summaryrefslogtreecommitdiffstats
path: root/Documentation/nvme-gen-tls-key.txt
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2023-04-03 07:59:35 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2023-04-03 07:59:35 +0000
commitf42531334c05b7f49ae43c0a27e347a487fb2667 (patch)
treee7a40dd5265005869a4e85eb1e96fdc588b42ef0 /Documentation/nvme-gen-tls-key.txt
parentAdding upstream version 2.3. (diff)
downloadnvme-cli-f42531334c05b7f49ae43c0a27e347a487fb2667.tar.xz
nvme-cli-f42531334c05b7f49ae43c0a27e347a487fb2667.zip
Adding upstream version 2.4.upstream/2.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'Documentation/nvme-gen-tls-key.txt')
-rw-r--r--Documentation/nvme-gen-tls-key.txt49
1 files changed, 44 insertions, 5 deletions
diff --git a/Documentation/nvme-gen-tls-key.txt b/Documentation/nvme-gen-tls-key.txt
index cfa8614..9a03e3a 100644
--- a/Documentation/nvme-gen-tls-key.txt
+++ b/Documentation/nvme-gen-tls-key.txt
@@ -8,18 +8,52 @@ nvme-gen-tls-key - Generate a NVMe TLS PSK
SYNOPSIS
--------
[verse]
-'nvme gen-tls-key' [--hmac=<hmac-id> | -h <hmac-id>]
+'nvme gen-tls-key' [--keyring=<name> | -k <name>]
+ [--keytype=<type> | -t <type> ]
+ [--hostnqn=<nqn> | -n <nqn>]
+ [--subsysnqn=<nqn> | -c <nqn>]
+ [--hmac=<hmac-id> | -h <hmac-id>]
[--secret=<secret> | -s <secret> ]
+ [--insert | -i ]
DESCRIPTION
-----------
-Generate a base64-encoded NVMe TLS pre-shared key (PSK) in
-the PSK interchange format
-NVMeTLSkey-1:01:VRLbtnN9AQb2WXW3c9+wEf/DRLz0QuLdbYvEhwtdWwNf9LrZ:
-and prints it to stdout.
+Generate a base64-encoded NVMe TLS pre-shared key (PSK).
+The resulting key is either printed in the PSK interchange format
+'NVMeTLSkey-1:01:<base64 encoded data>:',
+inserted as a 'retained' key into the specified keyring, or both.
+When the PSK should be inserted into the keyring a 'retained' key
+is derived from the secret key material, and the resulting 'retained'
+key is stored with the identity
+'NVMe0R0<hmac> <host NQN> <subsystem NQN>'
+in the keyring.
+The 'retained' key is derived from the secret key material,
+the specified subsystem NQN, and the host NQN.
+Once the 'retained' key is stored in the keyring the original
+secret key material cannot be retrieved.
OPTIONS
-------
+-k <name>::
+--keyring=<name>::
+ Name of the keyring into which the 'retained' TLS key should be
+ stored. Default is '.nvme'.
+
+-t <type>::
+--keytype=<type>::
+ Type of the key for resulting TLS key.
+ Default is 'psk'.
+
+-n <nqn>::
+--hostnqn=<nqn>::
+ Host NVMe Qualified Name (NQN) to be used to derive the
+ 'retained' TLS key
+
+-c <nqn>::
+--subsysnqn=<nqn>::
+ Subsystem NVMe Qualified Name (NQN) to be used to derive the
+ 'retained' TLS key
+
-h <hmac-id>::
--hmac=<hmac-id>::
Select a HMAC algorithm to use. Possible values are:
@@ -31,6 +65,11 @@ OPTIONS
Secret value (in hexadecimal) to be used for the key. If none are
provided a random value is used.
+-i::
+--insert::
+ Insert the resulting TLS key into the keyring without printing out
+ the key in PSK interchange format.
+
EXAMPLES
--------
No Examples