This file is indexed.

/usr/share/doc/monotone/html/Key-and-Cert.html is in monotone-doc 1.1-7.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- Created by GNU Texinfo 6.0, http://www.gnu.org/software/texinfo/ -->
<head>
<title>monotone documentation: Key and Cert</title>

<meta name="description" content="monotone documentation: Key and Cert">
<meta name="keywords" content="monotone documentation: Key and Cert">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="General-Index.html#General-Index" rel="index" title="General Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Command-Reference.html#Command-Reference" rel="up" title="Command Reference">
<link href="Packet-I_002fO.html#Packet-I_002fO" rel="next" title="Packet I/O">
<link href="Variables.html#Variables" rel="prev" title="Variables">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nocodebreak {white-space: nowrap}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: serif; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>
<link rel="stylesheet" type="text/css" href="texinfo.css">


</head>

<body lang="en">
<a name="Key-and-Cert"></a>
<div class="header">
<p>
Next: <a href="Packet-I_002fO.html#Packet-I_002fO" accesskey="n" rel="next">Packet I/O</a>, Previous: <a href="Variables.html#Variables" accesskey="p" rel="prev">Variables</a>, Up: <a href="Command-Reference.html#Command-Reference" accesskey="u" rel="up">Command Reference</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="General-Index.html#General-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Key-and-Cert-1"></a>
<h3 class="section">4.8 Key and Cert</h3>

<dl compact="compact">
<dd><a name="mtn-cert"></a></dd>
<dt><code>mtn cert <var>selector</var> <var>certname</var> [<var>certval</var>]</code>
<a name="index-mtn-cert-selector-certname-_005bcertval_005d"></a>
</dt>
<dd>
<p>Create a new certificate with name <var>certname</var>, for all
revisions matching <var>selector</var> (see <a href="Selectors.html#Selectors">Selectors</a>).
</p>
<p>If <var>certval</var> is provided, it is the value of the certificate.
Otherwise the certificate value is read from <code>stdin</code>.
</p>
<a name="mtn-dropkey"></a></dd>
<dt><code>mtn dropkey <var>keyid</var></code>
<a name="index-mtn-dropkey-keyid"></a>
</dt>
<dd><p>Drop the public and/or private key. This command should be used with
caution as changes are irreversible without a backup of the key(s)
that were dropped.
</p>
</dd>
<dt><code>mtn genkey <var>keyid</var></code>
<a name="index-mtn-genkey-keyid"></a>
</dt>
<dd><p>This command generates an <small>RSA</small> public/private key pair, using a
system random number generator, and stores it in your keystore under
the key name <var>keyid.keyhash</var>.  The key&rsquo;s hash is printed out after
the key has been created.
</p>
<p>The private half of the key is stored in an encrypted form, so that
anyone who can read your keystore cannot extract your private key and
use it.  You must provide a passphrase for your key when it is
generated, which is used to determine the encryption key. In the
future you will need to enter this passphrase again each time you sign
a certificate, which happens every time you <code>commit</code> to your
database. You can tell monotone to automatically use a certain
passphrase for a given key using the
<code>get_passphrase(<var>key_identity</var>)</code> (see <a href="User-Defaults.html#get_005fpassphrase">get_passphrase</a>),
but this significantly increases the risk of a key compromise on your
local computer. Be careful using this hook.
</p>
<p>Another way to avoid entering the private key passphrase each time it
is needed is to export it to ssh-agent; see <a href="#mtn-ssh_005fagent_005fexport">mtn ssh_agent_export</a>, <a href="#mtn-ssh_005fagent_005fadd">mtn ssh_agent_add</a>.
</p>
<p>The public key is stored in the database; the public and private keys
are stored in the keystore. This allows copying the database without
copying the private key.
</p>
<p>The location of the keystore is specified by <samp>--keydir</samp>; it
defaults to the value stored in <samp>_MTN/options</samp> for commands
executed in a workspace, or to the system default
(<samp>$HOME/.monotone/keys</samp> on Unix and Cygwin,
<samp>%APPDATA%/monotone/keys</samp> on native Win32).
</p>
</dd>
<dt><code>mtn passphrase <var>keyid</var></code>
<a name="index-mtn-passphrase-keyid"></a>
</dt>
<dd><p>This command lets you change the passphrase of the private half of the
key <var>id</var>.
</p>
<a name="mtn-ssh_005fagent_005fadd"></a></dd>
<dt><code>mtn ssh_agent_add</code>
<a name="index-mtn-ssh_005fagent_005fadd"></a>
</dt>
<dd><p>This command will add your monotone keys to your current ssh-agent session.
You will be asked for the passphrase for each of your monotone private keys
and they will be added to the ssh-agent. Once this is done you should be able
to type <em>ssh-add -l</em> and see your monotone key listed. When you
subsequently use these keys through monotone it will use ssh-agent for signing
without asking your for your passphrase.
</p>
<p>On Windows native, monotone only supports the PuTTY ssh-agent
implementation. On Windows Cygwin and Unix, any standard ssh-agent
implementation can be used.
</p>
<p>This command is mainly for use in a session script as monotone will automatically
add your keys to ssh-agent on first use if it is available. For example the
following two examples are equivalent:
</p>
<div class="smallexample">
<pre class="smallexample">$ mtn ssh_agent_add
enter passphrase for key ID [user@example.com]:
$ mtn ci -m&quot;Changed foo to bar&quot;
$ mtn push -k user@example.com
</pre></div>

<div class="smallexample">
<pre class="smallexample">$ mtn ci -m&quot;Changed foo to bar&quot;
enter passphrase for key ID [user@example.com]:
$ mtn push -k user@example.com
</pre></div>

<p>In the second example, monotone automatically added the key to ssh-agent, making
entering the passphrase not needed during the push.
</p>
<a name="mtn-ssh_005fagent_005fexport"></a></dd>
<dt><code>mtn ssh_agent_export [<var>filename</var>]</code>
<a name="index-mtn-ssh_005fagent_005fexport-_005bfilename_005d"></a>
</dt>
<dd>
<p>This command will export your private key in a format that ssh-agent
can read (PKCS8, PEM), to <var>filename</var> (defaults to standard
output). You will be asked for your current key&rsquo;s monotone password
and a new password to encrypt the key with (the ssh passphrase). The
key will be printed to stdout. Once you have put this key in a file
simply add it to ssh-agent and you will only have to enter your key
password once as ssh-agent will cache the key for you.
</p>
<div class="smallexample">
<pre class="smallexample">$ mtn ssh_agent_export ~/.ssh/id_monotone
enter passphrase for key ID [user@example.com] (1234abcd...):
enter new passphrase for key ID [user@example.com] (1234abcd...):
confirm passphrase for key ID [user@example.com] (1234abcd...):
$ chmod 600 ~/.ssh/id_monotone
$ ssh-agent /bin/bash
$ ssh-add ~/.ssh/id_monotone
Enter passphrase for /home/user/.ssh/id_monotone:
Identity added: /home/user/.ssh/id_monotone (/home/user/.ssh/id_monotone)
$ mtn ci -m&quot;Changed foo to bar&quot;
$ mtn push -k user@example.com
</pre></div>

<p>You can also use the <samp>--ssh-sign</samp> option to control whether ssh-agent will
be used for signing. If set to <em>yes</em>, ssh-agent will be used to sign. If your
key has not been added to ssh-agent monotone will fall back to its internal signing
code and ask you for your password. If set to <em>only</em>, monotone will sign only
with ssh-agent. If set to <em>no</em>, monotone will always use its internal signing
code even if ssh-agent is running and has your monotone key loaded. If set to
<em>check</em>, monotone will sign with both ssh-agent (if your key is loaded into
it) and monotone&rsquo;s internal signing code, then compare the results. <em>check</em>
will be removed at some future time as it is meant only for testing and will not
work with all signing algorithms.
</p>
</dd>
<dt><code>mtn trusted <var>id</var> <var>certname</var> <var>certval</var> <var>signers</var></code>
<a name="index-mtn-trusted-id-certname-certval-signers"></a>
</dt>
<dd><p>This command lets you test your revision trust hook
<a href="Trust-Evaluation-Hooks.html#get_005frevision_005fcert_005ftrust">get_revision_cert_trust</a>.  You pass it a revision ID (see
<a href="Selectors.html#Selectors">Selectors</a>), a certificate name, a certificate value, and one or
more key IDs or key names, and it will tell you whether, under your
current settings, Monotone would trust a cert on that revision with
that value signed by those keys.
</p>
<p>The specified keys must exist either in your keystore or in the database.
</p>
</dd>
</dl>

<hr>
<div class="header">
<p>
Next: <a href="Packet-I_002fO.html#Packet-I_002fO" accesskey="n" rel="next">Packet I/O</a>, Previous: <a href="Variables.html#Variables" accesskey="p" rel="prev">Variables</a>, Up: <a href="Command-Reference.html#Command-Reference" accesskey="u" rel="up">Command Reference</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="General-Index.html#General-Index" title="Index" rel="index">Index</a>]</p>
</div>



</body>
</html>