The computed public checking key is put in the public directory, and associated with the given userName. The randomly generated machine key is put into the private directory under the user's login id, with access by anyone other than the user denied. An attempt to create a new public key when the user already has an existing public key is an error. If the user wishes to change keys, it is first necessary to destroy the existing machine key with "destroyoldkey".
-sN The security size is set to N. Default is 2 (64 bits of security). Greater security can be provided by setting this parameter to 3 (96 bits of security) or 4 (128 bits of security).
-pN The parameter size is set to N. Default is 2 (64-bit parameters). Increasing the parameter size does not significantly improve security.
-nN The size of internal sub-trees is set to N, where N must be a power of 2. Default is 32. Influences signature size and signing/checking time. Does not influence security.
-bN The number of bits per verifier is set to N. Default is 4. Don't ask what it does. Influences signature size and signing/checking time. Does not influence security.
-hMethod The one-way hash function method is set as specified. Options in the current implementation are: md4, snefru3, or snefru4. These correspond to the RSA Data Security, Inc. MD4 Message Digest Algorithm; the three-pass version of Snefru, and the four-pass version of Snefru respectively. Affects signing/checking time and security.
-dDir The directory into which the generated public key is placed is changed to Dir.
Creates a public key and puts it into the default public key directory. Also creates a random machine key and puts it into the default private directory. The actual "secret signing key" is generated by combining the machine key and the user key.
makepublickey -dlocalDir -hmd4 XYZZY "M. Mouse"
Creates a public key and puts it into the local directory "localDir" (which must already exist). This is useful when the standard public directory is read only and public keys cannot be entered into it by unauthorized users. Also creates a random machine key and puts it into the private directory. Also specifies that MD4 is to be used as the one-way hash function. Thus, the security of signed messages rests on the security of MD4, and not on the security of any other one-way hash function. This allows the user to specify whatever one-way hash function they feel is most suited for their particular application. (The default hash algorithm is subject to change without notice. If you want a particular hashing algorithm, specify it. If you aren't sure what you want, just use the default).
A second bug is that the secret key is echoed on the command line, rather than being entered from the terminal with echoing turned off.