| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | .\" $NetBSD: netpgpkeys.1,v 1.8 2010/04/14 08:14:26 wiz Exp $ | | 1 | .\" $NetBSD: netpgpkeys.1,v 1.9 2010/05/07 05:55:46 agc Exp $ |
| 2 | .\" | | 2 | .\" |
| 3 | .\" Copyright (c) 2009, 2010 The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2009, 2010 The NetBSD Foundation, Inc. |
| 4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
| 5 | .\" | | 5 | .\" |
| 6 | .\" This manual page is derived from software contributed to | | 6 | .\" This manual page is derived from software contributed to |
| 7 | .\" The NetBSD Foundation by Alistair Crooks (agc@NetBSD.org). | | 7 | .\" The NetBSD Foundation by Alistair Crooks (agc@NetBSD.org). |
| 8 | .\" | | 8 | .\" |
| 9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
| 10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
| 11 | .\" are met: | | 11 | .\" are met: |
| 12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
| 13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
| 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -251,26 +251,36 @@ for the private and public host keys. | | | @@ -251,26 +251,36 @@ for the private and public host keys. |
| 251 | in normal processing, | | 251 | in normal processing, |
| 252 | if an error occurs, the contents of memory are saved to disk, and can | | 252 | if an error occurs, the contents of memory are saved to disk, and can |
| 253 | be read using tools to analyse behaviour. | | 253 | be read using tools to analyse behaviour. |
| 254 | Unfortunately this can disclose information to people viewing | | 254 | Unfortunately this can disclose information to people viewing |
| 255 | the core dump, such as secret keys, and passphrases protecting | | 255 | the core dump, such as secret keys, and passphrases protecting |
| 256 | those keys. | | 256 | those keys. |
| 257 | In normal operation, | | 257 | In normal operation, |
| 258 | .Nm | | 258 | .Nm |
| 259 | will turn off the ability to save core dumps on persistent storage, | | 259 | will turn off the ability to save core dumps on persistent storage, |
| 260 | but selecting this option will allow core dumps to be written to disk. | | 260 | but selecting this option will allow core dumps to be written to disk. |
| 261 | This option should be used wisely, and any core dumps should | | 261 | This option should be used wisely, and any core dumps should |
| 262 | be deleted in a secure manner when no longer needed. | | 262 | be deleted in a secure manner when no longer needed. |
| 263 | .El | | 263 | .El |
| | | 264 | .Pp |
| | | 265 | It is often useful to be able to refer to another user's identity by |
| | | 266 | using their |
| | | 267 | .Nm |
| | | 268 | .Dq fingerprint . |
| | | 269 | This can be found in the output from normal |
| | | 270 | .Fl Fl list-keys |
| | | 271 | and |
| | | 272 | .Fl Fl list-sigs |
| | | 273 | commands. |
| 264 | .Sh PASS PHRASES | | 274 | .Sh PASS PHRASES |
| 265 | The pass phrase cannot be changed by | | 275 | The pass phrase cannot be changed by |
| 266 | .Nm | | 276 | .Nm |
| 267 | once it has been chosen, and will | | 277 | once it has been chosen, and will |
| 268 | be used for the life of the key, so a wise choice is advised. | | 278 | be used for the life of the key, so a wise choice is advised. |
| 269 | The pass phrase should not be an easily guessable word or phrase, | | 279 | The pass phrase should not be an easily guessable word or phrase, |
| 270 | or related to information that can be gained through | | 280 | or related to information that can be gained through |
| 271 | .Dq social engineering | | 281 | .Dq social engineering |
| 272 | using search engines, or other public information retrieval methods. | | 282 | using search engines, or other public information retrieval methods. |
| 273 | .Pp | | 283 | .Pp |
| 274 | .Xr getpass 3 | | 284 | .Xr getpass 3 |
| 275 | will be used to obtain the pass phrase from the user if it is | | 285 | will be used to obtain the pass phrase from the user if it is |
| 276 | needed, | | 286 | needed, |