Content-type: text/html
Manpage of IPSEC_NEWHOSTKEY
IPSEC_NEWHOSTKEY
Section: Maintenance Commands (8)
Updated: 18 Oct 2001
Index
Return to Main Contents
NAME
ipsec newhostkey - generate a new host authentication key
SYNOPSIS
ipsec
newhostkey
[
--quiet
] [
--bits
n
] [
--hostname
host
]
DESCRIPTION
Newhostkey
outputs (on standard output) an RSA private key suitable for this host,
in
/etc/ipsec.secrets
format
(see
ipsec.secrets(5)).
Normally,
newhostkey
invokes
rsasigkey
(see
ipsec_rsasigkey(8))
with the
--verbose
option, so a narrative of what is being done appears on standard error.
The
--quiet
option suppresses the narrative.
The
--bits
option specifies the number of bits in the key;
the current default is 2048 and we do not recommend use of anything
shorter unless unusual constraints demand it.
The
--hostname
option is passed through to
rsasigkey
to tell it what host name to label the output with
(via its
--hostname
option).
The output format is that of
rsasigkey,
with bracketing added to complete the
ipsec.secrets
format.
In the usual case, where
ipsec.secrets
contains only the host's own private key,
the output of
newhostkey
is sufficient as a complete
ipsec.secrets
file.
SEE ALSO
ipsec.secrets(5), ipsec_rsasigkey(8)
HISTORY
Written for the Linux FreeS/WAN project
<http://www.freeswan.org>
by Henry Spencer.
BUGS
As with
rsasigkey,
the run time is difficult to predict,
since depletion of the system's randomness pool can cause
arbitrarily long waits for random bits,
and the prime-number searches can also take unpredictable
(and potentially large) amounts of CPU time.
See
ipsec_rsasigkey(8)
for some typical performance numbers.
A higher-level tool which could handle the clerical details
of changing to a new key would be helpful.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- SEE ALSO
-
- HISTORY
-
- BUGS
-
This document was created by
man2html,
using the manual pages.
Time: 04:30:21 GMT, February 05, 2002