keyczart - asymmetric key management tool
keyczart <command> <flags>
This manual page documents briefly the keyczart command, a
tool which can be used to create and manage asymmetric keys. Currently, the
supported key types are RSA and DSA.
keyczart supports the following commands and options:
create --location=KEYPATH --purpose=PURPOSE [
--name=NAME --asymmetric=TYPE ]
- Creates a new, empty key set in the given location and the given purpose,
which must be one of either "crypt" or "sign". The key
set may optionally be given a name, and the key type can be chosen as
well, in which case must be one of either "rsa" or
"dsa". The "dsa" asymmetric value is valid only for
sets with "sign" purpose.
addkeys --location=KEYPATH [ --status=STATUS
--size=SIZE --crypter=LOCATION ]
- Adds a new key to an existing key set. One can optionally specify a
status, which can be one of either of "active" or
"primary", with "active" being the default. The key
size in bits can also be specified, as can the location of a set of
crypting keys which will be used to encrypt this key set.
pubkey --location=KEYPATH
--destination=DEST
- Extracts public keys from a given key set and writes them to the
destination. The pubkey command Only works for key sets that were
created with the --asymmetric flag.
promote --location=KEYPATH
--version=NUMBER
- Promotes the status of the given key version in the given location. Active
keys are promoted to primary (which demotes any existing primary key to
active). Keys scheduled for revocation are promoted to be active.
demote --location=KEYPATH
--version=NUMBER
- Demotes the status of the given key version in the given location. Primary
keys are demoted to active. Active keys are scheduled for revocation.
revoke --location=KEYPATH
--version=NUMBER
- Revokes the key of the given version number. This key must have been
scheduled for revocation by the promote command. WARNING: The key
will be destroyed.
keyczart was written by members of the Google Security
Team.
This manual page was written by Christian Kastner
<ckk@debian.org> for the Debian project (and may be used by
others).