summaryrefslogtreecommitdiff
path: root/man/ipsec.secrets.5.in
diff options
context:
space:
mode:
Diffstat (limited to 'man/ipsec.secrets.5.in')
-rw-r--r--man/ipsec.secrets.5.in23
1 files changed, 14 insertions, 9 deletions
diff --git a/man/ipsec.secrets.5.in b/man/ipsec.secrets.5.in
index 875b8e219..aa1b5c9c1 100644
--- a/man/ipsec.secrets.5.in
+++ b/man/ipsec.secrets.5.in
@@ -1,4 +1,4 @@
-.TH IPSEC.SECRETS 5 "2010-05-30" "@IPSEC_VERSION@" "strongSwan"
+.TH IPSEC.SECRETS 5 "2011-12-14" "@IPSEC_VERSION@" "strongSwan"
.SH NAME
ipsec.secrets \- secrets for IKE/IPsec authentication
.SH DESCRIPTION
@@ -124,12 +124,17 @@ whitespace).
.SS TYPES OF SECRETS
.TP
.B [ <selectors> ] : PSK <secret>
-A preshared secret is most conveniently represented as a sequence of
-characters, delimited by double-quote characters (\fB"\fP).
-The sequence cannot contain a newline or double-quote.
-Strictly speaking, the secret is actually the sequence
-of bytes that is used in the file to represent the sequence of
-characters (excluding the delimiters).
+A preshared \fIsecret\fP is most conveniently represented as a sequence of
+characters, which is delimited by double-quote characters (\fB"\fP).
+The sequence cannot contain newline or double-quote characters.
+.br
+Alternatively, preshared secrets can be represented as hexadecimal or Base64
+encoded binary values. A character sequence beginning with
+.B 0x
+is interpreted as sequence of hexadecimal digits.
+Similarly, a character sequence beginning with
+.B 0s
+is interpreted as Base64 encoded binary data.
.TP
.B [ <selectors> ] : RSA <private key file> [ <passphrase> | %prompt ]
.TQ
@@ -142,12 +147,12 @@ can be used which then causes the daemons to ask the user for the password
whenever it is required to decrypt the key.
.TP
.B <user id> : EAP <secret>
-As with \fBPSK\fP secrets the \fIsecret\fP is a sequence of characters,
-delimited by double-quote characters (\fB"\fP).
+The format of \fIsecret\fP is the same as that of \fBPSK\fP secrets.
.br
\fBEAP\fP secrets are IKEv2 only.
.TP
.B [ <servername> ] <username> : XAUTH <password>
+The format of \fIpassword\fP is the same as that of \fBPSK\fP secrets.
\fBXAUTH\fP secrets are IKEv1 only.
.TP
.B : PIN <smartcard selector> <pin code> | %prompt