Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   18016 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PKI --GEN(1)			  strongSwan			  PKI --GEN(1)

NAME
       pki --gen - Generate a new RSA or ECDSA private key

SYNOPSIS
       pki --gen [--type type] [--size bits] [--safe-primes] [--shares n]
		 [--threshold l] [--outform encoding] [--debug level]

       pki --gen --options file

       pki --gen -h | --help

DESCRIPTION
       This sub-command of pki(1) is used to generate a new RSA or ECDSA  pri‐
       vate key.

OPTIONS
       -h, --help
	      Print usage information with a summary of the available options.

       -v, --debug level
	      Set debug level, default: 1.

       -+, --options file
	      Read command line options from file.

       -t, --type type
	      Type of key to generate. Either rsa or ecdsa, defaults to rsa.

       -s, --size bits
	      Key  length in bits. Defaults to 2048 for rsa and 384 for ecdsa.
	      For ecdsa only three values are currently	 supported:  256,  384
	      and 521.

       -p, --safe-primes
	      Generate RSA safe primes.

       -f, --outform encoding
	      Encoding of the generated private key. Either der (ASN.1 DER) or
	      pem (Base64 PEM), defaults to der.

   RSA Threshold Cryptography
       -n, --shares <n>
	      Number of private RSA key shares.

       -l, --threshold <l>
	      Minimum number of participating RSA key shares.

PROBLEMS ON HOSTS WITH LOW ENTROPY
       If the gmp plugin is used to generate RSA private keys the key material
       is  read	 from /dev/random (via the random plugin). Therefore, the com‐
       mand may block if the system's entropy pool is empty.  To  avoid	 this,
       either  use  a  hardware random number generator to feed /dev/random or
       use OpenSSL (via the openssl plugin or the command line) which  is  not
       as  strict in regards to the quality of the key material (it reads from
       /dev/urandom if necessary).  It	is  also  possible  to	configure  the
       devices	used by the random plugin in strongswan.conf(5).  Setting lib‐
       strongswan.plugins.random.random to /dev/urandom forces the  plugin  to
       treat  bytes  read  from	 /dev/urandom  as high grade random data, thus
       avoiding the blocking. Of course, this doesn't change the fact that the
       key material generated this way is of lower quality.

EXAMPLES
       pki --gen --size 3072 > rsa_key.der
	      Generates a 3072-bit RSA private key.

       pki --gen --type ecdsa --size 256 > ecdsa_key.der
	      Generates a 256-bit ECDSA private key.

SEE ALSO
       pki(1)

5.1.3				  2013-07-31			  PKI --GEN(1)

Vote for polarhome