Commands Reference, Volume 1

ctmsskf Command

Purpose

Displays and manages the contents of a message security services (MSS) key file.

Syntax

ctmsskf {-a | -d | -l | -h} [-f key_file] [-t key_type] [-v key_version] [-k key_value]

Description

The ctmsskf command displays and deletes the contents of a message security services (MSS) typed key file. Use this command to list, add, and delete a key from the key file.

When the command adds a key entry to the key file, the following items must be specified:

• the name of the key file where the key is to be added
• the type of the key to add
• optionally, the version of the key to be added to the key file
• the contents of the key in ASCII representation

If the key file specified does not exist, the command creates the file. If the key file is empty (size 0), the command records the header of the file. If the key file exists and is not empty, the command checks to see if the key type provided matches the key type in the header of the file. If the key version is not provided, the command adds the new key to the key file and increments the last key version in the header of the key file. If the key version is provided and it already exists in the key file, the contents of the record representing the key of that version is overwritten. If the key version is provided and there is no record in the key file with that key version, a new record is added. If the key version is greater than the last key version in the header of the key file, the key version in the header file is updated with the key version provided. When writing the key to the key file, the command converts the key value in binary format and saves it in the record.

When the command deletes a key from a key file, the following items must be specified:

• the name of the key file from where the key is to be deleted
• optionally, the type of key to delete
• optionally, the version of the key to delete

If the key specified is empty, does not exist, or does not have a proper header, the command returns an error. If the key type is specified and it does not match the key type in the header of the, the command returns an error. If the key version is specified, the command locates the record corresponding to the version provided and purges it from the file. If there is no such record, the command returns an error. If no key version is provided, the command purges only the records that are marked as inactive.

When the command lists the contents of the file, the following information is displayed:

• the header of the file
• the list of keys in the key file, containing:
  • indication whether the record is inactive
  • the version of the key
  • the type of the key
  • the value of the key in ASCII representation

Flags

-a

Adds a key to the key file. The -f, -k, and -t flags must also be specified.

-d

Deletes a key from the key file. The -f and -v flags must also be specified. If the -t flag is specified, the command checks to see if the type of the key file is the same as the key type provided.

-l

Lists the contents of the key file. The -f flag must also be specified. If the -v flag is specified, the command lists only the key that matches the version number provided.

-f key_file

Specifies the name of the key file. The key file must be a valid key file created by MSS API or by this command.

-t key_type

Specifies the type of the key to add. If the specified key file is not empty, the command checks to see if the key type specified matches the key type in the header of the key file. The valid key type values are: 3des_md5, aes256_md5, des_cbc, des_md5, rsa512_sha, and rsa1024_sha.

-v key_version

Specifies the version of the key.

-k key_version

Specifies the value of the key.

-h

Writes the command's usage statement to standard output.

Security

The file system permission of the key files is determined by the application owning the file. If the invoker doesn't have sufficient authority to open the file, the command fails.

Restrictions

This command works only on MSS-formatted key files.

Standard Output

When the -h flag is specified, this command's usage statement is written to standard output.

Examples

1. To view the keys contained in the key file /my_key_file, enter:

   ctmsskf -l -f /my_key_file

2. To view the key with version 9 from the key file /my_key_file, enter:

   ctmsskf -l -v 9 -f /my_key_file

3. To add a key to the key file /my_key_file, enter:

   ctmsskf -a -t des -f /my_key_file -k 16_digit_value

4. To delete a key from the key file /my_key_file, enter:

   ctmsskf -d -f /my_key_file -v 10

5. To delete all inactive keys in the key file /my_key_file, enter:

   ctmsskf -d -f /my_key_file

Location

/usr/sbin/rsct/bin/ctmsskf

Contains the ctmsskf command

Files

/usr/sbin/rsct/cfg/ctcasd.cfg

Default configuration for the ctcasd daemon

/var/ct/cfg/ctcasd.cfg

Configuration for the ctcasd daemon, which can be modified by the system administrator

/var/ct/cfg/ct_has.pkf

Default location of the cluster security services public key file for the node

/var/ct/cfg/ct_has.qkf

Default location of the cluster security services private key file for the node

/var/ct/cfg/ct_has.thl

Default location of the cluster security services trusted host list for the node

Related Information

Commands: ctskeygen

Files: ctcasd.cfg