This repository has been archived by the owner on May 1, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
wiresep-keygen.1
90 lines (90 loc) · 2.45 KB
/
wiresep-keygen.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
.\" Copyright (c) 2019, 2020 Tim Kuijsten
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: March 30 2020 $
.Dt WIRESEP-KEYGEN 1
.Os
.Sh NAME
.Nm wiresep-keygen
.Nd key generator for WireSep
.Sh SYNOPSIS
.Nm
.Op Fl o Ar dir
.Ar tunN
.Nm
.Op Fl o Ar dir
.Fl s Cm global
.Nm
.Op Fl o Ar dir
.Fl s Ar tunN Op Ar peer ...
.Sh DESCRIPTION
.Nm
can generate the two different types of keys that are used by
.Xr wiresep 8
which are a private key or a pre-shared key.
Each tunnel interface should have exactly one private key generated for it.
Pre-shared keys can be used in different scopes, namely global, per interface or
per peer.
The use of pre-shared keys is optional in WireGuard, but when used add an
additional layer of security that is quantum-proof.
.Pp
In the first synopsis
.Nm
generates a private key.
By default the key is stored in
.Pa /etc/wireguard
unless overridden with
.Fl o .
The name of the file is
.Pa tunN.privkey
where
.Ar tunN
is the name of an interface, i.e. tun0.
.Pp
In the second synopsis a global pre-shared key is generated that can be used on
all configured interfaces with all peers that have no more specific overrides.
By default the key is stored in
.Pa /etc/wireguard/global.psk
unless
.Fl o
is used with a different
.Ar dir .
.Pp
In the third synopsis a pre-shared key is generated that is used for the
specific
.Ar tunN
only, or with the specified
.Ar peer
on
.Ar tunN
only.
By default the key for an interface is stored in
.Pa /etc/wireguard/tunN.psk
unless
.Fl o
is used with a different
.Ar dir .
If any
.Ar peer
is specified then the key is stored in
.Pa /etc/wireguard/tunN.peer.psk
and override any interface specific or global pre-shared keys.
.Sh EXIT STATUS
.Ex -std
.Sh SEE ALSO
.Xr wiresep.conf 5 ,
.Xr wiresep 8
.Sh AUTHORS
.An -nosplit
.An Tim Kuijsten