logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

pki --gen - Generate a new RSA or ECDSA private key

Contents

Description

       This sub-command of pki(1) is used to generate a new RSA or ECDSA private key.

Examples

pki--gen--size3072>rsa_key.der
              Generates a 3072-bit RSA private key.

       pki--gen--typeecdsa--size256>ecdsa_key.der
              Generates a 256-bit ECDSA private key.

Name

       pki --gen - Generate a new RSA or ECDSA private key

Options

-h,--help
              Print usage information with a summary of the available options.

       -v,--debuglevel
              Set debug level, default: 1.

       -+,--optionsfile
              Read command line options from file.

       -t,--typetype
              Type of key to generate. Either rsa, ecdsa, ed25519, ed448 or bliss, defaults to rsa.

       -s,--sizebits
              Key  length  in bits. Defaults to 2048 for rsa and 384 for ecdsa.  For ecdsa only three values are
              currently supported: 256, 384 and 521.

       -p,--safe-primes
              Generate RSA safe primes.

       -f,--outformencoding
              Encoding of the generated private key. Either der (ASN.1 DER) or pem  (Base64  PEM),  defaults  to
              der.

   RSAThresholdCryptography-n,--shares<n>
              Number of private RSA key shares.

       -l,--threshold<l>
              Minimum number of participating RSA key shares.

Problems On Hosts With Low Entropy

       If the gmp plugin is used to generate RSA private keys the key material is read from /dev/random (via the
       random  plugin).  Therefore, the command may block if the system's entropy pool is empty.  To avoid this,
       either use a hardware random number generator to feed /dev/random or use OpenSSL (via the openssl  plugin
       or  the command line) which is not as strict in regards to the quality of the key material (it reads from
       /dev/urandom if necessary). It is also possible to configure the devices used by  the  random  plugin  in
       strongswan.conf(5).   Setting  libstrongswan.plugins.random.random  to  /dev/urandom forces the plugin to
       treat bytes read from /dev/urandom as high grade random data, thus avoiding the blocking. Of course, this
       doesn't change the fact that the key material generated this way is of lower quality.

See Also

pki(1)

5.9.13                                             2016-12-13                                       PKI--GEN(1)

Synopsis

pki--gen [--typetype] [--sizebits] [--safe-primes] [--sharesn] [--thresholdl] [--outformencoding]
                 [--debuglevel]

       pki--gen--optionsfilepki--gen-h | --help

See Also

Man Pages
ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, Man Pages
Randomizer
Randomizer PNG Icons
Installerpedia
arc53/DocsGPT Installerpedia
Man Pages
generate Man Pages
Plugin
Plugin PNG Icons
Command
Command PNG Icons
✳️
Eight Spoked Asterisk Emojis
Man Pages
defaults Man Pages
Man Pages
primes Man Pages
← View User commands Category← Back to Compilers and assemblers🙏  Credits & Acknowledgments