Provided by: ekeyd_1.1.5-8_amd64 bug

NAME
       ekeyd.conf - entropy key configuration


SYNOPSIS
       /etc/entropykey/resolv.conf


DESCRIPTION
       The ekeyd daemon allows Entropy Keys to transfer their random data to the kernels random pool. The daemon
       configuration file is a series of statements each controlling an aspect of the daemons operation.

       If this file does not exist the daemon will not start.

       The different configuration options are:

       TCPControlSocket TCP port number to listen on.
              The daemon can be controlled using a TCP network connection. Any number of control connections may
              be  made  by  repeating  this  statement with differnt port numbers, there is no authentication or
              protection against clients which connet to this interface. The socket is always bound to localhost
              (127.0.0.1).

       UnixControlSocket UNIX domain socket to use.
              The  daemon  is  typically  controlled  using  a   unix   domain   socket   (/var/run/ekeyd.sock).
              Authentication is as for any file on a UNIX filesystem.

       Keyring The keyring file to use.
              The Entropy Key encrypts the data it sends to the host. To successfully decrypt this data the host
              requires the current encryption key. The keyring is a file containing a list of serial numbers and
              encryption keys. The keyring is generally updated using the ekey-lt-rekey(8) tool.

       SetOutputToKernel bits per byte to add to kernel pool.
              The Kernel maintains an entropy pool into which the ekeyd(8) injects the entropy gathered from the
              Entropy  Keys.  The  data gathered from the Entropy Keys may be considered to have one shannon per
              bit so every bit gathered from the devices may be injected  into  the  kernel  pool.  However,  by
              default, to be conservative only seven of eight bits are entered into the kernel pool.

       EGDUnixSocket UNIX domain socket to use
              In this mode, which is mutually exclusive with the SetOutputToKernel output mode, ekeyd(8) gathers
              the  entropy  from  the  attached  Entropy Keys and presents an EGD(8) compatible interface on the
              named UNIX domain socket to access the data. This may optionally take an  octal  mode  string  and
              username  and  group  to  chmod  and chown the socket to. If you do not wish to change the user or
              group, use empty strings. You cannot change the user/group without also providing a  mode  string.
              The default is to leave the user/group alone and set the socket to mode 0600

       EGDTCPSocket TCP port number to listen on.
              In this mode, which is mutually exclusive with the SetOutputToKernel output mode, ekeyd(8) gathers
              the entropy from the attached Entropy Keys and presents an EGD(8) compatible interface on a socket
              on the specified port to access the data. The socket is bound to localhost (127.0.0.1) by default,
              but  a second optional string parameter can be used to specify a different IP address, so that the
              EGD protocol is exported more widely (e.g. for egd-linux to read from another machine).

       AddEntropyKey Device node of entropy key.
              Add an Entropy key to be managed by the ekeyd(8) daemon. The encryption key for the  added  device
              should be available in the keyring.

       AddEntropyKeys Directory of device nodes of entropy keys.
              Adds  one  or  more  Entropy keys to be managed by the ekeyd(8) daemon. The encryption key for the
              added devices should be available in the keyring. This is generally set to  /dev/entropykey  which
              is the location the default UDEV rules create symbolic links.


FILES
       /etc/entropykey/resolv.conf, /var/run/ekeyd.sock, /dev/entropykey


SEE ALSO
       ekeyd(8), ekeydctl(8), ekey-lt-rekey(8)


AUTHOR
       Copyright © 2009 Simtec Electronics.  All rights reserved.

       Permission  is  hereby  granted,  free  of  charge,  to  any person obtaining a copy of this software and
       associated documentation files (the "Software"), to deal in the Software without  restriction,  including
       without  limitation  the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
       copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to  the
       following conditions:

       The  above  copyright  notice  and  this permission notice shall be included in all copies or substantial
       portions of the Software.

       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR  IMPLIED,  INCLUDING  BUT  NOT
       LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
       EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
       IN  AN  ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
       THE USE OR OTHER DEALINGS IN THE SOFTWARE.

                                                   2009-07-21                                      EKEYD.CONF(5)