{"id":3665,"date":"2022-12-20T17:19:43","date_gmt":"2022-12-20T20:19:43","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/ipsec_newhostkey-man8\/"},"modified":"2022-12-20T17:19:43","modified_gmt":"2022-12-20T20:19:43","slug":"ipsec_newhostkey-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/ipsec_newhostkey-man8\/","title":{"rendered":"IPSEC_NEWHOSTKEY (man8)"},"content":{"rendered":"

IPSEC_NEWHOSTKEY<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
FILES<\/a>
SEE ALSO<\/a>
HISTORY<\/a>
BUGS<\/a>
AUTHOR<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

ipsec_newhostkey \u2212 generate a new raw RSA authentication key for a host<\/p>\n

SYNOPSIS <\/a> <\/h2>\n\n\n
<\/td>\n\n

ipsec<\/b> newhostkey<\/i> [[\u2212\u2212quiet] | [\u2212\u2212verbose]] [\u2212\u2212nssdirnssdir<\/i>] [\u2212\u2212password\u00a0password<\/i>] [\u2212\u2212bits\u00a0bits<\/i>] [\u2212\u2212curve\u00a0curve<\/i>] [\u2212\u2212keytype\u00a0rsa|ecdsa<\/i>] [\u2212\u2212seeddev\u00a0device<\/i>]<\/p>\n<\/td>\n<\/tr>\n<\/table>\n

DESCRIPTION <\/a> <\/h2>\n

newhostkey<\/i> generates an RSA public\/private key pair suitable for authenticating this host is generated and stored in the NSS database.<\/p>\n

See ipsec_showhostkey<\/b>(8) for how to extract the public key from the NSS database.<\/p>\n

Output Options
\u2212\u2212quiet<\/b><\/p>\n

The \u2212\u2212quiet<\/b> option suppresses both the rsasigkey<\/i> narrative and the existing\u2212file warning message.<\/p>\n

\u2212\u2212nssdir\u00a0<\/b>nssdir<\/i><\/p>\n

The \u2212\u2212nssdir<\/b> option specifies the NSS DB directory where the certificate key, and modsec databases reside (default \/var\/lib\/ipsec\/nss)<\/p>\n

\u2212\u2212password\u00a0<\/b>password<\/i><\/p>\n

The \u2212\u2212password<\/b> option specifies a module authentication password<\/i> that may be required if FIPS mode is enabled.<\/p>\n

\u2212\u2212bits\u00a0<\/b>bits<\/i><\/p>\n

The \u2212\u2212bits<\/b> option specifies the number of bits in the RSA key; the current default is a random (multiple of 16) value between 3072 and 4096. The minimum allowed is 2192.<\/p>\n

\u2212\u2212curve\u00a0<\/b>curve<\/i><\/p>\n

The \u2212\u2212curve<\/b> option specifies the named curve used in the ECDSA key; the current default is secp256r1. See ipsec_ecdsasigkey<\/b>(8) for the available curve names.<\/p>\n

\u2212\u2212keytype\u00a0<\/b>rsa|ecdsa<\/i><\/p>\n

The \u2212\u2212keytype<\/b> option specifies the type of key, which can either be rsa<\/i> (RSA) or ecdsa<\/i> (ECDSA); if omitted the current default is rsa<\/i>.<\/p>\n

\u2212\u2212seeddev\u00a0<\/b>device<\/i><\/p>\n

The \u2212\u2212seeddev<\/b> is used to specify the random device (default \/dev\/random used to seed the crypto library RNG.<\/p>\n

FILES <\/a> <\/h2>\n

\/dev\/random, \/dev\/urandom<\/p>\n

SEE ALSO <\/a> <\/h2>\n

ipsec_rsasigkey<\/b>(8), ipsec_showhostkey<\/b>(8), ipsec.secrets<\/b>(5)<\/p>\n

HISTORY <\/a> <\/h2>\n

Originally written for the Linux FreeS\/WAN project <https:\/\/www.freeswan.org<\/font><\/b>> by Henry Spencer. Updated by Paul Wouters<\/font><\/p>\n

BUGS <\/a> <\/h2>\n

As with rsasigkey<\/i>, the run time is difficult to predict, since depletion of the system’s randomness pool can cause arbitrarily long waits for random bits for seeding the NSS library, and the prime\u2212number searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec_rsasigkey<\/b>(8) .<\/font><\/p>\n

AUTHOR <\/a> <\/h2>\n

Paul Wouters<\/b><\/font><\/p>\n

placeholder to suppress warning<\/font><\/p>\n

\n","protected":false},"excerpt":{"rendered":"

ipsec_newhostkey \u2212 generate a new raw RSA authentication key for a host <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,779,4],"class_list":["post-3665","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-ipsec_newhostkey","tag-man8"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3665","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3665"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3665\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}