csu3_am335x/EVSE/GPL/plc-utils.LNX.2.1.20/source/programs/hpavkey.1

.TH hpavkey 1 "Mar 2014" "plc-utils-2.1.6" "Qualcomm Atheros Powerline Toolkit"

.SH NAME
hpavkey - Qualcomm Atheros HomePlug AV Key Generator

.SH SYNOPSIS
.B hpavkey
.RI [ options ] 
.IR phrase  
.RI [ phrase ] 
[...]

.SH DESCRIPTION
Convert one or more phrases to encrypted \fBHomePlug AV\fR keys.
Phrases are read as command line arguments, converted to either Device Access Keys, Network Membership Keys or Network Identification Keys and printed on stdout.
By default, only keys are printed, one key per line, but keys and phrases can both be printed, one pair per line.

.PP
This program is part of the Intellon Linux Toolkit.
See the \fBilt\fR man page for an overview and installation instructions.

.SH BACKGROUND
HomePlug AV technology makes use of special 16-byte binary values, called "keys", for various purposes such as identity and security.
Three keys of interest to users are the Device Access Key (DAK), the Network Memership Key (NMK) and Network Identification Key (NID).
Their purpose is described in the HomePlug AV Specification.

.PP
The HomePlug AV Specification explains how to generate 16-byte binary DAK, NMK and NID values using the SHA-256 algorithm to hash user-supplied ASCII strings, called "pass phrases" in the specification.
HomePlug AV compliant pass phrases have from 12 to 64 7-bit ASCII character values in the range 0x20 to 0x7F.
In some cases, a specified 8-byte salt is added to the pass phrase before computing the 32-byte hash value.
In all cases, the computed hash is then rehashed a specified number of times to produce the final 32-byte value.
The HomePlug AV key is the lower 16-bytes of that value.

.PP
Keys can be any 16-byte binary value but binary values are difficult to remember.
HomePlug AV applications, such as the Intellon Windows Device Manager, will ask users for a pass phrase that is converted to a 16-byte binary value using a known hashing algorithm.
In principle, no two phrases will product the same key and it would be computationally expensive to derive the pass phrase given the key.
Although HomePlug AV software deals directly with the key, users need only remember the pass phrase in order to reproduce the key.

.SH OPTIONS

.TP
.RB - D
Uses HomePlug AV rules to compute Device Access Keys (DAK) from pass phrases read from file or stdin.
A DAK is 16 bytes expressed as 32 hexadecimal digits.
This option over-rides any \fB-M\fR and \fB-N\fR options previously specified on the command line.

.TP
.RB - e
Enforce HomePlug AV length and content rules for phrases.
Non-compliant phrases are reported and ignored.
Compliant phrases are 12 to 64 7-bit ASCII characters in the range 0x20 (SP) through 0x7F (DEL).
Essentially, this includes any character that can be typed on a standard US or UK keyboard, excluding horizontal tab (HT).
Be aware that some command shells intercept and act on special characters instead of passing them to the application.
In such cases, you may need to include meta characters.

.TP
-\fBL \fIlevel\fR
Set security level.
The security level is encoded into the NID.
Level \fB0\fR enables pushbutton pairing.
Level \fB1\fR disables it.
This option has no effect unless a NID is computed.

.TP
.RB - M
Uses HomePlug AV rules to compute Network Membership Keys (NMK) from pass phrases read from file or stdin.
An NMK is 16 bytes expressed as 32 hexadecimal digits.
This option over-rides any \fB-D\fR or \fB-N\fR options previously specified on the command line.

.TP
.RB - N
Uses HomePlug AV rules to compute Network Identification Keys (NID) from pass phrases read from file or stdin.
A NID is 7 bytes expressed as 14 hexadecimal digits.
This option over-rides any \fB-D\fR or \fB-M\fR options previously specified on the command line.

.TP
.RB - q
Enable quiet mode which, for this application, has no effect.

.TP
.RB - v
Enable verbose mode which, for this application, prints the pass phrase after each key.

.TP
.RB - ? ,-- help
Print program help summary on stdout.
This option takes precedence over other options on the command line.

.TP
.RB - ! ,-- version
Print program version information on stdout.
This option takes precedence over other options on the command line.
Use this option when sending screen dumps to Intellon Technical Support so that they know exactly which version of the Linux Toolkit you are using.

.SH ARGUMENTS

.TP
.BR phrase
A pass phrase to be converted to a DAK, NMK or NID.
More than one pass phrase can be entered on the command line.
Each phrase will be converted to the same type of key and printed in the order specified.
Phrases that contain quotes or special delimiters should be enclosed in quotes or apostrophes.
By default, phrases can be any length and contain any ASCII chracter except ASCII NUL.
Use option \fB-e\fR to enforce HomePlug AV password character and length rules.

.SH EXAMPLES
The following example prints the ordinary SHA256 key for the phrase, "HomePlugAV0123", entered on the command line.
An SHA key is 256 bits or 32 bytes expressed as 64 hexadecimal characters.
SHA256 keys are the default output when no key type is specified.
SHA256 is a public domain standard, not a HomePlug AV standard.

.PP
   # hpavkeys HomePlugAV0123
   EA41A2383355FA7CA3B467DF0848A8EB9C41591BE53696C5F45DDAF621784F07

.PP
The following example prints the DAK for the phrase, "HomePlugAV0123", entered on the command line.

.PP
   # hpavkeys -D HomePlugAV0123
   F084B4E8F6069FF1300C9BDB812367FF

.PP
The following command prints the NMK, instead of the DAK, for the phrase entered on the command line.
The ouput is different because the DAK and NMK are computed differently given the same pass phrase.

.PP
   # hpavkey -M HomePlugAV0123
   B59319D7E8157BA001B018669CCEE30D

.PP
The following command prints the NMK for each phrase entered on the command line.
Notice that spaces are legal and significant.
Phrases containing spaces must be enclosed in quotes.

.PP
   # hpavkey -M HomePlugAV0123 "The quick brown fox jumped over the lazy dog."
   B59319D7E8157BA001B018669CCEE30D
   56F3C7F539D4F8F5EEC00E63F11A8DEC

.PP
The following command prints the NMK and pass phrase for each pass phrase entered on the command line because the verbose option is specified.

.PP
   # hpavkey -v -M HomePlugAV0123 "The quick brown fox jumped over the lazy dog."
   B59319D7E8157BA001B018669CCEE30D HomePlugAV0123
   56F3C7F539D4F8F5EEC00E63F11A8DEC The quick brown fox jumped over the lazy dog.

.PP
\fBhpavkey\fR can be used to compute a key and pass it to another program as an argument.
The \fBmodpib\fR command shown below will edit file \fBexample.pib\fR by replacing the DAK.
The \fB-D\fR option expects a hexadecimal key so we can supply one from the phrase "HomePlugAV0123".

.PP
   # modpid -D $(\fBhpavkey -D HomePlugAV0123\fR) example.pib 

.SH REFERENCES
See the \fBHomePlug AV Specification\fR for more information on encryption keys, pass phrases and hash algorithms used.
See standard \fBFIPS180-2 sec 5.3.2\fR for more information on SHA256 encoding.

.SH DISCLAIMER
Intellon Corporation reserves the right to modify program names, functionality, input format or output format in future toolkit releases without any obligation to notify or compensate toolkit users.

.SH SEE ALSO
.BR hpavkeys ( 1 ),
.BR mac2pw ( 1 ),
.BR mac2pwd ( 1 ),
.BR rkey ( 1 )

.SH CREDITS 
 Charles Maier <cmaier@qca.qualcomm.com>