Content-type: text/html Manpage of IPSEC_NEWHOSTKEY

IPSEC_NEWHOSTKEY

Section: Maintenance Commands (8)
Updated: 18 Oct 2001
Index Return to Main Contents
 

NAME

ipsec newhostkey - generate a new host authentication key  

SYNOPSIS

ipsec newhostkey [ --quiet ] [ --bits n ] [ --hostname host ]  

DESCRIPTION

Newhostkey outputs (on standard output) an RSA private key suitable for this host, in /etc/ipsec.secrets format (see ipsec.secrets(5)). Normally, newhostkey invokes rsasigkey (see ipsec_rsasigkey(8)) with the --verbose option, so a narrative of what is being done appears on standard error.

The --quiet option suppresses the narrative.

The --bits option specifies the number of bits in the key; the current default is 2048 and we do not recommend use of anything shorter unless unusual constraints demand it.

The --hostname option is passed through to rsasigkey to tell it what host name to label the output with (via its --hostname option).

The output format is that of rsasigkey, with bracketing added to complete the ipsec.secrets format. In the usual case, where ipsec.secrets contains only the host's own private key, the output of newhostkey is sufficient as a complete ipsec.secrets file.  

SEE ALSO

ipsec.secrets(5), ipsec_rsasigkey(8)  

HISTORY

Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer.  

BUGS

As with rsasigkey, the run time is difficult to predict, since depletion of the system's randomness pool can cause arbitrarily long waits for random bits, and the prime-number searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec_rsasigkey(8) for some typical performance numbers.

A higher-level tool which could handle the clerical details of changing to a new key would be helpful.


 

Index

NAME
SYNOPSIS
DESCRIPTION
SEE ALSO
HISTORY
BUGS

This document was created by man2html, using the manual pages.
Time: 04:30:21 GMT, February 05, 2002