PLAINRSA-GEN(8) System Manager's Manual PLAINRSA-GEN(8)

plainrsa-gengenerator for Plain RSA keys

plainrsa-gen [-b bits] [-e pubexp] [-f outfile] [-h]

plainrsa-gen can be used to generate Plain RSA keys for authentication purposes. Using Plain RSA keys is optional. Other possibilities are Pre-shared keys or X.509 certificates.

bits
bit length of the key. Default is 1024, recommended length is 2048 or even 4096 bits. Note that generating longer keys takes longer time.
pubexp
value of RSA public exponent. Default is 0x3. Don't change this unless you really know what you are doing!
outfile
outfile instead of stdout. If the file already exists it won't be overwritten. You wouldn't like to lose your private key by accident, would you?

This is the secret private key that should never leave your computer:

: RSA	{
	# RSA 1024 bits
	# pubkey=0sAQOrWlcwbAIdNSMhDt...
	Modulus: 0xab5a57306c021d3523...
	PublicExponent: 0x03
	PrivateExponent: 0x723c3a2048...
	Prime1: 0xd309b30e6adf9d85c01...
	Prime2: 0xcfdc2a8aa5b2b3c90e3...
	Exponent1: 0x8cb122099c9513ae...
	Exponent2: 0x8a92c7071921cd30...
	Coefficient: 0x722751305eafe9...
  }

The line pubkey=0sAQOrW... of the private key contains a public key that should be stored in the other peer's configuration in this format:

: PUB 0sAQOrWlcwbAIdNSMhDt...

You can also specify from and to addresses for which the key is valid:

0.0.0.0/0 10.20.30.0/24 : PUB 0sAQOrWlcwbAIdNSMhDt...

racoon.conf(5), racoon(8)

plainrsa-gen was written by Michal Ludvig <michal@logix.cz> and first appeared in ipsec-tools 0.4.

June 14, 2004 NetBSD 11.0