Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   29550 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

IPSEC_RANBITS(8)	      Executable programs	      IPSEC_RANBITS(8)

NAME
       ipsec_newhostkey - generate a new raw RSA authentication key for a host

SYNOPSIS
       ipsec newhostkey [[--configdirnssdbdir] | [--password password]]
	     [[--quiet] | [--verbose]] [--bits bits] [--random device]
	     [--hostname hostname] [--output filename]

DESCRIPTION
       newhostkey outputs (into filename, which can be '-' for standard
       output) an RSA private key suitable for this host, in
       /etc/ipsec.secrets format (see ipsec.secrets(5)) using the --quiet
       option per default.

       The --output option is mandatory. The specified filename is created
       under umask 077 if nonexistent; if it already exists and is non-empty,
       a warning message about that is sent to standard error, and the output
       is appended to the file.

       The --quiet option suppresses both the rsasigkey narrative and the
       existing-file warning message.

       When compiled with NSS support (the default), --configdir specifies the
       nss configuration directory where the certificate key, and modsec
       databases reside. There is no default value, though /etc/ipsec.d might
       be sensible choice.

       When compiled with NSS support (the default), --password specifies a
       module authentication password that may be required if FIPS mode is
       enabled

       The --bits option specifies the number of bits in the RSA key; the
       current default is a random (multiple of 16) value between 3072 and
       4096. The minimum allowed is 2172.

       The --random is used to specify the random device (default /dev/random
       used to seed the crypto library RNG.

       The --hostname option is passed through to rsasigkey to tell it what
       host name to label the output with (via its --hostname option).

       The output format is that of rsasigkey, with bracketing added to
       complete the ipsec.secrets format. In the usual case, where
       ipsec.secrets contains only the hostâs own private key, the output of
       newhostkey is sufficient as a complete ipsec.secrets file.

FILES
       /dev/random, /dev/urandom

SEE ALSO
       ipsec_rsasigkey(8), ipsec.secrets(5)

HISTORY
       Originally written for the Linux FreeS/WAN project
       <http://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters

BUGS
       As with rsasigkey, the run time is difficult to predict, since
       depletion of the systemâs randomness pool can cause arbitrarily long
       waits for random bits, and the prime-number searches can also take
       unpre dictable (and potentially large) amounts of CPU time. See
       ipsec_rsasigkey(8) .

       A higher-level tool which could handle the clerical details of changing
       to a new key would be helpful.

AUTHOR
       Paul Wouters
	   placeholder to suppress warning

libreswan			  09/06/2013		      IPSEC_RANBITS(8)

Vote for polarhome