nvme-tls-key - Man Page

Manage NVMe TLS PSKs

Synopsis

nvme tls-key [--keyring=<name> | -k <name>]
                        [--keytype=<type> | -t <type>]
                        [--keyfile=<file> | -f <file>]
                        [--import | -i] [--export | -e]
                        [--revoke=<description>| -r <description>]
                        [--verbose | -v]

Description

Import, export or remove NVMe TLS pre-shared keys (PSKs) from the system keystore. When the --export option is given, all NVMe TLS PSKs are exported in the form

<descriptions> <psk>

where <description> is the key description from the exported key and <psk> is the key data in PSK interchange format NVMeTLSkey-1:01:<base64 encoded data>:. Each key is exported in a single line. When the --import option is given key data is read in the same format and imported into the kernel keystore.

Options

-k <name>, --keyring=<name>

Name of the keyring into which the retained TLS key should be stored. Default is .nvme.

-t <type>, --keytype=<type>

Type of the key for resulting TLS key. Default is psk.

-f <file>, --keyfile=<file>

File to read the keys from or write the keys to instead of stdin / stdout.

-i,  --import

Read the key data from the file specified by --keyfile or stdin if not present.

-e,  --export

Write the key data to the file specified by --keyfile or stdout if not present.

-r <description>, --revoke=<description>

Revoke a key from a keyring.

-v,  --verbose

Increase the information detail in the output.

Examples

Nvme

Part of the nvme-user suite

Info

10/31/2024 NVMe Manual