logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

ipsec_newhostkey - generate a new raw RSA authentication key for a host

Contents

Author

PaulWouters
           placeholder to suppress warning

libreswan                                          03/31/2024                                IPSEC_NEWHOSTKEY(8)

Bugs

       As with rsasigkey, the run time is difficult to predict, since depletion of the system's randomness pool
       can cause arbitrarily long waits for random bits for seeding the NSS library, and the prime-number
       searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec_rsasigkey(8)
       .

Description

newhostkey generates an RSA public/private key pair suitable for authenticating this host is generated
       and stored in the NSS database.

       See ipsec_showhostkey(8) for how to extract the public key from the NSS database.

   OutputOptions--quiet
           The --quiet option suppresses both the rsasigkey narrative and the existing-file warning message.

       --nssdirnssdir
           The --nssdir option specifies the NSS DB directory where the certificate key, and modsec databases
           reside (default /var/lib/ipsec/nss)

       --passwordpassword
           The --password option specifies a module authentication password that may be required if FIPS mode is
           enabled.

       --bitsbits
           The --bits option specifies the number of bits in the RSA key; the current default is a random
           (multiple of 16) value between 3072 and 4096. The minimum allowed is 2192.

       --curvecurve
           The --curve option specifies the named curve used in the ECDSA key; the current default is secp256r1.
           See ipsec_ecdsasigkey(8) for the available curve names.

       --keytypersa|ecdsa
           The --keytype option specifies the type of key, which can either be rsa (RSA) or ecdsa (ECDSA); if
           omitted the current default is rsa.

       --seeddevdevice
           The --seeddev is used to specify the random device (default /dev/random used to seed the crypto
           library RNG.

Files

       /dev/random, /dev/urandom

History

       Originally written for the Linux FreeS/WAN project <https://www.freeswan.org> by Henry Spencer. Updated
       by Paul Wouters

Name

       ipsec_newhostkey - generate a new raw RSA authentication key for a host

See Also

ipsec_rsasigkey(8), ipsec_showhostkey(8), ipsec.secrets(5)

Synopsis

ipsecnewhostkey [[--quiet] | [--verbose]] [--nssdirnssdir] [--password password] [--bits bits]
             [--curve curve] [--keytype rsa|ecdsa] [--seeddev device]

See Also

Man Pages
ipsec Man Pages
Option
Option PNG Icons
Man Pages
bitslice Man Pages
Man Pages
gitignore Man Pages
Man Pages
defaults Man Pages
Man Pages
ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, Man Pages
Curve
Curve PNG Icons
Randomizer
Randomizer PNG Icons
← View System admin Category← Back to Network service daemons🙏  Credits & Acknowledgments