[BACK]Return to pt-tls-client.1.in CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pt-tls-client
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pt-tls-client / pt-tls-client.1.in
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:44 2020 UTC (4 years, 4 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

    1: .TH PT-TLS-CLIENT 1 "2018-11-20" "@PACKAGE_VERSION@" "strongSwan"
    2: .
    3: .SH "NAME"
    4: .
    5: pt-tls-client \- Simple client using PT-TLS to collect integrity information
    6: .
    7: .SH "SYNOPSIS"
    8: .
    9: .SY "pt-tls-client"
   10: .BI \-\-connect
   11: .IR hostname |\fIaddress
   12: .OP \-\-port port
   13: .RB [ \-\-certid
   14: .IR hex |\fB\-\-cert
   15: .IR file ]+
   16: .RB [ \-\-keyid
   17: .IR hex |\fB\-\-key
   18: .IR file ]
   19: .RB [ \-\-key-type
   20: .BR rsa |\fBecdsa\fR]
   21: .OP \-\-client client-id
   22: .OP \-\-secret password
   23: .OP \-\-mutual
   24: .OP \-\-options filename
   25: .OP \-\-quiet
   26: .OP \-\-debug level
   27: .YS
   28: .
   29: .SY "pt-tls-client"
   30: .B \-h
   31: |
   32: .B \-\-help
   33: .YS
   34: .
   35: .SH "DESCRIPTION"
   36: .
   37: .B pt-tls-client
   38: is a simple client using the PT-TLS (RFC 6876) transport protocol to collect
   39: integrity measurements on the client platform. PT-TLS does an initial TLS
   40: handshake with certificate-based server authentication and optional
   41: certificate-based client authentication.  Alternatively simple password-based
   42: SASL client authentication protected by TLS can be used.
   43: .P
   44: Attribute requests and integrity measurements are exchanged via the PA-TNC (RFC
   45: 5792) message protocol between any number of Integrity Measurement Verifiers
   46: (IMVs) residing on the remote PT-TLS server and multiple Integrity Measurement
   47: Collectors (IMCs) loaded dynamically by the PT-TLS client according to a list
   48: defined by \fI/etc/tnc_config\fR. PA-TNC messages that contain one or several
   49: PA-TNC attributes are multiplexed into PB-TNC (RFC 5793) client or server data
   50: batches which in turn are transported via PT-TLS.
   51: .
   52: .SH "OPTIONS"
   53: .
   54: .TP
   55: .B "\-h, \-\-help"
   56: Prints usage information and a short summary of the available commands.
   57: .TP
   58: .BI "\-c, \-\-connect " hostname\fR|\fIaddress
   59: Set the hostname or IP address of the PT-TLS server.
   60: .TP
   61: .BI "\-p, \-\-port " port
   62: Set the port of the PT-TLS server, default: 271.
   63: .TP
   64: .BI "\-x, \-\-cert " file
   65: Set the path to an X.509 certificate file. This option can be repeated to load
   66: multiple client and CA certificates.
   67: .TP
   68: .BI "\-X, \-\-certid " hex
   69: Set the handle of the certificate stored in a smartcard or a TPM 2.0 Trusted
   70: Platform Module.
   71: .TP
   72: .BI "\-k, \-\-key " file
   73: Set the path to the client's PKCS#1 or PKCS#8 private key file
   74: .TP
   75: .BI "\-t, \-\-key\-type " type
   76: Define the type of the private key if stored in PKCS#1 format. Can be omitted
   77: with PKCS#8 keys.
   78: .TP
   79: .BI "\-K, \-\-keyid " hex
   80: Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted
   81: Platform Module.
   82: .TP
   83: .BI "\-i, \-\-client " client-id
   84: Set the username or client ID of the client required for password-based SASL
   85: authentication.
   86: .TP
   87: .BI "\-s, \-\-secret " password
   88: Set the preshared secret or client password required for password-based SASL
   89: authentication.
   90: .TP
   91: .B "\-q, \-\-mutual
   92: Enable mutual attestation between PT-TLS client and PT-TLS server.
   93: .TP
   94: .BI "\-v, \-\-debug " level
   95: Set debug level, default: 1.
   96: .TP
   97: .B "\-q, \-\-quiet
   98: Disable debug output to stderr.
   99: .TP
  100: .BI "\-+, \-\-options " file
  101: Read command line options from \fIfile\fR.
  102: .
  103: .SH "EXAMPLES"
  104: .
  105: Connect to a PT-TLS server using certificate-based authentication,
  106: storing the private ECDSA key in a file:
  107: .PP
  108: .EX
  109:   pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\
  110:                 \-\-cert client.crt \-\-key client.key \-\-key\-type ecdsa
  111: .EE
  112: .PP
  113: Connect to a PT-TLS server using certificate-based authentication,
  114: storing the private key in a smartcard or a TPM 2.0 Trusted Platform Module:
  115: .PP
  116: .EX
  117:   pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\
  118:                 \-\-cert client.crt \-\-keyid 0x81010002
  119: .EE
  120: .PP
  121: Connect to a PT-TLS server listening on port 443, using SASL password-based
  122: authentication:
  123: .PP
  124: .EX
  125:   pt-tls-client \-\-connect pdp.example.com --port 443 \-\-cert ca.crt \\
  126:                 \-\-client jane \-\-password p2Nl9trKlb
  127: .EE
  128: .SH FILES
  129: .TP
  130: /etc/tnc_config
  131: .
  132: .SH "SEE ALSO"
  133: .
  134: .BR strongswan.conf (5)
  135:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>