Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
ROSENPASS(1)		    General Commands Manual		  ROSENPASS(1)

NAME
       rosenpass -- builds post-quantum-secure VPNs

SYNOPSIS
       rosenpass [COMMAND] [OPTIONS ...] [ARGS ...]

DESCRIPTION
       rosenpass  performs cryptographic key exchanges that are	secure against
       quantum-computers and then outputs the keys.  These keys	 can  then  be
       passed to various services, such	as wireguard or	other vpn services, as
       pre-shared-keys to achieve security against attackers with quantum com-
       puters.

       This is a research project and quantum computers	are not	thought	to be-
       come  practical	in  fewer than ten years.  If you are not specifically
       tasked with developing post-quantum secure systems, you probably	do not
       need this tool.

   COMMANDS
       keygen private-key <file-path> public-key <file-path>
	       Generate	a keypair to use in the	exchange command later.	  Send
	       the  public-key file to your communication partner and keep the
	       private-key file	secret!

       exchange	private-key <file-path>	public-key <file-path> [OPTIONS] PEERS
	       Start a process to exchange keys	with the specified peers.  You
	       should specify at least one peer.

	       Its OPTIONS are as follows:

	       listen <ip>[:<port>]
		       Instructs rosenpass to listen on	the  specified	inter-
		       face  and  port.	  By default, rosenpass	will listen on
		       all interfaces and select a random port.

	       verbose
		       Extra logging.

   PEER
       Each PEER is defined as follows:	"peer public-key <file-path> [endpoint
       <ip>[:<port>]]  [preshared-key	<file-path>]   [outfile	  <file-path>]
       [wireguard <dev>	<peer> <extra_params>]"

       Providing  a  PEER  instructs rosenpass to exchange keys	with the given
       peer and	write the resulting PSK	into the given output file.  You  must
       either specify the outfile or wireguard output option.

       The parameters of PEER are as follows:

       endpoint	<ip>[:<port>]
	       Specifies the address where the peer can	be reached.  This will
	       be  automatically  updated  after  the first successful key ex-
	       change with the peer.  If this is unspecified,  the  peer  must
	       initiate	the connection.

       preshared-key <file-path>
	       You  may	 specify a pre-shared key which	will be	mixed into the
	       final secret.

       outfile <file-path>
	       You may specify a file to write the exchanged keys to.  If this
	       option is specified, rosenpass will  write  a  notification  to
	       standard	out every time the key is updated.

       wireguard <dev> <peer> <extra_params>
	       This  allows you	to directly specify a wireguard	peer to	deploy
	       the pre-shared-key to.  You may specify	extra  parameters  you
	       would  pass  to	"wg  set"  besides the preshared-key parameter
	       which is	used by	rosenpass.  This  makes	 it  possible  to  add
	       peers entirely from rosenpass.

EXIT STATUS
       The rosenpass utility exits 0 on	success, and >0	if an error occurs.

SEE ALSO
       rp(1), wg(1)

STANDARDS
       This  tool  is  the reference implementation of the Rosenpass protocol,
       written by Karolin  Varner,  Benjamin  Lipp,  Wanja  Zaeske,  and  Lisa
       Schmidt.

AUTHORS
       Rosenpass  was  created by Karolin Varner, Benjamin Lipp, Wanja Zaeske,
       Marei Peischl, Stephan Ajuvo, and Lisa Schmidt.

       This manual page	was written by Emil Engler

BUGS
       The bugs	are tracked at https://github.com/rosenpass/rosenpass/issues.

FreeBSD	Ports 14.quarterly	  $Mdocdate$			  ROSENPASS(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rosenpass&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help