uftp_keymgt - Encrypted UDP based ftp with multicast - key management utility
uftp_keymgt [ -m ] [ key_file [ key_file ...] ]
uftp_keymgt [ -m ] -g { rsa:key_length | ec:curve } key_file
uftp_keymgt [ -m ] -d key_file
uftp_keymgt is a utility for creating, viewing, and deleting RSA and EC
private keys used by the UFTP suite. Although keys can be generated on the fly
by
uftp(1),
uftpd(1), and
uftpproxyd(1), this utility
gives a more straightforward way of doing so without having to kick off a
dummy process just to create/view a key.
The definition of
key_file is dependent on the crypto library UFTP is
compiled to use.
On Windows systems, UFTP can built to use either CNG, which is the new API
supported by Windows Vista and Windows 7, or CryptoAPI, which is the legacy
API and the only one available to Windows XP.
Under CryptoAPI, all RSA private keys must be stored in a key container
(technically only keys used to sign data, but for UFTP's purposes this is the
case). Key containers are internal to Windows, and each user (and the system)
has its own set of key containers. In this case, key_file is actually the name
of the key container. Elliptic Curve algorithms are not supported under
CryptoAPI.
Under CNG, RSA and ECDSA private keys are also stored in key containers, and RSA
keys created by CrypoAPI may be read by CNG. Like CryptoAPI, key_file also
specifies the key container name. CNG only supports 3 named EC curves:
prime256v1,
secp384r1, and
secp521r1.
All other systems use OpenSSL for the crypto library (although under Windows
UFTP can be also be built to use it). In this case, key_file specifies a file
name where the RSA or ECDSA private key is stored unencrypted in PEM format
(the OS is expected to protect this file).
The
-g option is used to generate a key of a given type and store it in
the given key_file. The key size and key fingerprint are then printed. Under
OpenSSL, a key can actually be generated by the
openssl(1) command line
utility, although you'll still need to run uftp_keymgt on it to see the
fingerprint.
The
-d option is available only on Windows systems using CryptoAPI or
CNG. It deletes the key container specified by key_file.
When neither
-g or
-d are specified, the type and fingerprint of
all keys listed are printed. If no keys are specified under Windows with
CryptoAPI or CNG, the private key for all key containers for the current user
are printed. Note that some key containers may exist that an application other
than UFTP is using, and some of those may not have an RSA or EC private key.
The following options are supported:
-
-g { rsa:key_length |
ec:curve } key_file
- Specifies the type of new key and the key_file to store it
in. New keys are specified as either rsa:key_length, which
creates an RSA private key key_length bits wide, or as
ec:curve, which creates an EC key using the curve
"curve".
The list of supported EC curves is as follows (availability may vary
depending on system settings and crypto library used):
sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1
sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1
secp160k1 secp160r1 secp160r2 secp192k1 prime192v1 secp224k1 secp224r1
secp256k1 prime256v1 secp384r1 secp521r1
-
-d key_file
- Specifies the Windows key container to delete.
- -m
- For Windows systems using CryptoAPI or CNG, private keys
are normally stored in the key container of the running user. Specifying
this option stores keys in the system key container. On non-Windows
systems, this option has no effect.
The following exit values are returned:
- 0
- The command completed successfully.
- 1
- An invalid command line parameter was specified.
uftp(1),
uftpd(1),
uftpproxyd(1).
The latest version of UFTP can be found at
http://uftp-multicast.sourceforge.net. UFTP is covered by the GNU General
Public License. Commercial licenses and support are available from Dennis Bush
(
[email protected]).