Manpage of IPSEC_NEWHOSTKEY
Section: Maintenance Commands (8)
Updated: 18 Oct 2001
Return to Main Contents
ipsec newhostkey - generate a new host authentication key
outputs (on standard output) an RSA private key suitable for this host,
option, so a narrative of what is being done appears on standard error.
option suppresses the narrative.
option specifies the number of bits in the key;
the current default is 2048 and we do not recommend use of anything
shorter unless unusual constraints demand it.
option is passed through to
to tell it what host name to label the output with
The output format is that of
with bracketing added to complete the
In the usual case, where
contains only the host's own private key,
the output of
is sufficient as a complete
Written for the Linux FreeS/WAN project
by Henry Spencer.
the run time is difficult to predict,
since depletion of the system's randomness pool can cause
arbitrarily long waits for random bits,
and the prime-number searches can also take unpredictable
(and potentially large) amounts of CPU time.
for some typical performance numbers.
A higher-level tool which could handle the clerical details
of changing to a new key would be helpful.
- SEE ALSO
This document was created by
using the manual pages.
Time: 04:30:21 GMT, February 05, 2002