CentOS 7.0 - man page for strongimcv_pki---gen (centos section 1)

Linux & Unix Commands - Search Man Pages

Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


PKI --GEN(1)				    strongSwan				     PKI --GEN(1)

NAME
       pki --gen - Generate a new RSA or ECDSA private key

SYNOPSIS
       pki --gen [--type type] [--size bits] [--safe-primes] [--shares n] [--threshold l]
		 [--outform encoding] [--debug level]

       pki --gen --options file

       pki --gen -h | --help

DESCRIPTION
       This sub-command of pki(1) is used to generate a new RSA or ECDSA private key.

OPTIONS
       -h, --help
	      Print usage information with a summary of the available options.

       -v, --debug level
	      Set debug level, default: 1.

       -+, --options file
	      Read command line options from file.

       -t, --type type
	      Type of key to generate. Either rsa or ecdsa, defaults to rsa.

       -s, --size bits
	      Key length in bits. Defaults to 2048 for rsa and 384 for	ecdsa.	 For  ecdsa  only
	      three values are currently supported: 256, 384 and 521.

       -p, --safe-primes
	      Generate RSA safe primes.

       -f, --outform encoding
	      Encoding	of the generated private key. Either der (ASN.1 DER) or pem (Base64 PEM),
	      defaults to der.

   RSA Threshold Cryptography
       -n, --shares <n>
	      Number of private RSA key shares.

       -l, --threshold <l>
	      Minimum number of participating RSA key shares.

PROBLEMS ON HOSTS WITH LOW ENTROPY
       If the gmp plugin is used to generate RSA private keys  the  key  material  is  read  from
       /dev/random  (via  the  random  plugin).  Therefore, the command may block if the system's
       entropy pool is empty.  To avoid this, either use a hardware random  number  generator  to
       feed  /dev/random or use OpenSSL (via the openssl plugin or the command line) which is not
       as strict in regards to the quality of the key material (it  reads  from  /dev/urandom  if
       necessary).  It	is  also  possible  to configure the devices used by the random plugin in
       strongswan.conf(5).  Setting libstrongswan.plugins.random.random  to  /dev/urandom  forces
       the  plugin to treat bytes read from /dev/urandom as high grade random data, thus avoiding
       the blocking. Of course, this doesn't change the fact that the key material generated this
       way is of lower quality.

EXAMPLES
       pki --gen --size 3072 > rsa_key.der
	      Generates a 3072-bit RSA private key.

       pki --gen --type ecdsa --size 256 > ecdsa_key.der
	      Generates a 256-bit ECDSA private key.

SEE ALSO
       pki(1)

5.1.1					    2013-07-31				     PKI --GEN(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 04:02 AM.

Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?