GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
IPSEC_NEWHOSTKEY(8) Executable programs IPSEC_NEWHOSTKEY(8)

ipsec_newhostkey - generate a new raw RSA authentication key for a host

ipsec newhostkey [[--quiet] | [--verbose]] [--nssdirnssdir] [--password password] [--bits bits] [--curve curve] [--keytype rsa|ecdsa] [--seeddev device]

newhostkey generates an RSA public/private key pair suitable for authenticating this host is generated and stored in the NSS database.

See ipsec_showhostkey(8) for how to extract the public key from the NSS database.

--quiet
The --quiet option suppresses both the rsasigkey narrative and the existing-file warning message.

--nssdir nssdir

The --nssdir option specifies the NSS DB directory where the certificate key, and modsec databases reside (default /usr/local/etc/ipsec.d)

--password password

The --password option specifies a module authentication password that may be required if FIPS mode is enabled.

--bits bits

The --bits option specifies the number of bits in the RSA key; the current default is a random (multiple of 16) value between 3072 and 4096. The minimum allowed is 2192.

--curve curve

The --curve option specifies the named curve used in the ECDSA key; the current default is secp256r1. See ipsec_ecdsasigkey(8) for the available curve names.

--keytype rsa|ecdsa

The --keytype option specifies the type of key, which can either be rsa (RSA) or ecdsa (ECDSA); if omitted the current default is rsa.

--seeddev device

The --seeddev is used to specify the random device (default /dev/random used to seed the crypto library RNG.

/dev/random, /dev/urandom

ipsec_rsasigkey(8), ipsec_showhostkey(8), ipsec.secrets(5)

Originally written for the Linux FreeS/WAN project <https://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters

As with rsasigkey, the run time is difficult to predict, since depletion of the system's randomness pool can cause arbitrarily long waits for random bits for seeding the NSS library, and the prime-number searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec_rsasigkey(8) .

Paul Wouters
placeholder to suppress warning
05/26/2022 libreswan
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.