nvme-cli/Documentation/nvme-check-tls-key.txt

nvme-check-tls-key(1)
========================

NAME
----
nvme-check-tls-key - Check a generated NVMe TLS PSK

SYNOPSIS
--------
[verse]
'nvme check-tls-key' [--keyring=<name> | -k <name>]
			[--keytype=<type> | -t <type>]
			[--hostnqn=<nqn> | -n <nqn>]
			[--subsysnqn=<nqn> | -c <nqn>]
			[--keydata=<key> | -d <key>]
			[--output-format=<fmt> | -o <fmt>]
			[--identity=<id-vers> | -I <id-vers>]
			[--insert | -i ]
			[--keyfile=<keyfile> | -f <keyfile>]
			[--verbose | -v]

DESCRIPTION
-----------
Checks if the key is a valid NVMe TLS PSK in the PSK interchange format
'NVMeTLSkey-1:01:<base64-encoded data>:'. If '--insert' is specified the
the derived 'retained' TLS key is stored in the keyring, otherwise the
TLS identity of the key is printed out.

OPTIONS
-------
-k <name>::
--keyring=<name>::
	Name of the keyring into which the 'retained' TLS key should be
	stored. Default is '.nvme'.

-t <type>::
--keytype=<type>::
	Type of the key for resulting TLS key.
	Default is 'psk'.

-n <nqn>::
--hostnqn=<nqn>::
	Host NVMe Qualified Name (NQN) to be used to derive the
	'retained' TLS key

-c <nqn>::
--subsysnqn=<nqn>::
	Subsystem NVMe Qualified Name (NQN) to be used to derive the
	'retained' TLS key

-d <key>::
--keydata=<key>::
	Key to be checked.

-I <id-vers>::
--identity=<id-vers>::
	NVMe TLS key identity version to be used; '0' for the default
	identity, and '1' for the TLS identity suffixed by the PSK hash
	as specified in TP8018.

-i:
--insert:
	Insert the derived 'retained' key in the keyring.

-f <keyfile>
--keyfile=<keyfile>
	Append the resulting TLS key to keyfile. This command line option is
	depending on --insert.

-o <fmt>::
--output-format=<fmt>::
	Set the reporting format to 'normal', 'json' or 'binary'. Only one
	output format can be used at a time.

-v::
--verbose::
	Increase the information detail in the output.

EXAMPLES
--------
No Examples

NVME
----
Part of the nvme-user suite