Skip to content

NAME

ionsecrc - ION security database management commands file

DESCRIPTION

ION security database management commands are passed to ionsecadmin either in a file of text lines or interactively at ionsecadmin's command prompt (:). Commands are interpreted line-by line, with exactly one command per line. The formats and effects of the ION security database management commands are described below.

COMMANDS

  • ?

    The help command. This will display a listing of the commands and their formats. It is the same as the h command.

  • #

    Comment line. Lines beginning with # are not interpreted.

  • e { 1 | 0 }

    Echo control. Setting echo to 1 causes all output printed by ionsecadmin to be logged as well as sent to stdout. Setting echo to 0 disables this behavior.

  • v

    Version number. Prints out the version of ION currently installed. HINT: combine with e 1 command to log the version number at startup.

  • 1

    The initialize command. Until this command is executed, the local ION node has no security database and most ionsecadmin commands will fail.

  • a key key_name file_name [key_length]

    The add key command. This command adds a named key value to the security database. The content of file_name is taken as the value of the key.

    If the optional key_length argument is provided, the file is treated as a raw binary stream and exactly key_length bytes are read. This bypasses standard text/hex parsing and is required for ingesting raw keys from temporary files or pipes.

    Named keys can be referenced by other elements of the security database.

  • a pubkey node effective_time assertion_time key_length key_text

    The add public key command. This command adds to the security database a public key for the indicated node. effective_time and assertion_ time are counts of seconds from the UNIX epoch time; key_text is hexadecimal. This command is normally expected to be issued automatically by the DTKA system.

  • c key key_name file_name [key_length]

    The change key command. This command changes the value of the named key, obtaining the new key value from the content of file_name. Like the add key command, an optional key_length can be provided to force raw binary ingestion of a specific byte count.

  • d key key_name

    The delete key command. This command deletes the key identified by name.

  • d pubkey node effective_time

    The delete public key command. This command deletes the public key for node that is identified by effective_time, a count of seconds from the UNIX epoch time.

  • i key key_name

    This command will print information about the named key, i.e., the length of its current value.

  • i pubkey node_number effective_time

    This command will print information (e.g., key length and text) about the public key for node_number that is identified by effective_time, a count of seconds from the UNIX epoch time.

  • l key

    This command lists all named keys in the security database.

  • l pubkey

    This command lists all public keys in the security database.

  • h

    The help command. This will display a listing of the commands and their formats. It is the same as the ? command.

EXAMPLES

  • a key BABKEY ./babkey.txt

    Adds a new key named "BABKEY" whose value is the content of the file "./babkey.txt", parsed using standard text/hex rules.

  • a key SESSION_KEY /tmp/key_export.dat 32

    Adds a new key named "SESSION_KEY" by reading exactly 32 bytes of raw binary data from "/tmp/key_export.dat".

SEE ALSO

ionsecadmin(1)