Next: , Previous: Informative, Up: Command Reference


5.5 Key and Cert Trust

mtn genkey keyid
This command generates an rsa public/private key pair, using a system random number generator, and stores it in your keystore under the key name keyid.

The private half of the key is stored in an encrypted form, so that anyone who can read your keystore cannot extract your private key and use it. You must provide a passphrase for your key when it is generated, which is used to determine the encryption key. In the future you will need to enter this passphrase again each time you sign a certificate, which happens every time you commit to your database. You can tell monotone to automatically use a certain passphrase for a given key using the get_passphrase(keypair_id), but this significantly increases the risk of a key compromise on your local computer. Be careful using this hook.

mtn dropkey keyid
This command drops the public and/or private key. If both exist, both are dropped, if only one exists, it is dropped. This command should be used with caution as changes are irreversible without a backup of the key(s) that were dropped.
mtn chkeypass id
This command lets you change the passphrase of the private half of the key id.
mtn trusted id certname certval signers
This command lets you test your revision trust hook get_revision_cert_trust (see Hook Reference). You pass it a revision ID, a certificate name, a certificate value, and one or more key IDs, and it will tell you whether, under your current settings, Monotone would trust a cert on that revision with that value signed by those keys.