aespasswd - Used to create and manage an AES keyfile.
] -f keyfile identity
- Create the keyfile
- Delete given identity from keyfile
- -f keyfile
- Specifies file that holds identity/key pairs
is used to create and manage files that hold identity/key
pairs. It is primarily used to manage the bwctld.keys
and the owampd.keys
file for owampd
If the -d
option is not specified, then aespasswd
caller for a passphrase. The passphrase is hashed using an internal MD5
algorithm to generate a key that is then saved in the keyfile
associated with the given identity
. If the given identity
already exists in the keyfile
, the previous key is overwritten with the
generated by aespasswd
are formatted for use with
generates lines of the format:
, followed by whitespace, followed by a hex encoded 128-bit
number, that is suitable to be used as a symmetric AES key.
No other text is allowed on these lines; however, comment lines may be added.
Comment lines are any line where the first non-white space character is '
aespasswd -f /etc/bwctl/bwctld.keys testuser
aespasswd -f /etc/bwctl/bwctld.keys -n testuser
- Adds a key for the identity testuser. The user is
prompted for a passphrase. If the file does not exist, an error message
will be printed and no action will be taken.
aespasswd -f /etc/bwctl/bwctld.keys -d testuser
- Creates the file before doing the same as above. If the
file already exists, an error message will be printed and no action will
- Deletes the identity testuser from the keyfile. If
the file does not exist, an error message will be printed and no action
will be taken.
The keys in the keyfile
are not encrypted in any way. The security of
these keys is completely dependent upon the security of the system and the
discretion of the system administrator.
names are restricted to 16 characters, and passphrases are
limited to 1024 characters.
owping(1), owampd(1), bwctl(1), bwctld(1) and the
http://e2epi.internet2.edu/owamp and http://e2epi.internet2.edu/bwctl web
This material is based in part on work supported by the National Science
Foundation (NSF) under Grant No. ANI-0314723. Any opinions, findings and
conclusions or recommendations expressed in this material are those of the
author(s) and do not necessarily reflect the views of the NSF.