keyczart(1) asymmetric key management tool

SYNOPSIS

keyczart <command> <flags>

DESCRIPTION

This manual page documents briefly the keyczart command, a tool which can be used to create and manage asymmetric keys. Currently, the supported key types are RSA and DSA.

GENERAL OPTIONS

keyczart supports the following commands and options:

create --location=KEYPATH --purpose=PURPOSE [ --name=NAME --asymmetric=TYPE ]

Creates a new, empty key set in the given location and the given purpose, which must be one of either "crypt" or "sign". The key set may optionally be given a name, and the key type can be chosen as well, in which case must be one of either "rsa" or "dsa". The "dsa" asymmetric value is valid only for sets with "sign" purpose.

addkeys --location=KEYPATH [ --status=STATUS --size=SIZE --crypter=LOCATION ]

Adds a new key to an existing key set. One can optionally specify a status, which can be one of either of "active" or "primary", with "active" being the default. The key size in bits can also be specified, as can the location of a set of crypting keys which will be used to encrypt this key set.

pubkey --location=KEYPATH --destination=DEST

Extracts public keys from a given key set and writes them to the destination. The pubkey command Only works for key sets that were created with the --asymmetric flag.

promote --location=KEYPATH --version=NUMBER

Promotes the status of the given key version in the given location. Active keys are promoted to primary (which demotes any existing primary key to active). Keys scheduled for revocation are promoted to be active.

demote --location=KEYPATH --version=NUMBER

Demotes the status of the given key version in the given location. Primary keys are demoted to active. Active keys are scheduled for revocation.

revoke --location=KEYPATH --version=NUMBER

Revokes the key of the given version number. This key must have been scheduled for revocation by the promote command. WARNING: The key will be destroyed.

AUTHOR

keyczart was written by members of the Google Security Team.

This manual page was written by Christian Kastner <[email protected]> for the Debian project (and may be used by others).