GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
NVME-TLS-KEY(1) NVMe Manual NVME-TLS-KEY(1)

nvme-tls-key - Manage NVMe TLS PSKs

nvme tls-key [--keyring=<name> | -k <name>]


                        [--keytype=<type> | -t <type>]


                        [--keyfile=<file> | -f <file>]


                        [--import | -i] [--export | -e]


                        [--revoke=<description>| -r <description>]


                        [--verbose | -v]

Import, export or remove NVMe TLS pre-shared keys (PSKs) from the system keystore. When the --export option is given, all NVMe TLS PSKs are exported in the form

<descriptions> <psk>

where <description> is the key description from the exported key and <psk> is the key data in PSK interchange format NVMeTLSkey-1:01:<base64 encoded data>:. Each key is exported in a single line. When the --import option is given key data is read in the same format and imported into the kernel keystore.

-k <name>, --keyring=<name>

Name of the keyring into which the retained TLS key should be stored. Default is .nvme.

-t <type>, --keytype=<type>

Type of the key for resulting TLS key. Default is psk.

-f <file>, --keyfile=<file>

File to read the keys from or write the keys to instead of stdin / stdout.

-i, --import

Read the key data from the file specified by --keyfile or stdin if not present.

-e, --export

Write the key data to the file specified by --keyfile or stdout if not present.

-r <description>, --revoke=<description>

Revoke a key from a keyring.

-v, --verbose

Increase the information detail in the output.

•Create a new TLS key and insert it directly into the .nvme keyring: 

# nvme gen-tls-key -i -n hostnqn0 -c subsys0
NVMeTLSkey-1:01:/b9tVz2OXJVISnoFgrPAygyS86XYJWkAapQeULns6PMpM8wv:
Inserted TLS key 26b3260e

•Export previously created key from the kernel keyring and store it into a file 

# nvme tls-key -e -f nvme-tls-keys.txt

•Export/list all keys from the .nvme keyring using nvme and keyctl 

# nvme tls-key --export
NVMe0R01 hostnqn0 subsys0 NVMeTLSkey-1:01:/b9tVz2OXJVISnoFgrPAygyS86XYJWkAapQeULns6PMpM8wv:
# keyctl show
Session Keyring


 573249525 --alswrv      0     0  keyring: _ses


 353599402 --alswrv      0 65534   \_ keyring: _uid.0


 475911922 ---lswrv      0     0   \_ keyring: .nvme


 649274894 --als-rv      0     0       \_ psk: NVMe0R01 hostnqn0 subsys0

•Revoke a key using the description and verifying with keyctl the operation 

# nvme tls-key --revoke="NVMe0R01 hostnqn0 subsys0"
# keyctl show
Session Keyring


 573249525 --alswrv      0     0  keyring: _ses


 353599402 --alswrv      0 65534   \_ keyring: _uid.0


 475911922 ---lswrv      0     0   \_ keyring: .nvme
649274894: key inaccessible (Key has been revoked)

•Import back previously generated key from file and verify with keyctl 

# nvme tls-key --import -f nvme-tls-keys.txt
# keyctl show
Session Keyring


 573249525 --alswrv      0     0  keyring: _ses


 353599402 --alswrv      0 65534   \_ keyring: _uid.0


 475911922 ---lswrv      0     0   \_ keyring: .nvme


 734343968 --als-rv      0     0       \_ psk: NVMe0R01 hostnqn0 subsys0

Part of the nvme-user suite

10/31/2024 NVMe
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.