Annotation of embedaddon/strongswan/src/pki/man/pki---gen.1.in, revision 1.1
1.1 ! misho 1: .TH "PKI \-\-GEN" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
! 2: .
! 3: .SH "NAME"
! 4: .
! 5: pki \-\-gen \- Generate a new RSA or ECDSA private key
! 6: .
! 7: .SH "SYNOPSIS"
! 8: .
! 9: .SY pki\ \-\-gen
! 10: .OP \-\-type type
! 11: .OP \-\-size bits
! 12: .OP \-\-safe\-primes
! 13: .OP \-\-shares n
! 14: .OP \-\-threshold l
! 15: .OP \-\-outform encoding
! 16: .OP \-\-debug level
! 17: .YS
! 18: .
! 19: .SY pki\ \-\-gen
! 20: .BI \-\-options\~ file
! 21: .YS
! 22: .
! 23: .SY "pki \-\-gen"
! 24: .B \-h
! 25: |
! 26: .B \-\-help
! 27: .YS
! 28: .
! 29: .SH "DESCRIPTION"
! 30: .
! 31: This sub-command of
! 32: .BR pki (1)
! 33: is used to generate a new RSA or ECDSA private key.
! 34: .
! 35: .SH "OPTIONS"
! 36: .
! 37: .TP
! 38: .B "\-h, \-\-help"
! 39: Print usage information with a summary of the available options.
! 40: .TP
! 41: .BI "\-v, \-\-debug " level
! 42: Set debug level, default: 1.
! 43: .TP
! 44: .BI "\-+, \-\-options " file
! 45: Read command line options from \fIfile\fR.
! 46: .TP
! 47: .BI "\-t, \-\-type " type
! 48: Type of key to generate. Either \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR,
! 49: \fIed448\fR or \fIbliss\fR, defaults to \fIrsa\fR.
! 50: .TP
! 51: .BI "\-s, \-\-size " bits
! 52: Key length in bits. Defaults to 2048 for \fIrsa\fR and 384 for \fIecdsa\fR.
! 53: For \fIecdsa\fR only three values are currently supported: 256, 384 and 521.
! 54: .TP
! 55: .BI "\-p, \-\-safe\-primes"
! 56: Generate RSA safe primes.
! 57: .TP
! 58: .BI "\-f, \-\-outform " encoding
! 59: Encoding of the generated private key. Either \fIder\fR (ASN.1 DER) or \fIpem\fR
! 60: (Base64 PEM), defaults
! 61: to \fIder\fR.
! 62: .PP
! 63: .SS "RSA Threshold Cryptography"
! 64: .TP
! 65: .BI "\-n, \-\-shares " <n>
! 66: Number of private RSA key shares.
! 67: .TP
! 68: .BI "\-l, \-\-threshold " <l>
! 69: Minimum number of participating RSA key shares.
! 70: .
! 71: .SH "PROBLEMS ON HOSTS WITH LOW ENTROPY"
! 72: .
! 73: If the
! 74: .I gmp
! 75: plugin is used to generate RSA private keys the key material is read from
! 76: .I /dev/random
! 77: (via the
! 78: .I random
! 79: plugin). Therefore, the command may block if the system's entropy pool is empty.
! 80: To avoid this, either use a hardware random number generator to feed
! 81: .I /dev/random
! 82: or use OpenSSL (via the
! 83: .I openssl
! 84: plugin or the command line) which is not as strict in regards to the quality of
! 85: the key material (it reads from
! 86: .I /dev/urandom
! 87: if necessary). It is also possible to configure the devices used by the
! 88: .I random
! 89: plugin in
! 90: .BR strongswan.conf (5).
! 91: Setting
! 92: .B libstrongswan.plugins.random.random
! 93: to
! 94: .I /dev/urandom
! 95: forces the plugin to treat bytes read from
! 96: .I /dev/urandom
! 97: as high grade random data, thus avoiding the blocking. Of
! 98: course, this doesn't change the fact that the key material generated this way is
! 99: of lower quality.
! 100: .
! 101: .SH "EXAMPLES"
! 102: .
! 103: .TP
! 104: .B pki \-\-gen \-\-size 3072 > rsa_key.der
! 105: Generates a 3072-bit RSA private key.
! 106: .
! 107: .TP
! 108: .B pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der
! 109: Generates a 256-bit ECDSA private key.
! 110: .
! 111: .SH "SEE ALSO"
! 112: .
! 113: .BR pki (1)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pki---gen.1.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pki / man