PLAINRSA-GEN(8) BSD System Manager's Manual PLAINRSA-GEN(8)NAME
plainrsa-gen -- generator for Plain RSA keys
SYNOPSIS
plainrsa-gen [-b bits] [-e pubexp] [-f outfile] [-h]
DESCRIPTION
plainrsa-gen can be used to generate Plain RSA keys for authentication purposes. Using Plain RSA keys is optional. Other possibilities are
Pre-shared keys or X.509 certificates.
-b bits
bit length of the key. Default is 1024, recommended length is 2048 or even 4096 bits. Note that generating longer keys takes longer
time.
-e pubexp
value of RSA public exponent. Default is 0x3. Don't change this unless you really know what you are doing!
-f outfile
outfile instead of stdout. If the file already exists it won't be overwritten. You wouldn't like to lose your private key by acci-
dent, would you?
OUTPUT FILE FORMAT
This is the secret private key that should never leave your computer:
: RSA {
# RSA 1024 bits
# pubkey=0sAQOrWlcwbAIdNSMhDt...
Modulus: 0xab5a57306c021d3523...
PublicExponent: 0x03
PrivateExponent: 0x723c3a2048...
Prime1: 0xd309b30e6adf9d85c01...
Prime2: 0xcfdc2a8aa5b2b3c90e3...
Exponent1: 0x8cb122099c9513ae...
Exponent2: 0x8a92c7071921cd30...
Coefficient: 0x722751305eafe9...
}
The line pubkey=0sAQOrW... of the private key contains a public key that should be stored in the other peer's configuration in this format:
: PUB 0sAQOrWlcwbAIdNSMhDt...
You can also specify from and to addresses for which the key is valid:
0.0.0.0/0 10.20.30.0/24 : PUB 0sAQOrWlcwbAIdNSMhDt...
SEE ALSO racoon.conf(5), racoon(8)HISTORY
plainrsa-gen was written by Michal Ludvig <michal@logix.cz> and first appeared in ipsec-tools 0.4.
BSD June 14, 2004 BSD
Check Out this Related Man Page
PKI --GEN(1) strongSwan PKI --GEN(1)NAME
pki --gen - Generate a new RSA or ECDSA private key
SYNOPSIS
pki --gen [--type type] [--size bits] [--safe-primes] [--shares n] [--threshold l] [--outform encoding] [--debug level]
pki --gen --options file
pki --gen -h | --help
DESCRIPTION
This sub-command of pki(1) is used to generate a new RSA or ECDSA private key.
OPTIONS -h, --help
Print usage information with a summary of the available options.
-v, --debug level
Set debug level, default: 1.
-+, --options file
Read command line options from file.
-t, --type type
Type of key to generate. Either rsa or ecdsa, defaults to rsa.
-s, --size bits
Key length in bits. Defaults to 2048 for rsa and 384 for ecdsa. For ecdsa only three values are currently supported: 256, 384 and
521.
-p, --safe-primes
Generate RSA safe primes.
-f, --outform encoding
Encoding of the generated private key. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.
RSA Threshold Cryptography
-n, --shares <n>
Number of private RSA key shares.
-l, --threshold <l>
Minimum number of participating RSA key shares.
PROBLEMS ON HOSTS WITH LOW ENTROPY
If the gmp plugin is used to generate RSA private keys the key material is read from /dev/random (via the random plugin). Therefore, the
command may block if the system's entropy pool is empty. To avoid this, either use a hardware random number generator to feed /dev/random
or use OpenSSL (via the openssl plugin or the command line) which is not as strict in regards to the quality of the key material (it reads
from /dev/urandom if necessary). It is also possible to configure the devices used by the random plugin in strongswan.conf(5). Setting
libstrongswan.plugins.random.random to /dev/urandom forces the plugin to treat bytes read from /dev/urandom as high grade random data, thus
avoiding the blocking. Of course, this doesn't change the fact that the key material generated this way is of lower quality.
EXAMPLES
pki --gen --size 3072 > rsa_key.der
Generates a 3072-bit RSA private key.
pki --gen --type ecdsa --size 256 > ecdsa_key.der
Generates a 256-bit ECDSA private key.
SEE ALSO pki(1)5.1.1 2013-07-31 PKI --GEN(1)