forked from altu341com/kpabe
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkpabe-keygen.1
87 lines (78 loc) · 3.07 KB
/
kpabe-keygen.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.37.1.
.TH KPABE-KEYGEN "1" "April 2011" "SRI International" "User Commands"
.SH NAME
kpabe-keygen \- manual page for kpabe-keygen 0.10
.SH SYNOPSIS
.B kpabe-keygen
[\fIOPTION \fR...] \fIPUB_KEY MASTER_KEY \fR[\fIPOLICY\fR]
.SH DESCRIPTION
Generate a key under the decryption policy POLICY using public key
PUB_KEY and master secret key MASTER_KEY. Output will be written to the file
"priv_key" unless the \fB\-o\fR option is specified.
.PP
If POLICY is not specified, the policy will be read from stdin.
.PP
Mandatory arguments to long options are mandatory for short options too.
.TP
\fB\-h\fR, \fB\-\-help\fR
print this message
.TP
\fB\-v\fR, \fB\-\-version\fR
print version information
.TP
\fB\-o\fR, \fB\-\-output\fR FILE
write resulting key to FILE
.TP
\fB\-d\fR, \fB\-\-deterministic\fR
use deterministic "random" numbers
(only for debugging)
.PP
This is free software released under the GPL, see the source for copying
conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
.SH EXAMPLES
A simple policy:
$ kpabe-keygen -o doctor_priv_key pub_key master_key
.br
'medication and cardiac'
.br
^D
A complex policy:
$ kpabe-keygen -o doctor_priv_key pub_key master_key
.br
'sever_level < 4 and 2 of (medication, surgical, cardiac)
.br
^D
.SH "POLICY LANGUAGE"
Policies are specified using simple expressions of the attributes
given to kpabe-keygen (1). The most basic policy consists of a single
such attribute. It will only match keys produced by giving that
attribute (possibly among others) to kpabe-keygen (1).
Another type of policy consists of a comparison between an attribute
name and a non-negative integer. The following comparisons are
allowed: `<', `>', `<=', `>=', and `='. In this case, the attribute
used must be a numerical attribute and specified appropriately to
kpabe-keygen (1) (see its man page for details). Note that a
comparison with an explicit length integer (e.g., "exec_level >= 5#4")
can only match an attribute with the same length (so "exec_level =
8#4" will match but "exec_level = 8#5" will not).
Policies of these two basic types may be combined using the the
keywords `and' and `or' (which may not be used as attributes), as
shown in the first example above. The `and' operator has higher
precedence than `or', and parenthesis may be used to specify other
groupings.
Policies may also be combined using a threshold gate operator, written
as `K of (P1, P2, ... PN)', where K is a positive integer less than or
equal to N, and P1, ... PN are policies. Such a policy will only be
satisfied by a key that satisfies at least K of the policies P1, ...
PN. An example of the threshold gate operator is included as part of
the policy in the second example above.
Note that attribute names are case sensitive and must begin with a
letter, and the keywords `and', `or', and `of' may not be used. Also,
`&' and `|' are synonyms for `and' and `or'.
.SH "REPORTING BUGS"
Report bugs to Yao Zheng <[email protected]>.
.SH "SEE ALSO"
.BR kpabe-setup (1),
.BR kpabe-enc (1),
.BR kpabe-dec (1)