Return to pt-tls-client.1.in CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pt-tls-client |
1.1 ! misho 1: .TH PT-TLS-CLIENT 1 "2018-11-20" "@PACKAGE_VERSION@" "strongSwan" ! 2: . ! 3: .SH "NAME" ! 4: . ! 5: pt-tls-client \- Simple client using PT-TLS to collect integrity information ! 6: . ! 7: .SH "SYNOPSIS" ! 8: . ! 9: .SY "pt-tls-client" ! 10: .BI \-\-connect ! 11: .IR hostname |\fIaddress ! 12: .OP \-\-port port ! 13: .RB [ \-\-certid ! 14: .IR hex |\fB\-\-cert ! 15: .IR file ]+ ! 16: .RB [ \-\-keyid ! 17: .IR hex |\fB\-\-key ! 18: .IR file ] ! 19: .RB [ \-\-key-type ! 20: .BR rsa |\fBecdsa\fR] ! 21: .OP \-\-client client-id ! 22: .OP \-\-secret password ! 23: .OP \-\-mutual ! 24: .OP \-\-options filename ! 25: .OP \-\-quiet ! 26: .OP \-\-debug level ! 27: .YS ! 28: . ! 29: .SY "pt-tls-client" ! 30: .B \-h ! 31: | ! 32: .B \-\-help ! 33: .YS ! 34: . ! 35: .SH "DESCRIPTION" ! 36: . ! 37: .B pt-tls-client ! 38: is a simple client using the PT-TLS (RFC 6876) transport protocol to collect ! 39: integrity measurements on the client platform. PT-TLS does an initial TLS ! 40: handshake with certificate-based server authentication and optional ! 41: certificate-based client authentication. Alternatively simple password-based ! 42: SASL client authentication protected by TLS can be used. ! 43: .P ! 44: Attribute requests and integrity measurements are exchanged via the PA-TNC (RFC ! 45: 5792) message protocol between any number of Integrity Measurement Verifiers ! 46: (IMVs) residing on the remote PT-TLS server and multiple Integrity Measurement ! 47: Collectors (IMCs) loaded dynamically by the PT-TLS client according to a list ! 48: defined by \fI/etc/tnc_config\fR. PA-TNC messages that contain one or several ! 49: PA-TNC attributes are multiplexed into PB-TNC (RFC 5793) client or server data ! 50: batches which in turn are transported via PT-TLS. ! 51: . ! 52: .SH "OPTIONS" ! 53: . ! 54: .TP ! 55: .B "\-h, \-\-help" ! 56: Prints usage information and a short summary of the available commands. ! 57: .TP ! 58: .BI "\-c, \-\-connect " hostname\fR|\fIaddress ! 59: Set the hostname or IP address of the PT-TLS server. ! 60: .TP ! 61: .BI "\-p, \-\-port " port ! 62: Set the port of the PT-TLS server, default: 271. ! 63: .TP ! 64: .BI "\-x, \-\-cert " file ! 65: Set the path to an X.509 certificate file. This option can be repeated to load ! 66: multiple client and CA certificates. ! 67: .TP ! 68: .BI "\-X, \-\-certid " hex ! 69: Set the handle of the certificate stored in a smartcard or a TPM 2.0 Trusted ! 70: Platform Module. ! 71: .TP ! 72: .BI "\-k, \-\-key " file ! 73: Set the path to the client's PKCS#1 or PKCS#8 private key file ! 74: .TP ! 75: .BI "\-t, \-\-key\-type " type ! 76: Define the type of the private key if stored in PKCS#1 format. Can be omitted ! 77: with PKCS#8 keys. ! 78: .TP ! 79: .BI "\-K, \-\-keyid " hex ! 80: Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted ! 81: Platform Module. ! 82: .TP ! 83: .BI "\-i, \-\-client " client-id ! 84: Set the username or client ID of the client required for password-based SASL ! 85: authentication. ! 86: .TP ! 87: .BI "\-s, \-\-secret " password ! 88: Set the preshared secret or client password required for password-based SASL ! 89: authentication. ! 90: .TP ! 91: .B "\-q, \-\-mutual ! 92: Enable mutual attestation between PT-TLS client and PT-TLS server. ! 93: .TP ! 94: .BI "\-v, \-\-debug " level ! 95: Set debug level, default: 1. ! 96: .TP ! 97: .B "\-q, \-\-quiet ! 98: Disable debug output to stderr. ! 99: .TP ! 100: .BI "\-+, \-\-options " file ! 101: Read command line options from \fIfile\fR. ! 102: . ! 103: .SH "EXAMPLES" ! 104: . ! 105: Connect to a PT-TLS server using certificate-based authentication, ! 106: storing the private ECDSA key in a file: ! 107: .PP ! 108: .EX ! 109: pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\ ! 110: \-\-cert client.crt \-\-key client.key \-\-key\-type ecdsa ! 111: .EE ! 112: .PP ! 113: Connect to a PT-TLS server using certificate-based authentication, ! 114: storing the private key in a smartcard or a TPM 2.0 Trusted Platform Module: ! 115: .PP ! 116: .EX ! 117: pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\ ! 118: \-\-cert client.crt \-\-keyid 0x81010002 ! 119: .EE ! 120: .PP ! 121: Connect to a PT-TLS server listening on port 443, using SASL password-based ! 122: authentication: ! 123: .PP ! 124: .EX ! 125: pt-tls-client \-\-connect pdp.example.com --port 443 \-\-cert ca.crt \\ ! 126: \-\-client jane \-\-password p2Nl9trKlb ! 127: .EE ! 128: .SH FILES ! 129: .TP ! 130: /etc/tnc_config ! 131: . ! 132: .SH "SEE ALSO" ! 133: . ! 134: .BR strongswan.conf (5) ! 135: