verify_private_keys reads in private keys and their corresponding shares and checks whether they are consistent.The following command-line options are recognized:
-c <config_file> The configuration file for this program.-s <section> The relevant section of the configuration file. If not provided, the default section will be used.The configuration file must be in OpenSSL's CONF format and should define the following fields:
nhosts The number of servers in the quorum system.nfaults The number of faults to tolerate.private_key_file The PEM file containing the RSA private key.private_key_passwd The password for private_key_file [optional]public_eg_key_file The file containing the ElGamal public key.private_eg_key_file The file containing the ElGamal private key.output_directory The directory in which share files will be stored.Here is an example of a relevant section in a configuration file:
[ verify_keys ]
nhosts = 4
nfaults = 1
public_dir = /etc/CODEX/pubkeys
private_dir = /etc/CODEX/privkeys
private_key_file = ${private_dir}/service.private.pem
private_key_passwd = foobar
public_eg_key_file = ${public_dir}/service.eg.pub
private_eg_key_file = ${private_dir}/service.eg.priv
output_directory = ${private_dir}
The command-line option -s verify_keys would then be supplied to specify that this is the section to load. Note that these configuration options are the same as for split_private_keys, and the same configuration file may be used for both.
1.4.1