[apple/ipsec.git] / ipsec-tools / racoon / plainrsa-gen.8

.\" $Id: plainrsa-gen.8,v 1.2.10.1 2005/04/18 11:10:55 manubsd Exp $
.\"
.\" Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
.\" Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the project nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd June 14, 2004
.Dt PLAINRSA-GEN 8
.Os
.\"
.Sh NAME
.Nm plainrsa-gen
.Nd generator for Plain RSA keys
.\"
.Sh SYNOPSIS
.Nm plainrsa-gen
.Bk -words
.Op Fl b Ar bits
.Op Fl e Ar pubexp
.Op Fl f Ar outfile
.Op Fl h
.Ek
.\"
.Sh DESCRIPTION
.Nm
can be used to generate
.Li Plain RSA keys
for authentication purposes.
Using
.Li Plain RSA keys
is optional.
Other possibilities are
.Li Pre-shared keys
or
.Li X.509 certificates .
.\"
.Bl -tag -width Ds
.It Fl b Ar bits
bit length of the key.
Default is
.Li 1024 ,
recommended length is
.Li 2048
or even
.Li 4096
bits.
Note that generating longer keys takes more time.
.It Fl e Ar pubexp
value of the RSA public exponent.
Default is
.Li 0x3 .
Don't change this unless you really know what you are doing!
.It Fl f Ar outfile
write the resulting key to
.Ar outfile
instead of
.Li stdout .
If the file already exists it won't be overwritten.
You wouldn't like to lose your private key by accident, would you?
.El
.\"
.Sh OUTPUT FILE FORMAT
This is the secret
.Li private key
that should
.Ic never
leave your computer:
.Bd -literal
: RSA	{
	# RSA 1024 bits
	# pubkey=0sAQOrWlcwbAIdNSMhDt...
	Modulus: 0xab5a57306c021d3523...
	PublicExponent: 0x03
	PrivateExponent: 0x723c3a2048...
	Prime1: 0xd309b30e6adf9d85c01...
	Prime2: 0xcfdc2a8aa5b2b3c90e3...
	Exponent1: 0x8cb122099c9513ae...
	Exponent2: 0x8a92c7071921cd30...
	Coefficient: 0x722751305eafe9...
  }
.Ed
.Pp
The line
.Li pubkey=0sAQOrW...
of the
.Li private key
contains a
.Li public key
that should be stored in the other peer's configuration in this format:
.Bd -literal
: PUB 0sAQOrWlcwbAIdNSMhDt...
.Ed
.\"
.Pp
You can also specify
.Li from
and
.Li to
addresses for which the key is valid:
.Bd -literal
0.0.0.0/0 10.20.30.0/24 : PUB 0sAQOrWlcwbAIdNSMhDt...
.Ed
.\"
.Sh SEE ALSO
.Xr racoon.conf 5 ,
.Xr racoon 8
.\"
.Sh HISTORY
.Nm
was written by
.An Michal Ludvig Aq michal@logix.cz
and first appeared in
.Ic ipsec-tools 0.4 .
Commit	Line	Data
52b7d2ce A	1	.\" $Id: plainrsa-gen.8,v 1.2.10.1 2005/04/18 11:10:55 manubsd Exp $
	2	.\"
	3	.\" Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
	4	.\" Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
	5	.\" All rights reserved.
	6	.\"
	7	.\" Redistribution and use in source and binary forms, with or without
	8	.\" modification, are permitted provided that the following conditions
	9	.\" are met:
	10	.\" 1. Redistributions of source code must retain the above copyright
	11	.\" notice, this list of conditions and the following disclaimer.
	12	.\" 2. Redistributions in binary form must reproduce the above copyright
	13	.\" notice, this list of conditions and the following disclaimer in the
	14	.\" documentation and/or other materials provided with the distribution.
	15	.\" 3. Neither the name of the project nor the names of its contributors
	16	.\" may be used to endorse or promote products derived from this software
	17	.\" without specific prior written permission.
	18	.\"
	19	.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	.\" SUCH DAMAGE.
	30	.\"
	31	.Dd June 14, 2004
	32	.Dt PLAINRSA-GEN 8
	33	.Os
	34	.\"
	35	.Sh NAME
	36	.Nm plainrsa-gen
	37	.Nd generator for Plain RSA keys
	38	.\"
	39	.Sh SYNOPSIS
	40	.Nm plainrsa-gen
	41	.Bk -words
	42	.Op Fl b Ar bits
	43	.Op Fl e Ar pubexp
	44	.Op Fl f Ar outfile
	45	.Op Fl h
	46	.Ek
	47	.\"
	48	.Sh DESCRIPTION
	49	.Nm
	50	can be used to generate
	51	.Li Plain RSA keys
	52	for authentication purposes.
	53	Using
	54	.Li Plain RSA keys
	55	is optional.
	56	Other possibilities are
	57	.Li Pre-shared keys
	58	or
	59	.Li X.509 certificates .
	60	.\"
	61	.Bl -tag -width Ds
	62	.It Fl b Ar bits
	63	bit length of the key.
	64	Default is
65	.Li 1024 ,
66	recommended length is
67	.Li 2048
68	or even
69	.Li 4096
70	bits.
71	Note that generating longer keys takes more time.
72	.It Fl e Ar pubexp
73	value of the RSA public exponent.
74	Default is
75	.Li 0x3 .
76	Don't change this unless you really know what you are doing!
77	.It Fl f Ar outfile
78	write the resulting key to
79	.Ar outfile
80	instead of
81	.Li stdout .
82	If the file already exists it won't be overwritten.
83	You wouldn't like to lose your private key by accident, would you?
84	.El
85	.\"
86	.Sh OUTPUT FILE FORMAT
87	This is the secret
88	.Li private key
89	that should
90	.Ic never
91	leave your computer:
92	.Bd -literal
93	: RSA {
94	# RSA 1024 bits
95	# pubkey=0sAQOrWlcwbAIdNSMhDt...
96	Modulus: 0xab5a57306c021d3523...
97	PublicExponent: 0x03
98	PrivateExponent: 0x723c3a2048...
99	Prime1: 0xd309b30e6adf9d85c01...
100	Prime2: 0xcfdc2a8aa5b2b3c90e3...
101	Exponent1: 0x8cb122099c9513ae...
102	Exponent2: 0x8a92c7071921cd30...
103	Coefficient: 0x722751305eafe9...
104	}
105	.Ed
106	.Pp
107	The line
108	.Li pubkey=0sAQOrW...
109	of the
110	.Li private key
111	contains a
112	.Li public key
113	that should be stored in the other peer's configuration in this format:
114	.Bd -literal
115	: PUB 0sAQOrWlcwbAIdNSMhDt...
116	.Ed
117	.\"
118	.Pp
119	You can also specify
120	.Li from
121	and
122	.Li to
123	addresses for which the key is valid:
124	.Bd -literal
125	0.0.0.0/0 10.20.30.0/24 : PUB 0sAQOrWlcwbAIdNSMhDt...
126	.Ed
127	.\"
128	.Sh SEE ALSO
129	.Xr racoon.conf 5 ,
130	.Xr racoon 8
131	.\"
132	.Sh HISTORY
133	.Nm
134	was written by
135	.An Michal Ludvig Aq michal@logix.cz
136	and first appeared in
137	.Ic ipsec-tools 0.4 .