diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2011-12-14 17:41:07 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2011-12-14 17:46:27 +0100 |
| commit | 6d4c6b8f41fdb429d6fe55a1335cc93bf43a36c8 (patch) | |
| tree | b870d0a74f85b17f98a22e3706cd5e45b51d6199 /man/ipsec.secrets.5.in | |
| parent | 3eff54a5ca6784c7c3fb1d184f75d2546548e383 (diff) | |
| download | strongswan-6d4c6b8f41fdb429d6fe55a1335cc93bf43a36c8.tar.bz2 strongswan-6d4c6b8f41fdb429d6fe55a1335cc93bf43a36c8.tar.xz | |
Documented binary secrets in ipsec.secrets(5) man page.
Diffstat (limited to 'man/ipsec.secrets.5.in')
| -rw-r--r-- | man/ipsec.secrets.5.in | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in index 875b8e219..aa1b5c9c1 100644 --- a/man/ipsec.secrets.5.in +++ b/man/ipsec.secrets.5.in @@ -1,4 +1,4 @@ -.TH IPSEC.SECRETS 5 "2010-05-30" "@IPSEC_VERSION@" "strongSwan" +.TH IPSEC.SECRETS 5 "2011-12-14" "@IPSEC_VERSION@" "strongSwan" .SH NAME ipsec.secrets \- secrets for IKE/IPsec authentication .SH DESCRIPTION @@ -124,12 +124,17 @@ whitespace). .SS TYPES OF SECRETS .TP .B [ <selectors> ] : PSK <secret> -A preshared secret is most conveniently represented as a sequence of -characters, delimited by double-quote characters (\fB"\fP). -The sequence cannot contain a newline or double-quote. -Strictly speaking, the secret is actually the sequence -of bytes that is used in the file to represent the sequence of -characters (excluding the delimiters). +A preshared \fIsecret\fP is most conveniently represented as a sequence of +characters, which is delimited by double-quote characters (\fB"\fP). +The sequence cannot contain newline or double-quote characters. +.br +Alternatively, preshared secrets can be represented as hexadecimal or Base64 +encoded binary values. A character sequence beginning with +.B 0x +is interpreted as sequence of hexadecimal digits. +Similarly, a character sequence beginning with +.B 0s +is interpreted as Base64 encoded binary data. .TP .B [ <selectors> ] : RSA <private key file> [ <passphrase> | %prompt ] .TQ @@ -142,12 +147,12 @@ can be used which then causes the daemons to ask the user for the password whenever it is required to decrypt the key. .TP .B <user id> : EAP <secret> -As with \fBPSK\fP secrets the \fIsecret\fP is a sequence of characters, -delimited by double-quote characters (\fB"\fP). +The format of \fIsecret\fP is the same as that of \fBPSK\fP secrets. .br \fBEAP\fP secrets are IKEv2 only. .TP .B [ <servername> ] <username> : XAUTH <password> +The format of \fIpassword\fP is the same as that of \fBPSK\fP secrets. \fBXAUTH\fP secrets are IKEv1 only. .TP .B : PIN <smartcard selector> <pin code> | %prompt |