tangd-rotate-keys.1.adoc 1.4 KB

  1. tangd-rotate-keys(1)
  2. ====================
  3. :doctype: manpage
  4. == NAME
  5. tangd-rotate-keys - Perform rotation of tang keys
  6. == SYNOPSIS
  7. *tangd-rotate-keys* [-h] [-v] -d <KEYDIR>
  9. in order to preserve the security of the system over the long run, you need to periodically
  10. rotate your keys. The precise interval at which you should rotate depends upon your application,
  11. key sizes and institutional policy. For some common recommendations, see: https://www.keylength.com.
  12. *tangd-rotate-keys* generates new keys in the key database directory given by the *-d* option.
  13. This is typically */var/db/tang*. It also rename the old keys to have a leading . in order to
  14. hide them from advertisement.
  15. Tang will immediately pick up all changes. No restart is required.
  16. At this point, new client bindings will pick up the new keys and old clients can continue to
  17. utilize the old keys. Once you are sure that all the old clients have been migrated to use the
  18. new keys, you can remove the old keys. Be aware that removing the old keys while clients are
  19. still using them can result in data loss. You have been warned.
  20. == OPTIONS
  21. * *-d* <KEYDIR>:
  22. The directory with the keys, e.g. /var/db/tang
  23. * *-h*:
  24. Display the usage information
  25. * *-v*:
  26. Verbose. Display additional info on keys created/rotated
  27. == AUTHOR
  28. Sergio Correia <scorreia@redhat.com>
  29. == SEE ALSO
  30. link:tang.8.adoc[*tang*(8)]