FreeBSD Manual Pages
NVME-TLS-KEY(1) NVMe Manual NVME-TLS-KEY(1) NAME nvme-tls-key - Manage NVMe TLS PSKs SYNOPSIS nvme tls-key [--keyring=<name> | -k <name>] [--keytype=<type> | -t <type>] [--keyfile=<file> | -f <file>] [--import | -i] [--export | -e] [--revoke=<description>| -r <description>] [--verbose | -v] DESCRIPTION Import, export or remove NVMe TLS pre-shared keys (PSKs) from the system keystore. When the --export option is given, all NVMe TLS PSKs are exported in the form <descriptions> <psk> where <description> is the key description from the exported key and <psk> is the key data in PSK interchange format NVMeTLSkey-1:01:<base64 encoded data>:. Each key is exported in a single line. When the --import option is given key data is read in the same format and imported into the kernel keystore. OPTIONS -k <name>, --keyring=<name> Name of the keyring into which the retained TLS key should be stored. Default is .nvme. -t <type>, --keytype=<type> Type of the key for resulting TLS key. Default is psk. -f <file>, --keyfile=<file> File to read the keys from or write the keys to instead of stdin / stdout. -i, --import Read the key data from the file specified by --keyfile or stdin if not present. -e, --export Write the key data to the file specified by --keyfile or stdout if not present. -r <description>, --revoke=<description> Revoke a key from a keyring. -v, --verbose Increase the information detail in the output. EXAMPLES • Create a new TLS key and insert it directly into the .nvme keyring: # nvme gen-tls-key -i -n hostnqn0 -c subsys0 NVMeTLSkey-1:01:/b9tVz2OXJVISnoFgrPAygyS86XYJWkAapQeULns6PMpM8wv: Inserted TLS key 26b3260e • Export previously created key from the kernel keyring and store it into a file # nvme tls-key -e -f nvme-tls-keys.txt • Export/list all keys from the .nvme keyring using nvme and keyctl # nvme tls-key --export NVMe0R01 hostnqn0 subsys0 NVMeTLSkey-1:01:/b9tVz2OXJVISnoFgrPAygyS86XYJWkAapQeULns6PMpM8wv: # keyctl show Session Keyring 573249525 --alswrv 0 0 keyring: _ses 353599402 --alswrv 0 65534 \_ keyring: _uid.0 475911922 ---lswrv 0 0 \_ keyring: .nvme 649274894 --als-rv 0 0 \_ psk: NVMe0R01 hostnqn0 subsys0 • Revoke a key using the description and verifying with keyctl the operation # nvme tls-key --revoke="NVMe0R01 hostnqn0 subsys0" # keyctl show Session Keyring 573249525 --alswrv 0 0 keyring: _ses 353599402 --alswrv 0 65534 \_ keyring: _uid.0 475911922 ---lswrv 0 0 \_ keyring: .nvme 649274894: key inaccessible (Key has been revoked) • Import back previously generated key from file and verify with keyctl # nvme tls-key --import -f nvme-tls-keys.txt # keyctl show Session Keyring 573249525 --alswrv 0 0 keyring: _ses 353599402 --alswrv 0 65534 \_ keyring: _uid.0 475911922 ---lswrv 0 0 \_ keyring: .nvme 734343968 --als-rv 0 0 \_ psk: NVMe0R01 hostnqn0 subsys0 NVME Part of the nvme-user suite NVMe 10/31/2024 NVME-TLS-KEY(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | NVME
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=nvme-tls-key&sektion=1&manpath=FreeBSD+Ports+15.0>