Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PKI --GEN(1)			  strongSwan			  PKI --GEN(1)

NAME
       pki --gen - Generate a new RSA or ECDSA private key

SYNOPSIS
       pki --gen [--type type] [--size bits] [--safe-primes] [--shares n]
		 [--threshold l] [--outform encoding] [--debug level]

       pki --gen --options file

       pki --gen -h | --help

DESCRIPTION
       This sub-command	of pki(1) is used to generate a	new RSA	or ECDSA  pri-
       vate key.

OPTIONS
       -h, --help
	      Print usage information with a summary of	the available options.

       -v, --debug level
	      Set debug	level, default:	1.

       -+, --options file
	      Read command line	options	from file.

       -t, --type type
	      Type  of	key  to	generate. Either rsa, ecdsa, ed25519 or	bliss,
	      defaults to rsa.

       -s, --size bits
	      Key length in bits. Defaults to 2048 for rsa and 384 for	ecdsa.
	      For  ecdsa  only	three values are currently supported: 256, 384
	      and 521.

       -p, --safe-primes
	      Generate RSA safe	primes.

       -f, --outform encoding
	      Encoding of the generated	private	key. Either der	(ASN.1 DER) or
	      pem (Base64 PEM),	defaults to der.

   RSA Threshold Cryptography
       -n, --shares _n_
	      Number of	private	RSA key	shares.

       -l, --threshold _l_
	      Minimum number of	participating RSA key shares.

PROBLEMS ON HOSTS WITH LOW ENTROPY
       If the gmp plugin is used to generate RSA private keys the key material
       is read from /dev/random	(via the random	plugin). Therefore,  the  com-
       mand  may  block	if the system's	entropy	pool is	empty.	To avoid this,
       either use a hardware random number generator to	 feed  /dev/random  or
       use  OpenSSL  (via the openssl plugin or	the command line) which	is not
       as strict in regards to the quality of the key material (it reads  from
       /dev/urandom  if	 necessary).  It is also possible to configure the de-
       vices used by the random	plugin in  strongswan.conf(5).	 Setting  lib-
       strongswan.plugins.random.random	 to  /dev/urandom forces the plugin to
       treat bytes read	from /dev/urandom as  high  grade  random  data,  thus
       avoiding	the blocking. Of course, this doesn't change the fact that the
       key material generated this way is of lower quality.

EXAMPLES
       pki --gen --size	3072 > rsa_key.der
	      Generates	a 3072-bit RSA private key.

       pki --gen --type	ecdsa --size 256 > ecdsa_key.der
	      Generates	a 256-bit ECDSA	private	key.

SEE ALSO
       pki(1)

5.5.2				  2016-12-13			  PKI --GEN(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | PROBLEMS ON HOSTS WITH LOW ENTROPY | EXAMPLES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pki---gen&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help