1IPSEC_RSASIGKEY(8)              [FIXME: manual]             IPSEC_RSASIGKEY(8)
2
3
4

NAME

6       ipsec_rsasigkey - generate RSA signature key
7

SYNOPSIS

9       ipsec rsasigkey [--verbose] [--random filename] [--rounds nr]
10             [--configdir nssdbdir] [--password nsspassword]
11             [--hostname hostname] [--noopt] nbits
12
13       ipsec rsasigkey [--verbose] [--configdir nssdbdir]
14             [--password nsspassword] [--hostname hostname] [--noopt]
15             [--oldkey filename]
16

DESCRIPTION

18       Rsasigkey generates an RSA public/private key pair, suitable for
19       digital signatures, of (exactly) nbits bits (that is, two primes each
20       of exactly nbits/2 bits, and related numbers) and emits it on standard
21       output as ASCII (mostly hex) data.  nbits must be a multiple of 16.
22
23       The public exponent is forced to the value 3, which has important speed
24       advantages for signature checking. Beware that the resulting keys have
25       known weaknesses as encryption keys and should not be used for that
26       purpose.
27
28       The --verbose option makesrsasigkey give a running commentary on
29       standard error. By default, it works in silence until it is ready to
30       generate output.
31
32       The --random option specifies a source for random bits. The default is
33       /dev/random (see random(4)). Normally, rsasigkey reads exactly nbits
34       random bits from the source; in extremely-rare circumstances it may
35       need more. Under Linux with hardware random support, the special device
36       /dev/hw_random is created. However, the driver does not guarantee FIPS
37       compliant random, and some hardware is so broken that it return
38       extremely non-random data. Therefor /dev/hw_random should never be used
39       with the --random option. Instead, one should run the rngd(8) daemon to
40       funnel randomness from /dev/hw_random into /dev/random.
41
42       The --rounds option specifies the number of rounds to be done by the
43       pz_probab_prime_p probabilistic primality checker. The default, 30, is
44       fairly rigorous and should not normally have to be overridden.
45
46       The --configdir option specifies the nss configuration directory to
47       use. This is the directory where the NSS certificate, key and security
48       modules databases reside.
49
50       The --password option specifies the nss cryptographic module
51       authentication password if the NSS module has been configured to
52       require it. A password is required by hardware tokens and also by the
53       internal softotken module when configured to run in FIPS mode.
54
55       The --hostname option specifies what host name to use in the first line
56       of the output (see below); the default is what gethostname(2) returns.
57
58       The --noopt option suppresses an optimization of the private key (to be
59       precise, setting of the decryption exponent to lcm(p-1,q-1) rather than
60       (p-1)*(q-1)) which speeds up operations on it slightly but can cause it
61       to flunk a validity check in old RSA implementations (notably, obsolete
62       versions of ipsec_pluto(8)
63
64       --oldkey option specifies that rather than generate a new key,
65       rsasigkey should read an old key from the file (the name ´-´ means
66       ´standard input´) and use that to generate its output. Input lines
67       which do not look like rsasigkey output are silently ignored. This
68       permits updating old keys to the current format.
69
70       The output format looks like this (with long numbers trimmed down for
71       clarity):
72
73
74                # RSA 2048 bits   xy.example.com   Sat Apr 15 13:53:22 2000
75                # for signatures only, UNSAFE FOR ENCRYPTION
76                #pubkey=0sAQOF8tZ2NZt...Y1P+buFuFn/
77                Modulus: 0xcc2a86fcf440...cf1011abb82d1
78                PublicExponent: 0x03
79                # everything after this point is secret
80                PrivateExponent: 0x881c59fdf8...ab05c8c77d23
81                Prime1: 0xf49fd1f779...46504c7bf3
82                Prime2: 0xd5a9108453...321d43cb2b
83                Exponent1: 0xa31536a4fb...536d98adda7f7
84                Exponent2: 0x8e70b5ad8d...9142168d7dcc7
85                Coefficient: 0xafb761d001...0c13e98d98
86
87
88
89       The first (comment) line, indicating the nature and date of the key,
90       and giving a host name, is used by ipsec_showhostkey(8) when generating
91       some forms of key output.
92
93       The commented-out pubkey= line contains the public key, the public
94       exponent and the modulus combined in approximately RFC 2537 format (the
95       one deviation is that the combined value is given with a 0s prefix,
96       rather than in unadorned base-64), suitable for use in the ipsec.conf
97       file.
98
99       The Modulus, PublicExponent and PrivateExponent lines give the basic
100       signing and verification data.
101
102       The Prime1 and Prime2 lines give the primes themselves (aka p and q),
103       largest first. The Exponent1 and Exponent2 lines give the private
104       exponent mod p-1 and q-1 respectively. The Coefficient line gives the
105       Chinese Remainder Theorem coefficient, which is the inverse of q, mod
106       p. These additional numbers (which must all be kept as secret as the
107       private exponent) are precomputed aids to rapid signature generation.
108
109       No attempt is made to break long lines.
110
111       The US patent on the RSA algorithm expired 20 Sept 2000.
112

EXAMPLES

114       ipsec rsasigkey --verbose 2192 >mykey.txt
115           generates a 2192-bit signature key and puts it in the file
116           mykey.txt, with running commentary on standard error. The file
117           contents can be inserted verbatim into a suitable entry in the
118           ipsec.secrets file (see ipsec_secrets(5)), and the public key can
119           then be extracted and edited into the ipsec.conf (see
120           ipsec_showhostkey(8)).
121
122       ipsec rsasigkey --verbose --oldkey oldie >latest.txt
123           takes the old signature key from file oldie and puts a version in
124           the current format into the file latest, with running commentary on
125           standard error.
126

FILES

128       /dev/random, /dev/urandom
129

SEE ALSO

131       random(4), rngd(8), ipsec_showhostkey(8), Applied Cryptography, 2nd.
132       ed., by Bruce Schneier, Wiley 1996, RFCs 2537, 2313, GNU MP, the GNU
133       multiple precision arithmetic library, edition 2.0.2, by Torbj Granlund
134

HISTORY

136       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by
137       Henry Spencer.
138

BUGS

140       There is an internal limit on nbits, currently 20000.
141
142       rsasigkey´s run time is difficult to predict, since /dev/random output
143       can be arbitrarily delayed if the system´s entropy pool is low on
144       randomness, and the time taken by the search for primes is also
145       somewhat unpredictable. A reasonably typical time for a 1024-bit key on
146       a quiet 100MHz Pentium MMX with plenty of randomness available is 20
147       seconds, almost all of it in the prime searches. Generating a 2192-bit
148       key on the same system usually takes several minutes. A 4096-bit key
149       took an hour and a half of CPU time.
150
151       The --oldkey option does not check its input format as rigorously as it
152       might. Corrupted rsasigkey output may confuse it.
153
154
155
156[FIXME: source]                   01/06/2011                IPSEC_RSASIGKEY(8)
Impressum