Annotation of embedaddon/strongswan/src/pt-tls-client/pt-tls-client.1.in, revision 1.1.1.1
1.1 misho 1: .TH PT-TLS-CLIENT 1 "2018-11-20" "@PACKAGE_VERSION@" "strongSwan"
2: .
3: .SH "NAME"
4: .
5: pt-tls-client \- Simple client using PT-TLS to collect integrity information
6: .
7: .SH "SYNOPSIS"
8: .
9: .SY "pt-tls-client"
10: .BI \-\-connect
11: .IR hostname |\fIaddress
12: .OP \-\-port port
13: .RB [ \-\-certid
14: .IR hex |\fB\-\-cert
15: .IR file ]+
16: .RB [ \-\-keyid
17: .IR hex |\fB\-\-key
18: .IR file ]
19: .RB [ \-\-key-type
20: .BR rsa |\fBecdsa\fR]
21: .OP \-\-client client-id
22: .OP \-\-secret password
23: .OP \-\-mutual
24: .OP \-\-options filename
25: .OP \-\-quiet
26: .OP \-\-debug level
27: .YS
28: .
29: .SY "pt-tls-client"
30: .B \-h
31: |
32: .B \-\-help
33: .YS
34: .
35: .SH "DESCRIPTION"
36: .
37: .B pt-tls-client
38: is a simple client using the PT-TLS (RFC 6876) transport protocol to collect
39: integrity measurements on the client platform. PT-TLS does an initial TLS
40: handshake with certificate-based server authentication and optional
41: certificate-based client authentication. Alternatively simple password-based
42: SASL client authentication protected by TLS can be used.
43: .P
44: Attribute requests and integrity measurements are exchanged via the PA-TNC (RFC
45: 5792) message protocol between any number of Integrity Measurement Verifiers
46: (IMVs) residing on the remote PT-TLS server and multiple Integrity Measurement
47: Collectors (IMCs) loaded dynamically by the PT-TLS client according to a list
48: defined by \fI/etc/tnc_config\fR. PA-TNC messages that contain one or several
49: PA-TNC attributes are multiplexed into PB-TNC (RFC 5793) client or server data
50: batches which in turn are transported via PT-TLS.
51: .
52: .SH "OPTIONS"
53: .
54: .TP
55: .B "\-h, \-\-help"
56: Prints usage information and a short summary of the available commands.
57: .TP
58: .BI "\-c, \-\-connect " hostname\fR|\fIaddress
59: Set the hostname or IP address of the PT-TLS server.
60: .TP
61: .BI "\-p, \-\-port " port
62: Set the port of the PT-TLS server, default: 271.
63: .TP
64: .BI "\-x, \-\-cert " file
65: Set the path to an X.509 certificate file. This option can be repeated to load
66: multiple client and CA certificates.
67: .TP
68: .BI "\-X, \-\-certid " hex
69: Set the handle of the certificate stored in a smartcard or a TPM 2.0 Trusted
70: Platform Module.
71: .TP
72: .BI "\-k, \-\-key " file
73: Set the path to the client's PKCS#1 or PKCS#8 private key file
74: .TP
75: .BI "\-t, \-\-key\-type " type
76: Define the type of the private key if stored in PKCS#1 format. Can be omitted
77: with PKCS#8 keys.
78: .TP
79: .BI "\-K, \-\-keyid " hex
80: Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted
81: Platform Module.
82: .TP
83: .BI "\-i, \-\-client " client-id
84: Set the username or client ID of the client required for password-based SASL
85: authentication.
86: .TP
87: .BI "\-s, \-\-secret " password
88: Set the preshared secret or client password required for password-based SASL
89: authentication.
90: .TP
91: .B "\-q, \-\-mutual
92: Enable mutual attestation between PT-TLS client and PT-TLS server.
93: .TP
94: .BI "\-v, \-\-debug " level
95: Set debug level, default: 1.
96: .TP
97: .B "\-q, \-\-quiet
98: Disable debug output to stderr.
99: .TP
100: .BI "\-+, \-\-options " file
101: Read command line options from \fIfile\fR.
102: .
103: .SH "EXAMPLES"
104: .
105: Connect to a PT-TLS server using certificate-based authentication,
106: storing the private ECDSA key in a file:
107: .PP
108: .EX
109: pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\
110: \-\-cert client.crt \-\-key client.key \-\-key\-type ecdsa
111: .EE
112: .PP
113: Connect to a PT-TLS server using certificate-based authentication,
114: storing the private key in a smartcard or a TPM 2.0 Trusted Platform Module:
115: .PP
116: .EX
117: pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\
118: \-\-cert client.crt \-\-keyid 0x81010002
119: .EE
120: .PP
121: Connect to a PT-TLS server listening on port 443, using SASL password-based
122: authentication:
123: .PP
124: .EX
125: pt-tls-client \-\-connect pdp.example.com --port 443 \-\-cert ca.crt \\
126: \-\-client jane \-\-password p2Nl9trKlb
127: .EE
128: .SH FILES
129: .TP
130: /etc/tnc_config
131: .
132: .SH "SEE ALSO"
133: .
134: .BR strongswan.conf (5)
135:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>