centos man page for strongimcv_pki---gen

Centos Man Pages All Man Pages Latest Topics Forum Categories

Query: strongimcv_pki---gen

OS: centos

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

PKI --GEN(1)							    strongSwan							      PKI --GEN(1)


NAME

       pki --gen - Generate a new RSA or ECDSA private key


SYNOPSIS

       pki --gen [--type type] [--size bits] [--safe-primes] [--shares n] [--threshold l] [--outform encoding] [--debug level]

       pki --gen --options file

       pki --gen -h | --help


DESCRIPTION

       This sub-command of pki(1) is used to generate a new RSA or ECDSA private key.


OPTIONS

       -h, --help
	      Print usage information with a summary of the available options.

       -v, --debug level
	      Set debug level, default: 1.

       -+, --options file
	      Read command line options from file.

       -t, --type type
	      Type of key to generate. Either rsa or ecdsa, defaults to rsa.

       -s, --size bits
	      Key  length  in bits. Defaults to 2048 for rsa and 384 for ecdsa.  For ecdsa only three values are currently supported: 256, 384 and
	      521.

       -p, --safe-primes
	      Generate RSA safe primes.

       -f, --outform encoding
	      Encoding of the generated private key. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

   RSA Threshold Cryptography
       -n, --shares <n>
	      Number of private RSA key shares.

       -l, --threshold <l>
	      Minimum number of participating RSA key shares.


PROBLEMS ON HOSTS WITH LOW ENTROPY

       If the gmp plugin is used to generate RSA private keys the key material is read from /dev/random (via the random  plugin).  Therefore,  the
       command	may block if the system's entropy pool is empty.  To avoid this, either use a hardware random number generator to feed /dev/random
       or use OpenSSL (via the openssl plugin or the command line) which is not as strict in regards to the quality of the key material (it  reads
       from  /dev/urandom  if  necessary).  It is also possible to configure the devices used by the random plugin in strongswan.conf(5).  Setting
       libstrongswan.plugins.random.random to /dev/urandom forces the plugin to treat bytes read from /dev/urandom as high grade random data, thus
       avoiding the blocking. Of course, this doesn't change the fact that the key material generated this way is of lower quality.


EXAMPLES

       pki --gen --size 3072 > rsa_key.der
	      Generates a 3072-bit RSA private key.

       pki --gen --type ecdsa --size 256 > ecdsa_key.der
	      Generates a 256-bit ECDSA private key.


SEE ALSO

       pki(1)

5.1.1								    2013-07-31							      PKI --GEN(1)
Related Man Pages
genrsa(1) - redhat
ovs-pki(8) - debian
strongimcv_pki---issue(8) - centos
rsa_check_key(3) - opendarwin
rsa_check_key(3openssl) - opensolaris
Similar Topics in the Unix Linux Community
LibPKI 0.1.8 (Default branch)
Pathfinder PKI Daemon 0.2.4 (Default branch)
taking a part from file name
LibPKI 0.2.0 (Default branch)
ECDSA verification