ipsec_keytool man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

ipsec_keytool(8)					      ipsec_keytool(8)

NAME
       ipsec_keytool  -	 Generate  RSA	and DSA keys, and convert existing key
       formats

SYNOPSIS
       /usr/sbin/ipsec_keytool [-d] [-c cipher] [-i string]  [-o  format]  [-r
       string]	[-s  {password	|  passphrase}]	 [-S  {password | passphrase}]
       input-file output-file

       /usr/sbin/ipsec_keytool -g key-type[:size] [-c cipher] [-i string]  [-r
       string] [-s {password | passphrase}] output-file

OPTIONS
       Specifies  the  cipher  to  use to encrypt the output. Valid values are
       des-cbc or DES-CBC.  Derives the public key from input-file and	stores
       it  in  output-file.   Generates	 a  key of type key-type. You can also
       specify the size of the key. Valid values for key-type are rsa and dsa.
       Specifies  setting  the subject field in the key, if supported.	Speci‐
       fies the format of the output key. Valid values are: Encrypted SSH pro‐
       prietary	 private  key Encrypted SSH client version 1 RSA key Encrypted
       SSH client version 2 RSA key Plain  text	 private  key  (X.509)	as  in
       PKCS#11	Plain  text  PKCS#1  private key Plain text PKCS#8 private key
       Encrypted PKCS#8 private key Specifies setting the comment field in the
       key,  if supported.  Specifies either the password or passphrase to use
       with the output key. The password parameter can consist of alphanumeric
       characters  only.   Specifies  either the password or passphrase to use
       with the input key. The password parameter can consist of  alphanumeric
       characters only.

DESCRIPTION
       The  ipsec_keytool  command generates RSA and DSA keys for use by other
       IPsec tools. In addition, the command converts existing keys  from  one
       format to another.

       This  command  and  other related certificate commands provided in this
       IPsec implementation are intended for testing purposes only.  They  are
       not  intended  to provide a complete public-key certificate infrastruc‐
       ture.

       You must precede the path name to the different files with the  follow‐
       ing  formatting	characters,  delimited	by colons as follows: Privacy-
       Encoded-Mail (PEM) format

	      The file is encoded as a Base64-encoded  binary.	 Binary	 (DER-
	      encoded) format

	      The  file is encoded in accordance with the Distinguished Encod‐
	      ing Rules (DER) of ASN.1.	 HEXL format

	      The file is encoded as a hexadecimal string. Each line  has  the
	      following form:

	      xxxxxxxx: yyyy yyyy yyyy yyyy yyyy yyyy yyyy yyyy

	      In  this form, xxxxxxxx is the hexadecimal offset of the data at
	      the beginning of the line and yyyy yyyy yyyy yyyy yyyy yyyy yyyy
	      yyyy is up to 16 bytes of hexadecimal data.

       The ipsec_keytool command automatically detects the input key format.

       Some  key  types	 cannot be converted to another key type. For example,
       you cannot convert a DSA key stored in ssh2 format to a	pkcs1  format.
       Only RSA keys can be  stored in the pkcs1 format.

					Note

       Do not encrypt private keys when using them with the ipsecd daemon.

EXAMPLES
       To  create  a  768-bit  DSA  key in SSH format in a HEXL file, enter: #
       ipsec_keytool -g dsa:768 -o ssh :h:dsa768_ssh.hex To create a  1024-bit
       RSA  key	 in  PKCS#1 format in a binary file, enter: # ipsec_keytool -g
       rsa:1024 -o pkcs1 :b:rsa1024_pkcs1.bin To convert the 1024-bit RSA  key
       to    a	  PKCS#8    format,    enter:	#   ipsec_keytool   -o	 pkcs8
       :b:rsa1024_pkcs1.bin :b:rsa1024_pkcs8.bin To convert the	 1024-bit  RSA
       key in PKCS#1 format to an encrypted PKCS#8 format, enter: # ipsec_key‐
       tool -o pkcs8s -c des-cdc :b:rsa1024_pkcs1.bin \	 :b:rsa1024_pkcs8s.bin
       To convert the 768-bit DSA key file from a HEXL file to a binary file ,
       enter: # ipsec_keytool :h:dsa768_ssh.hex :b:dsa768_ssh.bin To derive  a
       public  key  from  the  1024-bit	 RSA  key,  enter:  # ipsec_keytool -d
       :b:rsa1024_pkcs8.bin :b:rsa1024_pkcs8_pub.bin

SEE ALSO
       Commands: ipsec_certview(8), ipsec_convert(8), ipsec_keypaircheck(8)

							      ipsec_keytool(8)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net