Man page - ipsec-newhostkey(8)
Packages contains this manual
- ipsec-down(8)
- ipsec-rsasigkey(8)
- ipsec-rereadall(8)
- ipsec-addconn(8)
- ipsec-vfychain(8)
- ipsec-briefconnectionstatus(8)
- ipsec-algparse(8)
- ipsec-briefstatus(8)
- ipsec-checknflog(8)
- ipsec-replace(8)
- ipsec-_plutorun(8)
- ipsec-rereadcerts(8)
- ipsec-delete(8)
- ipsec-listen(8)
- ipsec-modutil(8)
- ipsec-initnss(8)
- ipsec-globalstatus(8)
- ipsec-start(8)
- ipsec-listcacerts(8)
- ipsec-add(8)
- ipsec-import(8)
- ipsec-unroute(8)
- ipsec-listall(8)
- ipsec-newhostkey(8)
- ipsec-fipsstatus(8)
- ipsec-restart(8)
- ipsec-stop(8)
- ipsec-checknss(8)
- ipsec-certutil(8)
- ipsec-listcerts(8)
- ipsec-trafficstatus(8)
- ipsec.conf(5)
- ipsec-pk12util(8)
- ipsec-whack(8)
- ipsec-shuntstatus(8)
- ipsec-_updown(8)
- ipsec-crlutil(8)
- ipsec-_updown.xfrm(8)
- ipsec-route(8)
- ipsec-checkconfig(8)
- ipsec-listcrls(8)
- ipsec-showroute(8)
- libreswan(7)
- ipsec-connectionstatus(8)
- ipsec-status(8)
- ipsec-letsencrypt(8)
- ipsec-ecdsasigkey(8)
- ipsec-readwriteconf(8)
- ipsec-up(8)
- ipsec-setup(8)
- ipsec-pluto(8)
- ipsec-showstates(8)
- pluto(8)
- ipsec.secrets(5)
- ipsec-rereadsecrets(8)
- ipsec-purgeocsp(8)
- ipsec-_stackmanager(8)
- ipsec-fetchcrls(8)
- ipsec-redirect(8)
- ipsec-ondemand(8)
- ipsec-listpubkeys(8)
- ipsec(8)
- ipsec-showhostkey(8)
apt-get install libreswan
Manual
IPSEC-NEWHOSTKEY
NAMESYNOPSIS
DESCRIPTION
Output Options
FILES
SEE ALSO
HISTORY
BUGS
AUTHOR
NAME
ipsec-newhostkey - generate a new raw RSA authentication key for a host
SYNOPSIS
|
ipsec newhostkey [[--quiet] | [--verbose]] [--nssdir nssdir ] [--password password ] [--bits bits ] [--curve curve ] [--keytype rsa|ecdsa ] [--seeddev device ] |
DESCRIPTION
newhostkey generates an RSA public/private key pair suitable for authenticating this host is generated and stored in the NSS database.
See ipsec-showhostkey (8) for how to extract the public key from the NSS database.
Output Options
--quiet
The --quiet option suppresses both the rsasigkey narrative and the existing-file warning message.
--nssdir /var/lib/ipsec/nss
The --nssdir option specifies the NSS DB directory where the certificate key, and modsec databases reside (default /var/lib/ipsec/nss)
--password password
The --password option specifies a module authentication password that may be required if FIPS mode is enabled.
--bits bits
The --bits option specifies the number of bits in the RSA key; the current default is a random (multiple of 16) value between 3072 and 4096. The minimum allowed is 2192.
--curve curve
The --curve option specifies the named curve used in the ECDSA key; the current default is secp256r1. See ipsec-ecdsasigkey (8) for the available curve names.
--keytype rsa|ecdsa
The --keytype option specifies the type of key, which can either be rsa (RSA) or ecdsa (ECDSA); if omitted the current default is rsa .
--seeddev device
The --seeddev is used to specify the random device (default /dev/random used to seed the crypto library RNG.
FILES
/dev/random, /dev/urandom
SEE ALSO
ipsec-rsasigkey (8), ipsec-showhostkey (8), ipsec.secrets (5)
HISTORY
Originally written for the Linux FreeS/WAN project < https://www.freeswan.org > by Henry Spencer. Updated by Paul Wouters
BUGS
As with rsasigkey , the run time is difficult to predict, since depletion of the system's randomness pool can cause arbitrarily long waits for random bits for seeding the NSS library, and the prime-number searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec-rsasigkey (8).
AUTHOR
Paul Wouters