IPSEC_RANBITS - Online Linux Manual PageSection : 8
Updated : 10/04/2017
Source : libreswan
Note : Executable programs
NAMEipsec_newhostkey − generate a new raw RSA authentication key for a host
SYNOPSISipsec newhostkey [[−−configdirnssdbdir] | [−−password password]] [[−−quiet] | [−−verbose]] [−−bits bits] [−−seeddev device] [−−hostname hostname] [−−output filename]
DESCRIPTIONnewhostkey outputs (into filename, which can be ´−´ for standard output) an RSA private key suitable for this host, in /etc/ipsec.secrets format (see ipsec.secrets(5)) using the −−quiet option per default. The −−output option is mandatory. The specified filename is created under umask 077 if nonexistent; if it already exists and is non−empty, a warning message about that is sent to standard error, and the output is appended to the file. The −−quiet option suppresses both the rsasigkey narrative and the existing−file warning message. When compiled with NSS support (the default), −−configdir specifies the nss configuration directory where the certificate key, and modsec databases reside. There is no default value, though /etc/ipsec.d might be sensible choice. When compiled with NSS support (the default), −−password specifies a module authentication password that may be required if FIPS mode is enabled The −−bits option specifies the number of bits in the RSA key; the current default is a random (multiple of 16) value between 3072 and 4096. The minimum allowed is 2192. The −−seeddev is used to specify the random device (default /dev/random used to seed the crypto library RNG. The −−hostname option is passed through to rsasigkey to tell it what host name to label the output with (via its −−hostname option). The output format is that of rsasigkey, with bracketing added to complete the ipsec.secrets format. In the usual case, where ipsec.secrets contains only the hostâs own private key, the output of newhostkey is sufficient as a complete ipsec.secrets file.
FILES/dev/random, /dev/urandom
SEE ALSOipsec_rsasigkey(8), ipsec.secrets(5)
HISTORYOriginally written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters
BUGSAs with rsasigkey, the run time is difficult to predict, since depletion of the systemâs randomness pool can cause arbitrarily long waits for random bits for seeding the NSS library, and the prime−number searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec_rsasigkey(8) . A higher−level tool which could handle the clerical details of changing to a new key would be helpful.
AUTHORPaul Wouters placeholder to suppress warning 0
Johanes Gumabo
Data Size : 11,318 byte
man-ipsec_newhostkey.8Build : 2024-12-05, 20:55 :
Visitor Screen : x
Visitor Counter ( page / site ) : 2 / 181,372
Visitor ID : :
Visitor IP : 3.149.29.192 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.