ipsec_keypaircheck(8)ipsec_keypaircheck(8)NAMEipsec_keypaircheck - Checks if public and private keys match
SYNOPSIS
/usr/sbin/ipsec_keypaircheck [-cx] [-s passphrase] {public-key | cert-
file} private-key
OPTIONS
Specifies that the public key is contained in a certificate file
instead of a public key file. Specifies that the private key is
encrypted, and can be decrypted with passphrase. You cannot use the -s
option with the -x option. Specifies the use of X.509 private key for‐
mat (not encrypted). You cannot use the -x option with the -s option.
DESCRIPTION
The ipsec_keypaircheck command enables you to verify that public and
private keys match. You specify public keys with either public-key or
cert-file. You specify private keys with private-key.
This command and other related certificate commands provided in this
IPsec implementation are intended for testing purposes only. They are
not intended to provide a complete public-key certificate infrastruc‐
ture.
You can precede the path name to the different files with the following
formatting characters, delimited by colons as follows: Privacy-Encoded-
Mail (PEM) format
The file is encoded as a Base64-encoded binary. Binary (DER-
encoded) format
The file is encoded in accordance with the Distinguished Encod‐
ing Rules (DER) of ASN.1. HEXL format
The file is encoded as a hexadecimal string. Each line has the
following form:
xxxxxxxx: yyyy yyyy yyyy yyyy yyyy yyyy yyyy yyyy
In this form, xxxxxxxx is the hexadecimal offset of the data at
the beginning of the line and yyyy yyyy yyyy yyyy yyyy yyyy yyyy
yyyy is up to 16 bytes of hexadecimal data.
SEE ALSO
Commands: ipsec_certview(8), ipsec_convert(8), ipsec_keytool(8)ipsec_keypaircheck(8)