[BACK]Return to pki---gen.1.in CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pki / man
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pki / man / pki---gen.1.in
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:44 2020 UTC (4 years, 3 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

    1: .TH "PKI \-\-GEN" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
    2: .
    3: .SH "NAME"
    4: .
    5: pki \-\-gen \- Generate a new RSA or ECDSA private key
    6: .
    7: .SH "SYNOPSIS"
    8: .
    9: .SY pki\ \-\-gen
   10: .OP \-\-type type
   11: .OP \-\-size bits
   12: .OP \-\-safe\-primes
   13: .OP \-\-shares n
   14: .OP \-\-threshold l
   15: .OP \-\-outform encoding
   16: .OP \-\-debug level
   17: .YS
   18: .
   19: .SY pki\ \-\-gen
   20: .BI \-\-options\~ file
   21: .YS
   22: .
   23: .SY "pki \-\-gen"
   24: .B \-h
   25: |
   26: .B \-\-help
   27: .YS
   28: .
   29: .SH "DESCRIPTION"
   30: .
   31: This sub-command of
   32: .BR pki (1)
   33: is used to generate a new RSA or ECDSA private key.
   34: .
   35: .SH "OPTIONS"
   36: .
   37: .TP
   38: .B "\-h, \-\-help"
   39: Print usage information with a summary of the available options.
   40: .TP
   41: .BI "\-v, \-\-debug " level
   42: Set debug level, default: 1.
   43: .TP
   44: .BI "\-+, \-\-options " file
   45: Read command line options from \fIfile\fR.
   46: .TP
   47: .BI "\-t, \-\-type " type
   48: Type of key to generate. Either \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR,
   49: \fIed448\fR or \fIbliss\fR, defaults to \fIrsa\fR.
   50: .TP
   51: .BI "\-s, \-\-size " bits
   52: Key length in bits. Defaults to 2048 for \fIrsa\fR and 384 for \fIecdsa\fR.
   53: For \fIecdsa\fR only three values are currently supported: 256, 384 and 521.
   54: .TP
   55: .BI "\-p, \-\-safe\-primes"
   56: Generate RSA safe primes.
   57: .TP
   58: .BI "\-f, \-\-outform " encoding
   59: Encoding of the generated private key. Either \fIder\fR (ASN.1 DER) or \fIpem\fR
   60: (Base64 PEM), defaults
   61: to \fIder\fR.
   62: .PP
   63: .SS "RSA Threshold Cryptography"
   64: .TP
   65: .BI "\-n, \-\-shares " <n>
   66: Number of private RSA key shares.
   67: .TP
   68: .BI "\-l, \-\-threshold " <l>
   69: Minimum number of participating RSA key shares.
   70: .
   71: .SH "PROBLEMS ON HOSTS WITH LOW ENTROPY"
   72: .
   73: If the
   74: .I gmp
   75: plugin is used to generate RSA private keys the key material is read from
   76: .I /dev/random
   77: (via the
   78: .I random
   79: plugin). Therefore, the command may block if the system's entropy pool is empty.
   80: To avoid this, either use a hardware random number generator to feed
   81: .I /dev/random
   82: or use OpenSSL (via the
   83: .I openssl
   84: plugin or the command line) which is not as strict in regards to the quality of
   85: the key material (it reads from
   86: .I /dev/urandom
   87: if necessary). It is also possible to configure the devices used by the
   88: .I random
   89: plugin in
   90: .BR strongswan.conf (5).
   91: Setting
   92: .B libstrongswan.plugins.random.random
   93: to
   94: .I /dev/urandom
   95: forces the plugin to treat bytes read from
   96: .I /dev/urandom
   97: as high grade random data, thus avoiding the blocking. Of
   98: course, this doesn't change the fact that the key material generated this way is
   99: of lower quality.
  100: .
  101: .SH "EXAMPLES"
  102: .
  103: .TP
  104: .B pki \-\-gen \-\-size 3072 > rsa_key.der
  105: Generates a 3072-bit RSA private key.
  106: .
  107: .TP
  108: .B pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der
  109: Generates a 256-bit ECDSA private key.
  110: .
  111: .SH "SEE ALSO"
  112: .
  113: .BR pki (1)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>