NAME
keyczar - Command line tool for generating Keyczar key files.
SYNOPSIS
$ keyczar create --location=/path/to/your/crypt-keyset --purpose=crypt
$ keyczar addkey --location=/path/to/your/crypt-keyset
$ keyczar create --location=/path/to/your/sign-keyset --purpose=sign
$ keyczar addkey --location=/path/to/your/sign-keyset
$ keyczar addkey --location=/path/to/your/sign-keyset --status=primary
$ keyczar pubkey --location=/path/to/your/asymmetric-keyset --destination=/path/to/public-keyset
$ keyczar usekey --location=/path/to/your/keyset
DESCRIPTION
All Keyczar keys are generated with the keyczar command line tool. The following commands are supported:
* create
create a new key store.
* addkey
add new key to existing store.
* promote
promote status of a key version in existing store.
* demote
demote status of a key version in existing store.
* revoke
revoke key version in existing store.
* pubkey
export a public key set from existing private key store. * usekey
encrypt or sing by primary key.
OPTIONS
create
keyczar must first create a new keyset using the create command. A newly created keyset will initially contain just a metadata file. create commmand requires --location and --purpose command-line flags that specify the location of the key set and its purpose. Valid purpose are currently crypt and sign. The create command may also take an optional --name flag to give a newly created keyset a name.
Some example create commands:
* Create a symmetric signing (HMAC) keyset:
keyczar create --location=/path/to/keyset --purpose=sign
* Create a symmetric signing (HMAC-SHA256) keyset:
keyczar create --location=/path/to/keyset --purpose=sign --type=HMAC_SHA256
* Create a symmetric crypting (AES) keyset named "Test":
keyczar create --location=/path/to/keyset --purpose=crypt --name=Test
* Create a asymmetric crypting (RSA) keyset:
keyczar create --location=/path/to/keyset --purpose=crypt --asymmetric
* Create a asymmetric signing (DSA) keyset:
keyczar create --location=/path/to/keyset --purpose=sign --asymmetric
* Create a asymmetric signing (RSA) keyset:
keyczar create --location=/path/to/keyset --purpose=sign --asymmetric=rsa
addkey
All Keyczar keys are created using the addkey command. This command requires a keyset --location flag and may optionally have --status, --crypter, and --size flags. --status values they are primary, active, and inactive. The default status is active. User-specified key sizes are supported, although it is recommended that only default or larger key sizes are used. The addkey command will create a new file in the keyset directory with an integer version number that is one greater than the currently largest version. For example, if the current keyset contains the key file 1, a new key version will be created in the file 2. Some example addkey commands:
* Create a new primary key:
keyczar addkey --locaiton=/path/to/keyset --status=primary
* Create a new active key:
keyczar addkey --location=/path/to/keyset
promote, demote, and revoke
The promote, demote, and revoke commands are used to change key status values. Each of these commands require a --location and --version flag. Promoting an active key will raise its status to primary, and promoting an inactive status will make it primary. There can only be a single primary key in given key set. Similarly, demote will lower a primary key to active, and an active key to inactive. The revoke command will only work for inactive status values. The revoke command will permenantly delete key material, so should be used with caution. Some example promote, demote, and revoke commands. Suppose that key version 1 initially has an active status:
* Promote active version 1 to primary:
keyczar promote --location=/path/to/keyset --version=1
* Demote primary version 1 back to active:
keyczar demote --location=/path/to/keyset --version=1
* Demote active version 1 to inactive:
keyczar demote --location=/path/to/keyset --version=1
* Revoke the inactive version 1:
keyczar revoke --location=/path/to/keyset --version=1
pubkey
Create and exports public key files to given --destination based on private key set at given --location. Some example addkey commands:
* Export public keyset from existing asymmetric key store:
keyczar pubkey --location=/path/to/keyset --destination=/path/to/public-keyset
SUPPORT KEYSTORE TYPE
The keyczar command can operate the file based keysets.
SEE ALSO
Crypt::Keyczar, Crypt::Keyczar::Crypter, Crypt::Keyczar::Signer, Crypt::Keyczar::FileReader, http://www.keyczar.org/
AUTHOR
Hiroyuki OYAMA <oyama@mixi.co.jp>
LICENSE
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
5 POD Errors
The following errors were encountered while parsing the POD:
- Around line 131:
=back doesn't take any parameters, but you said =back 4
- Around line 168:
=back doesn't take any parameters, but you said =back 4
- Around line 186:
=back doesn't take any parameters, but you said =back 4
- Around line 213:
=back doesn't take any parameters, but you said =back 4
- Around line 225:
=back doesn't take any parameters, but you said =back 4