rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 – generate
and format rsa keys|
auth/rsagen [ –b nbits ] [ –t tag ] |
auth/rsafill [ file ]
auth/asn12rsa [ –t tag ] [ file ]
auth/rsa2pub [ file ]
auth/rsa2ssh [ file ]
auth/rsa2x509 [ –e expiretime ] certinfo [ file ]
Plan 9 represents an RSA key as an attribute–value pair list prefixed
with the string key; this is the generic key format used by factotum(4).
A full RSA private key has the following attributes:|
proto must be rsa
size the number of significant bits in n
ek the encryption exponent
n the product of !p and !q
!dk the decryption exponent
!p a large prime
!q another large prime
!kp, !kq, !c2
For example, a very small (and thus insecure) private key and
corresponding public key might be:
Rsagen prints a randomly generated RSA private key whose n has exactly nbits (default 1024) significant bits. If tag is specified, it is printed between key and proto=rsa; typically, tag is a sequence of attribute–value comments describing the key.
Rsafill reads a private key, recomputes the !kp, !kq, and !c2 attributes if they are missing, and prints a full key.
Asn12rsa reads an RSA private key stored as ASN.1 encoded in the
binary Distinguished Encoding Rules (DER) and prints a Plan 9
RSA key, inserting tag exactly as rsagen does. ASN.1/DER is a
popular key format on Unix and Windows; it is often encoded in
text form using the Privacy Enhanced Mail (PEM) format in a
section labeled as an ``RSA PRIVATE KEY.'' The command:
Rsa2pub reads a Plan 9 RSA public or private key, removes the private attributes, and prints the resulting public key. Comment attributes are preserved.
Rsa2ssh reads a Plan 9 RSA public or private key and prints the public portion in the format used by SSH: three space–separated decimal numbers size, ek, and n. For compatibility with external SSH implementations, the public keys in /sys/lib/ssh/keyring and $home/lib/keyring are stored in this format.
Rsa2x509 reads a Plan 9 RSA private key and writes a self–signed
X.509 certificate encoded in ASN.1/DER format to standard output.
(Note that ASN.1/DER X.509 certificates are different from ASN.1/DER
private keys). The certificate uses the current time as its start
time and expires expiretime seconds (default 3
years) later. It contains the public half of the key and includes
certinfo as the issuer/subject string (also known as a ``Distinguished
Name''). This info is typically in the form:
Generate a fresh key and use it to start a TLS–enabled web server:|
ssh(1), factotum(4), dsa(8), pem(8)|
There are too many key formats.|