Annotation of embedaddon/strongswan/src/pt-tls-client/pt-tls-client.1.in, revision 1.1
1.1 ! misho 1: .TH PT-TLS-CLIENT 1 "2018-11-20" "@PACKAGE_VERSION@" "strongSwan"
! 2: .
! 3: .SH "NAME"
! 4: .
! 5: pt-tls-client \- Simple client using PT-TLS to collect integrity information
! 6: .
! 7: .SH "SYNOPSIS"
! 8: .
! 9: .SY "pt-tls-client"
! 10: .BI \-\-connect
! 11: .IR hostname |\fIaddress
! 12: .OP \-\-port port
! 13: .RB [ \-\-certid
! 14: .IR hex |\fB\-\-cert
! 15: .IR file ]+
! 16: .RB [ \-\-keyid
! 17: .IR hex |\fB\-\-key
! 18: .IR file ]
! 19: .RB [ \-\-key-type
! 20: .BR rsa |\fBecdsa\fR]
! 21: .OP \-\-client client-id
! 22: .OP \-\-secret password
! 23: .OP \-\-mutual
! 24: .OP \-\-options filename
! 25: .OP \-\-quiet
! 26: .OP \-\-debug level
! 27: .YS
! 28: .
! 29: .SY "pt-tls-client"
! 30: .B \-h
! 31: |
! 32: .B \-\-help
! 33: .YS
! 34: .
! 35: .SH "DESCRIPTION"
! 36: .
! 37: .B pt-tls-client
! 38: is a simple client using the PT-TLS (RFC 6876) transport protocol to collect
! 39: integrity measurements on the client platform. PT-TLS does an initial TLS
! 40: handshake with certificate-based server authentication and optional
! 41: certificate-based client authentication. Alternatively simple password-based
! 42: SASL client authentication protected by TLS can be used.
! 43: .P
! 44: Attribute requests and integrity measurements are exchanged via the PA-TNC (RFC
! 45: 5792) message protocol between any number of Integrity Measurement Verifiers
! 46: (IMVs) residing on the remote PT-TLS server and multiple Integrity Measurement
! 47: Collectors (IMCs) loaded dynamically by the PT-TLS client according to a list
! 48: defined by \fI/etc/tnc_config\fR. PA-TNC messages that contain one or several
! 49: PA-TNC attributes are multiplexed into PB-TNC (RFC 5793) client or server data
! 50: batches which in turn are transported via PT-TLS.
! 51: .
! 52: .SH "OPTIONS"
! 53: .
! 54: .TP
! 55: .B "\-h, \-\-help"
! 56: Prints usage information and a short summary of the available commands.
! 57: .TP
! 58: .BI "\-c, \-\-connect " hostname\fR|\fIaddress
! 59: Set the hostname or IP address of the PT-TLS server.
! 60: .TP
! 61: .BI "\-p, \-\-port " port
! 62: Set the port of the PT-TLS server, default: 271.
! 63: .TP
! 64: .BI "\-x, \-\-cert " file
! 65: Set the path to an X.509 certificate file. This option can be repeated to load
! 66: multiple client and CA certificates.
! 67: .TP
! 68: .BI "\-X, \-\-certid " hex
! 69: Set the handle of the certificate stored in a smartcard or a TPM 2.0 Trusted
! 70: Platform Module.
! 71: .TP
! 72: .BI "\-k, \-\-key " file
! 73: Set the path to the client's PKCS#1 or PKCS#8 private key file
! 74: .TP
! 75: .BI "\-t, \-\-key\-type " type
! 76: Define the type of the private key if stored in PKCS#1 format. Can be omitted
! 77: with PKCS#8 keys.
! 78: .TP
! 79: .BI "\-K, \-\-keyid " hex
! 80: Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted
! 81: Platform Module.
! 82: .TP
! 83: .BI "\-i, \-\-client " client-id
! 84: Set the username or client ID of the client required for password-based SASL
! 85: authentication.
! 86: .TP
! 87: .BI "\-s, \-\-secret " password
! 88: Set the preshared secret or client password required for password-based SASL
! 89: authentication.
! 90: .TP
! 91: .B "\-q, \-\-mutual
! 92: Enable mutual attestation between PT-TLS client and PT-TLS server.
! 93: .TP
! 94: .BI "\-v, \-\-debug " level
! 95: Set debug level, default: 1.
! 96: .TP
! 97: .B "\-q, \-\-quiet
! 98: Disable debug output to stderr.
! 99: .TP
! 100: .BI "\-+, \-\-options " file
! 101: Read command line options from \fIfile\fR.
! 102: .
! 103: .SH "EXAMPLES"
! 104: .
! 105: Connect to a PT-TLS server using certificate-based authentication,
! 106: storing the private ECDSA key in a file:
! 107: .PP
! 108: .EX
! 109: pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\
! 110: \-\-cert client.crt \-\-key client.key \-\-key\-type ecdsa
! 111: .EE
! 112: .PP
! 113: Connect to a PT-TLS server using certificate-based authentication,
! 114: storing the private key in a smartcard or a TPM 2.0 Trusted Platform Module:
! 115: .PP
! 116: .EX
! 117: pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\
! 118: \-\-cert client.crt \-\-keyid 0x81010002
! 119: .EE
! 120: .PP
! 121: Connect to a PT-TLS server listening on port 443, using SASL password-based
! 122: authentication:
! 123: .PP
! 124: .EX
! 125: pt-tls-client \-\-connect pdp.example.com --port 443 \-\-cert ca.crt \\
! 126: \-\-client jane \-\-password p2Nl9trKlb
! 127: .EE
! 128: .SH FILES
! 129: .TP
! 130: /etc/tnc_config
! 131: .
! 132: .SH "SEE ALSO"
! 133: .
! 134: .BR strongswan.conf (5)
! 135:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pt-tls-client.1.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pt-tls-client