IPSEC_NEWHOSTKEY(8) | Executable programs | IPSEC_NEWHOSTKEY(8) |
NAME¶
ipsec_newhostkey - generate a new raw RSA authentication key for a host
SYNOPSIS¶
ipsec newhostkey [[--quiet] | [--verbose]] [--nssdirnssdir] [--password password] [--bits bits] [--curve curve] [--keytype rsa|ecdsa] [--seeddev device]
DESCRIPTION¶
newhostkey generates an RSA public/private key pair suitable for authenticating this host is generated and stored in the NSS database.
See ipsec_showhostkey(8) for how to extract the public key from the NSS database.
Output Options¶
--quiet
--nssdir nssdir
--password password
--bits bits
--curve curve
--keytype rsa|ecdsa
--seeddev device
FILES¶
/dev/random, /dev/urandom
SEE ALSO¶
HISTORY¶
Originally written for the Linux FreeS/WAN project <https://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters
BUGS¶
As with rsasigkey, the run time is difficult to predict, since depletion of the system's randomness pool can cause arbitrarily long waits for random bits for seeding the NSS library, and the prime-number searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec_rsasigkey(8) .
AUTHOR¶
Paul Wouters
04/11/2024 | libreswan |