.SH NAME
corosync-keygen \- Generate an authentication key for Corosync.
.SH SYNOPSIS
-.B "corosync-keygen [\-k <filename>] [\-s size] [\-l] [\-h]"
+.B "corosync-keygen [\-k <filename>] [-m <randomfile>] [\-s size] [\-l] [\-h]"
.SH DESCRIPTION
If you want to configure corosync to use cryptographic techniques to ensure authenticity
If a message "Invalid digest" appears from the corosync executive, the keys
are not consistent between processors.
.PP
-.B Note: corosync-keygen
-will ask for user input to assist in generating entropy unless the -l option is used.
.SH OPTIONS
.TP
.B -k <filename>
.br
The default is /etc/corosync/authkey.
.TP
+.B -r
+Random number source file. Default is /dev/urandom. As an example /dev/random may be
+used when really superb randomness is needed.
+.TP
.B -s size
Size of the generated key in bytes. Default is 1024 bytes. Allowed range is <1024, 4096>.
.TP
+.TP
.B -l
-Use a less secure random data source that will not require user input to help generate
-entropy. This may be useful when this utility is used from a script or hardware random number
-generator is not available (f.e. in virtual machine).
+Option is not used and it's kept only for compatibility.
.TP
.B -h
Print basic usage.
.SH EXAMPLES
.TP
Generate the key.
-.PP
+.nf
# corosync-keygen
-.br
Corosync Cluster Engine Authentication key generator.
-.br
-Gathering 8192 bits for key from /dev/random.
-.br
-Press keys on your keyboard to generate entropy.
-.br
-.PP
-$ corosync-keygen -l -k /tmp/authkey
-.br
+Gathering 8192 bits for key from /dev/urandom.
+Writing corosync key to /etc/corosync/authkey
+.fi
+
+.TP
+Generate longer key and store it in the /tmp/authkey file.
+.nf
+$ corosync-keygen -s 2048 -k /tmp/authkey
Corosync Cluster Engine Authentication key generator.
-.br
+Gathering 16384 bits for key from /dev/urandom.
Writing corosync key to /tmp/authkey.
-.br
+.fi
+
+.TP
+Generate superb key using /dev/random
+.nf
+# corosync-keygen -r /dev/random
+Corosync Cluster Engine Authentication key generator.
+Gathering 8192 bits for key from /dev/random.
+Press keys on your keyboard to generate entropy.
+Press keys on your keyboard to generate entropy (bits = 96).
+Press keys on your keyboard to generate entropy (bits = 144).
+Press keys on your keyboard to generate entropy (bits = 192).
+ ...
+Press keys on your keyboard to generate entropy (bits = 8112).
+Press keys on your keyboard to generate entropy (bits = 8160).
+Writing corosync key to /etc/corosync/authkey.
+.fi
+
.SH SEE ALSO
.BR corosync_overview (8),
.BR corosync.conf (5),
#define DEFAULT_KEYFILE_LEN TOTEM_PRIVATE_KEY_LEN_MIN
-#define DEFAULT_RANDOM_DEV "/dev/random"
+#define DEFAULT_RANDOM_DEV "/dev/urandom"
static const char usage[] =
- "Usage: corosync-keygen [-k <keyfile>] [-l] [-h]\n"
+ "Usage: corosync-keygen [-k <keyfile>] [-s size] [-m <randomfile>] [-l] [-h]\n"
" -k / --key-file=<filename> - Write to the specified keyfile\n"
" instead of the default " DEFAULT_KEYFILE ".\n"
- " -l / --less-secure - Use a less secure random number source\n"
- " (/dev/urandom) that is guaranteed not to require user\n"
- " input for entropy. This can be used when this\n"
- " application is used from a script.\n"
+ " -r / --random-file - Random number source file. Default is \n"
+ " /dev/urandom. As an example /dev/random may be requested\n"
+ " (that may require user input for entropy).\n"
+ " -l / --less-secure - Not used, option is kept only\n"
+ " for compatibility.\n"
" -s / --size - Length of key.\n"
" -h / --help - Print basic usage.\n";
char *ep;
int c;
int option_index;
- int less_secure = 0;
static struct option long_options[] = {
{ "key-file", required_argument, NULL, 'k' },
{ "less-secure", no_argument, NULL, 'l' },
+ { "random-file", required_argument, NULL, 'r' },
{ "size", required_argument, NULL, 's' },
{ "help", no_argument, NULL, 'h' },
{ 0, 0, NULL, 0 },
};
- while ((c = getopt_long (argc, argv, "k:s:lh",
+ while ((c = getopt_long (argc, argv, "k:r:s:lh",
long_options, &option_index)) != -1) {
switch (c) {
case 'k':
keyfile = optarg;
break;
case 'l':
- less_secure = 1;
- random_dev = "/dev/urandom";
+ /*
+ * Only kept for compatibility
+ */
+ break;
+ case 'r':
+ random_dev = optarg;
break;
case 's':
tmpll = strtoll(optarg, &ep, 10);
if (tmpll < TOTEM_PRIVATE_KEY_LEN_MIN ||
tmpll > TOTEM_PRIVATE_KEY_LEN_MAX ||
errno != 0 || *ep != '\0') {
- printf ("Unsupported key size (supported <%u,%u>)\n",
+ errx (1, "Unsupported key size (supported <%u,%u>)\n",
TOTEM_PRIVATE_KEY_LEN_MIN,
TOTEM_PRIVATE_KEY_LEN_MAX);
- exit(1);
}
key_len = (size_t)tmpll;
err (1, "Failed to open random source");
}
- if (!less_secure) {
+ if (strcmp(random_dev, "/dev/random") == 0) {
printf ("Press keys on your keyboard to generate entropy.\n");
}
/*