/usr/share/doc/monotone/html/Generating-Keys.html is in monotone-doc 1.1-9.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ -->
<head>
<title>monotone documentation: Generating Keys</title>
<meta name="description" content="monotone documentation: Generating Keys">
<meta name="keywords" content="monotone documentation: Generating Keys">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="General-Index.html#General-Index" rel="index" title="General Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Tutorial.html#Tutorial" rel="up" title="Tutorial">
<link href="Starting-a-New-Project.html#Starting-a-New-Project" rel="next" title="Starting a New Project">
<link href="Creating-a-Database.html#Creating-a-Database" rel="prev" title="Creating a Database">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>
<link rel="stylesheet" type="text/css" href="texinfo.css">
</head>
<body lang="en">
<a name="Generating-Keys"></a>
<div class="header">
<p>
Next: <a href="Starting-a-New-Project.html#Starting-a-New-Project" accesskey="n" rel="next">Starting a New Project</a>, Previous: <a href="Creating-a-Database.html#Creating-a-Database" accesskey="p" rel="prev">Creating a Database</a>, Up: <a href="Tutorial.html#Tutorial" accesskey="u" rel="up">Tutorial</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="General-Index.html#General-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Generating-Keys-1"></a>
<h3 class="section">2.4 Generating Keys</h3>
<p>Now Jim, Abe and Beth must each generate an <small>RSA</small> key pair for
themselves. This step requires choosing a key identifier. Typical key
identifiers are similar to email addresses, possibly modified with
some prefix or suffix to distinguish multiple keys held by the same
owner. Our example programmers will use their email addresses at the
fictional “juicebot.co.jp” domain name. When we ask for a key to be
generated, monotone will ask us for a passphrase. This phrase is used
to encrypt the key when storing it on disk, as a security measure.
</p>
<p>Jim does the following:
</p>
<div class="smallexample">
<pre class="smallexample">$ mtn genkey jim@juicebot.co.jp
enter passphrase for key ID [jim@juicebot.co.jp] (...): <i><Jim enters his passphrase></i>
confirm passphrase for key ID [jim@juicebot.co.jp] (...): <i><Jim confirms his passphrase></i>
mtn: generating key-pair 'jim@juicebot.co.jp'
mtn: storing key-pair 'jim@juicebot.co.jp' in /home/jim/.monotone/keys
mtn: key 'jim@juicebot.co.jp' has hash '398cb10dcd4fadf4f7849a3734b626a83e0bb2ae'
</pre></div>
<p>Abe does something similar:
</p>
<div class="smallexample">
<pre class="smallexample">$ mtn genkey abe@juicebot.co.jp
enter passphrase for key ID [abe@juicebot.co.jp] (...): <i><Abe enters his passphrase></i>
confirm passphrase for key ID [abe@juicebot.co.jp] (...): <i><Abe confirms his passphrase></i>
mtn: generating key-pair 'abe@juicebot.co.jp'
mtn: storing key-pair 'abe@juicebot.co.jp' in /home/abe/.monotone/keys
mtn: key 'abe@juicebot.co.jp' has hash '62d8d1798e716868acde75c0fc4c84760003863d'
</pre></div>
<p>as does Beth:
</p>
<div class="smallexample">
<pre class="smallexample">$ mtn genkey beth@juicebot.co.jp
enter passphrase for key ID [beth@juicebot.co.jp] (...): <i><Beth enters her passphrase></i>
confirm passphrase for key ID [beth@juicebot.co.jp] (...): <i><Beth confirms her passphrase></i>
mtn: generating key-pair 'beth@juicebot.co.jp'
mtn: storing key-pair 'beth@juicebot.co.jp' in /home/beth/.monotone/keys
mtn: key 'beth@juicebot.co.jp' has hash 'c1d47c065a21f1e1c4fbdefaa2f37bd2c15ee4b1'
</pre></div>
<p>Each programmer has now generated a key pair and placed it in their
keystore. Each can list the keys in their keystore, to ensure
the correct key was generated. For example, Jim might see this:
</p>
<div class="smallexample">
<pre class="smallexample">$ mtn list keys
[public keys]
398cb10dcd4fadf4f7849a3734b626a83e0bb2ae jim@juicebot.co.jp (*)
(*) - only in /home/jim/.monotone/keys/
[private keys]
398cb10dcd4fadf4f7849a3734b626a83e0bb2ae jim@juicebot.co.jp
</pre></div>
<p>The hexadecimal string printed out before each key name is a
<em>fingerprint</em> of the key, and can be used to verify that the key
you have stored under a given name is the one you intended to
store. Monotone will never permit one keystore to store two keys with
the same fingerprint, however distincts keys with equal names
are possible.
</p>
<p>This output shows one private and one public key stored under the name
<code>jim@juicebot.co.jp</code>, so it indicates that Jim’s key-pair has been
successfully generated and stored. On subsequent commands, Jim will need
to re-enter his passphrase in order to perform security-sensitive
tasks.
</p>
<p>Pretty soon Jim gets annoyed when he has to enter his passphrase every
time he invokes <code>mtn</code> (and, more importantly, it simplifies the
tutorial text to skip the passphrase prompts) so he decides to use
<em>ssh-agent</em> to store his key. He does this by using the
<code>ssh_agent_export</code> command to export his key into a format that
ssh-agent can understand and adding it with <code>ssh-add</code>.
</p>
<div class="smallexample">
<pre class="smallexample">$ mtn ssh_agent_export ~/.ssh/id_monotone
enter passphrase for key ID [user@example.com] (1234abcd...):
enter new passphrase for key ID [user@example.com] (1234abcd...):
confirm passphrase for key ID [user@example.com] (1234abcd...):
$ chmod 600 ~/.ssh/id_monotone
</pre></div>
<p>From now on, Jim just needs to add his key to ssh-agent when he logs in
and he will not need to enter his passphrase every time he uses monotone.
</p>
<div class="smallexample">
<pre class="smallexample">$ ssh-agent /bin/bash
$ ssh-add ~/.ssh/id_monotone
Enter passphrase for /home/user/.ssh/id_monotone:
Identity added: /home/user/.ssh/id_monotone (/home/user/.ssh/id_monotone)
$ mtn ci -m"Changed foo to bar"
$ mtn push
</pre></div>
<p>The following procedure is deprecated and not suggested for general use
as it is very insecure.
</p>
<p>Jim isn’t very worried about security so he
decides to store his passphrase in his <samp>monotonerc</samp> file. He does
this by writing a <em>hook function</em> which returns the passphrase:
</p>
<div class="smallexample">
<pre class="smallexample">$ mkdir ~/.monotone
$ cat >>~/.monotone/monotonerc
function get_passphrase(key_identity)
return "jimsekret"
end
^D
</pre></div>
<p>Now whenever monotone needs his passphrase, it will call this function
instead of prompting him to type it. Note that we are appending the new
hook to the (possibly existing) file. We do this to avoid losing other
changes by mistake; therefore, be sure to check that no other
<code>get_passphrase</code> function appears in the configuration file.
</p>
<p>Abe and Beth do the same, with their secret passphrases.
</p>
<hr>
<div class="header">
<p>
Next: <a href="Starting-a-New-Project.html#Starting-a-New-Project" accesskey="n" rel="next">Starting a New Project</a>, Previous: <a href="Creating-a-Database.html#Creating-a-Database" accesskey="p" rel="prev">Creating a Database</a>, Up: <a href="Tutorial.html#Tutorial" accesskey="u" rel="up">Tutorial</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="General-Index.html#General-Index" title="Index" rel="index">Index</a>]</p>
</div>
</body>
</html>
|