted as a
+'retained' key into the specified keyring if the '--insert' option
+is given.
When the PSK should be inserted into the keyring a 'retained' key
-is derived from the secret key material, and the resulting 'retained'
+is derived from the secret key material. The resulting 'retained'
key is stored with the identity
'NVMe0R0<hmac> <host NQN> <subsystem NQN>'
-in the keyring.
+(for identity version '0') or
+'NVMe1R0<hmac> <host NQN> <subsystem NQN> <PSK hash>'
+(for identity version '1') in the keyring.
The 'retained' key is derived from the secret key material,
the specified subsystem NQN, and the host NQN.
Once the 'retained' key is stored in the keyring the original
@@ -60,6 +65,12 @@ OPTIONS
1 - SHA-256 (default)
2 - SHA-384
+-I <vers>::
+--identity=<id-vers>::
+ Select the TLS identity to use. Possible values are:
+ 0 - Original NVMe TLS 1.0c identity
+ 1 - NVMe TLS 2.0 (TP8018) identity
+
-s <secret>::
--secret=<secret>::
Secret value (in hexadecimal) to be used for the key. If none are
@@ -70,6 +81,15 @@ OPTIONS
Insert the resulting TLS key into the keyring without printing out
the key in PSK interchange format.
+-o <fmt>::
+--output-format=<fmt>::
+ Set the reporting format to 'normal', 'json' or 'binary'. Only one
+ output format can be used at a time.
+
+-v::
+--verbose::
+ Increase the information detail in the output.
+
EXAMPLES
--------
No Examples