3 rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa keys
56 Plan 9 represents an RSA key as an attribute-value pair list
57 prefixed with the string
59 this is the generic key format used by
61 A full RSA private key has the following attributes:
70 the number of significant bits in
74 the encryption exponent
83 the decryption exponent
91 .B "!kp\fR, \fL!kq\fR, \fL!c2
92 parameters derived from the other attributes, cached to speed decryption
95 All the numbers are in hexadecimal except
98 An RSA public key omits the attributes beginning with
100 A key may have other attributes as well (for example, a
102 attribute identifying how this key is typically used),
103 but to these utilities such attributes are merely comments.
105 For example, a very small (and thus insecure) private key and corresponding
109 key proto=rsa size=8 ek=7 n=8F !dk=67 !p=B !q=D !kp=3 !kq=7 !c2=6
110 key proto=rsa size=8 ek=7 n=8F
113 Note that the order of the attributes does not matter.
116 prints a randomly generated RSA private key
125 is specified, it is printed between
131 is a sequence of attribute-value comments describing the key.
140 attributes if they are missing,
141 and prints a full key.
144 reads an RSA private key stored as ASN.1
145 encoded in the binary Distinguished Encoding Rules (DER)
146 and prints a Plan 9 RSA key,
152 ASN.1/DER is a popular key format on Unix and Windows;
153 it is often encoded in text form using the Privacy Enhanced Mail (PEM) format
154 in a section labeled as an
161 auth/pemdecode 'RSA PRIVATE KEY' | auth/asn12rsa
164 extracts the key section from a textual ASN.1/DER/PEM key
165 into binary ASN.1/DER format and then
166 converts it to a Plan 9 RSA key.
169 reads a Plan 9 RSA public or private key,
170 removes the private attributes, and prints the resulting public key.
171 Comment attributes are preserved.
174 reads a Plan 9 RSA public or private key and prints the public portion
175 in the format used by SSH: three space-separated decimal numbers
182 option will change the output to SSH2 RSA public key format. The
184 option will set the comment.
185 For compatibility with external SSH implementations, the public keys in
186 .B /sys/lib/ssh/keyring
189 are stored in this format.
192 reads a Plan 9 RSA private key and writes a self-signed X.509 certificate
193 encoded in ASN.1/DER format to standard output.
194 (Note that ASN.1/DER X.509 certificates are different from ASN.1/DER private keys).
195 The certificate uses the current time as its start time and expires
200 It contains the public half of the key
203 as the issuer/subject string (also known as a ``Distinguished Name'').
204 This info is typically in the form:
207 C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin
210 The X.509 ASN.1/DER format is often encoded in text using a PEM section
212 .RB `` CERTIFICATE .''
216 auth/rsa2x509 'C=US OU=''Bell Labs''' file |
217 auth/pemencode CERTIFICATE
220 generates such a textual certificate.
221 Applications that serve TLS-encrypted sessions (for example,
226 expect certificates in ASN.1/DER/PEM format.
228 The Plan 9 RSA private key needs to be loaded into factotum
229 for TLS server applications. It is recommended to put the key into
231 avoiding it being stored unencrypted on the filesystem.
233 Generate a fresh key and use it to start a TLS-enabled web server:
236 auth/rsagen -t 'service=tls owner=*' >key
237 auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
238 auth/pemencode CERTIFICATE >cert
239 cat key >/mnt/factotum/ctl
240 ip/httpd/httpd -c cert
243 Generate a fresh key and configure a remote Unix system to
244 allow use of that key for logins:
247 auth/rsagen -t 'service=ssh' >key
248 auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
249 cat key >/mnt/factotum/ctl
253 Convert a private key in PEM format (as generated by OpenSSL)
254 and load it into factotum:
257 auth/pemdecode 'PRIVATE KEY' key.pem |
258 auth/asn12rsa -t 'service=tls' >/mnt/factotum/ctl
267 There are too many key formats.