1 Content-type: text/html
3 <HTML><HEAD><TITLE>Manpage of IPSEC_NEWHOSTKEY
</TITLE>
5 <H1>IPSEC_NEWHOSTKEY
</H1>
6 Section: Maintenance Commands (
8)
<BR>Updated:
4 March
2002<BR><A HREF=
"#index">Index
</A>
7 <A HREF=
"http://localhost/cgi-bin/man/man2html">Return to Main Contents
</A><HR>
10 <A NAME=
"lbAB"> </A>
13 ipsec newhostkey - generate a new host authentication key
14 <A NAME=
"lbAC"> </A>
43 <A NAME=
"lbAD"> </A>
51 which can be `
<B>-
</B>' for standard output)
52 an RSA private key suitable for this host,
54 <I>/etc/ipsec.secrets
</I>
58 <I><A HREF=
"ipsec.secrets.5.html">ipsec.secrets
</A></I>(
5)).
67 <I><A HREF=
"ipsec_rsasigkey.8.html">ipsec_rsasigkey
</A></I>(
8))
72 option, so a narrative of what is being done appears on standard error.
78 specifier, although it is syntactically an option and can appear at
79 any point among the options (it doesn't have to be first),
84 is created under umask
88 if it already exists and is non-empty,
89 a warning message about that is sent to standard error,
90 and the output is appended to the file.
96 option suppresses both the
99 narrative and the existing-file warning message.
105 option specifies the number of bits in the key;
106 the current default is
2192 and we do not recommend use of anything
107 shorter unless unusual constraints demand it.
113 option is passed through to
116 to tell it what host name to label the output with
123 The output format is that of
126 with bracketing added to complete the
130 In the usual case, where
133 contains only the host's own private key,
137 is sufficient as a complete
141 <A NAME=
"lbAE"> </A>
144 <A HREF=
"ipsec.secrets.5.html">ipsec.secrets
</A>(
5),
<A HREF=
"ipsec_rsasigkey.8.html">ipsec_rsasigkey
</A>(
8)
145 <A NAME=
"lbAF"> </A>
148 Written for the Linux FreeS/WAN project
149 <<A HREF=
"http://www.freeswan.org">http://www.freeswan.org
</A>>
151 <A NAME=
"lbAG"> </A>
157 the run time is difficult to predict,
158 since depletion of the system's randomness pool can cause
159 arbitrarily long waits for random bits,
160 and the prime-number searches can also take unpredictable
161 (and potentially large) amounts of CPU time.
163 <I><A HREF=
"ipsec_rsasigkey.8.html">ipsec_rsasigkey
</A></I>(
8)
165 for some typical performance numbers.
168 A higher-level tool which could handle the clerical details
169 of changing to a new key would be helpful.
176 but private keys are extremely sensitive information
177 and unusual precautions seem justified.
181 <A NAME=
"index"> </A><H2>Index
</H2>
183 <DT><A HREF=
"#lbAB">NAME
</A><DD>
184 <DT><A HREF=
"#lbAC">SYNOPSIS
</A><DD>
185 <DT><A HREF=
"#lbAD">DESCRIPTION
</A><DD>
186 <DT><A HREF=
"#lbAE">SEE ALSO
</A><DD>
187 <DT><A HREF=
"#lbAF">HISTORY
</A><DD>
188 <DT><A HREF=
"#lbAG">BUGS
</A><DD>
191 This document was created by
192 <A HREF=
"http://localhost/cgi-bin/man/man2html">man2html
</A>,
193 using the manual pages.
<BR>
194 Time:
21:
40:
18 GMT, November
11,
2003