Content-type: text/html
Manpage of SHSEC
SHSEC
Section: User Manuals (1)
Updated: December 2004
Index
Return to Main Contents
NAME
shsec - Shared Secret client
SYNOPSIS
shsec [-hVvskdl] [-t
seconds
] [-L
length
] [-o
file
] [-F
format
] [-f
margin
] [-S
file
] tag@peer[:port]
DESCRIPTION
shsec
(Shared Secret client) is the program which requests
shsecd(8)
to negotiate a shared secret (password) with a peer over
the Internet in secure way. The program could be useed to
agree on common password over insecure network or create a
pre-shared key for VPN. Keys are identified in terms of
tag@peer.
Key negotiation is started explicitly by specifying
-i
option and in case of success, a new key on the peer's side is stored
into the local key database. On the initiator's side key is returned to
the client and not stored into database, unless
-s
option is given. When a new key arrives into key database on peer's
(responder's) side, a local client can retireve this key during
given amount of time. When a client feches a key, the key is
deleted automatically unless
-k
option is specified.
Negotiated secret could be printed
to standard output or stored in file in several formats.
Since default behaviour is to fetch requested key and delete
it from local key databse, an error is returned if a key does
not exist.
See
shsecd(8)
for further details.
OPTIONS
- -h, --help
-
Print this option list, then exit.
- -V, --version
-
Print version number, then exit.
- -v, --verbose
-
Be verbose. To increase level, specify this option twice.
- -i, --initiate
-
Initiate key exchange if requested does not exist.
- -s, --store
-
Store key into key database on initiator's side.
- -k, --keep
-
Keep key in key database after key has been fetched.
- -d, --delete
-
Delete key from key database immeadetly.
- -l, --list
-
List all keys existing on local host.
- -t seconds, --lifetime=seconds
-
Validity in seconds for key, stored in database.
The default value is 3660 seconds or 1h.
- -L length, --key-len=length
-
Requested key length in bits or some well-known symetric
encryption algorithm name. It could be on of these:
des, des2, des3, aes128, aes192, aes256.
The default value is 128.
- -o file, --output=file
-
File to write requested key to. The default is to write to
standard output.
- -F format, --format=format
-
Output file format, one of
raw, hex, base64.
- -f margin, --fmt=margin
-
Format output to margin if output format. This options is
valid only if
-F
option is on of
hex, base64.
- -S file, --sock-file=file
-
Path to socket file. The default file location is
/var/run/shsec/shsecd.sock
- tag@peer[:port]
-
Tag is to distinguish among several keys. It can consist of any character
except '@:'. A peer is an IP address or FQDN to negotiate key with.
These arguments are optional if
-l
option is set.
FILES
/var/run/shsec/shsec.sock
-
This file is used by client to communicate with daemon.
Another location of the file can be specified by
-S
command line option.
ENVIRONMENT
shsec does not use any enviroment variable at the moment.
EXAMPLES
hostA$ shsec -i secret1@hostB
-
- to initiate a key request from hostA to hostB.
hostB$ shsec -k secret1@hostA
-
- to retrieve the key on hostB side and keep in key database.
hostB$ shsec -F base64 -o secret.txt secret1@hostA
-
- to to retrieve the same key on hostB side, save into file
encoded ad base64.
hostB$ shsec -l
-
- to list all existing keys.
hostB$ shsec -d secret1@hostA
-
- to explicitly delete specified key.
BUGS
You are welcome to report about shsec bugs in
https://sourceforge.net/projects/shsec
AUTHOR
Arvydas Juskaitis <arvydasj@users.sourceforge.net>
SEE ALSO
shsecd(8),
shsec.conf(5).
A
shsec.txt
file in documentation directory reveals some details about
implementation and contains description of communication protocol
and digital signatures.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- FILES
-
- ENVIRONMENT
-
- EXAMPLES
-
- BUGS
-
- AUTHOR
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 21:05:04 GMT, January 19, 2005