Man Linux: Main Page and Category List

NAME

       ekeyd.conf - entropy key configuration

SYNOPSIS

       /etc/entropykey/resolv.conf

DESCRIPTION

       The  ekeyd  daemon allows Entropy Keys to transfer their random data to
       the kernels random pool. The daemon configuration file is a  series  of
       statements each controlling an aspect of the daemons operation.

       If this file does not exist the daemon will not start.

       The different configuration options are:

       TCPControlSocket TCP port number to listen on.
              The daemon can be controlled using a TCP network connection. Any
              number of control connections may  be  made  by  repeating  this
              statement with differnt port numbers, there is no authentication
              or protection against clients which connet  to  this  interface.
              The socket is always bound to localhost (127.0.0.1).

       UnixControlSocket UNIX domain socket to use.
              The  daemon  is  typically controlled using a unix domain socket
              (/var/run/ekeyd.sock). Authentication is as for any  file  on  a
              UNIX filesystem.

       Keyring The keyring file to use.
              The  Entropy  Key  encrypts  the  data  it sends to the host. To
              succesfully decrypt this data  the  host  requires  the  current
              encryption  key.  The  keyring  is  a  file containing a list of
              serial numbers and encryption keys.  The  keyring  is  generally
              updated using the ekey-lt-rekey(8) tool.

       SetOutputToKernel bits per byte to add to kernel pool.
              The  Kernel  maintains  an  entropy pool into which the ekeyd(8)
              injects the entropy gathered from the  Entropy  Keys.  The  data
              gathered  from  the  Entropy  Keys may be considered to have one
              shannon per bit so every bit gathered from the  devices  may  be
              injected  into  the  kernel  pool.  However,  by  default, to be
              conservative only seven of  eight  bits  are  entered  into  the
              kernel pool.

       EGDUnixSocket UNIX domain socket to use
              In   this   mode,   which   is   mutually   exclusive  with  the
              SetOutputToKernel output mode, ekeyd(8) gathers the entropy from
              the  attached  Entropy  Keys  and  presents an EGD(8) compatible
              interface on the named UNIX domain socket to  access  the  data.
              This  may  optionally take an octal mode string and username and
              group to chmod and chown the socket to. If you do  not  wish  to
              change  the  user or group, use empty strings. You cannot change
              the user/group without also providing a mode string. The default
              is to leave the user/group alone and set the socket to mode 0600

       EGDTCPSocket TCP port number to listen on.
              In  this  mode,   which   is   mutually   exclusive   with   the
              SetOutputToKernel output mode, ekeyd(8) gathers the entropy from
              the attached Entropy Keys  and  presents  an  EGD(8)  compatible
              interface  on a socket on the specified port to access the data.
              The socket is bound to localhost (127.0.0.1) by default,  but  a
              second  optional  string  parameter  can  be  used  to specify a
              different IP address, so that the EGD protocol is exported  more
              widely (e.g. for egd-linux to read from another machine).

       AddEntropyKey Device node of entropy key.
              Add  an  Entropy  key  to be managed by the ekeyd(8) daemon. The
              encryption key for the added device should be available  in  the
              keyring.

       AddEntropyKeys Directory of device nodes of entropy keys.
              Adds  one  or  more  Entropy  keys to be managed by the ekeyd(8)
              daemon. The encryption key  for  the  added  devices  should  be
              available   in   the   keyring.   This   is   generally  set  to
              /dev/entropykey which is the location  the  default  UDEV  rules
              create symbolic links.

FILES

       /etc/entropykey/resolv.conf, /var/run/ekeyd.sock, /dev/entropykey

SEE ALSO

       ekeyd(8), ekeydctl(8), ekey-lt-rekey(8)

AUTHOR

       Copyright © 2009 Simtec Electronics.  All rights reserved.

       Permission is hereby granted, free of charge, to any person obtaining a
       copy  of  this  software  and  associated  documentation   files   (the
       "Software"),  to  deal  in  the Software without restriction, including
       without limitation the rights to use,  copy,  modify,  merge,  publish,
       distribute,  sublicense,  and/or  sell  copies  of the Software, and to
       permit persons to whom the Software is furnished to do so,  subject  to
       the following conditions:

       The above copyright notice and this permission notice shall be included
       in all copies or substantial portions of the Software.

       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
       OR   IMPLIED,   INCLUDING   BUT   NOT  LIMITED  TO  THE  WARRANTIES  OF
       MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND  NONINFRINGEMENT.
       IN  NO  EVENT  SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
       CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN  ACTION  OF  CONTRACT,
       TORT  OR  OTHERWISE,  ARISING  FROM,  OUT  OF OR IN CONNECTION WITH THE
       SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

                                  2009-07-21