3 rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa keys
49 Plan 9 represents an RSA key as an attribute-value pair list
50 prefixed with the string
52 this is the generic key format used by
54 A full RSA private key has the following attributes:
63 the number of significant bits in
67 the encryption exponent
76 the decryption exponent
84 .B "!kp\fR, \fL!kq\fR, \fL!c2
85 parameters derived from the other attributes, cached to speed decryption
88 All the numbers are in hexadecimal except
91 An RSA public key omits the attributes beginning with
93 A key may have other attributes as well (for example, a
95 attribute identifying how this key is typically used),
96 but to these utilities such attributes are merely comments.
98 For example, a very small (and thus insecure) private key and corresponding
102 key proto=rsa size=8 ek=7 n=8F !dk=67 !p=B !q=D !kp=3 !kq=7 !c2=6
103 key proto=rsa size=8 ek=7 n=8F
106 Note that the order of the attributes does not matter.
109 prints a randomly generated RSA private key
118 is specified, it is printed between
124 is a sequence of attribute-value comments describing the key.
133 attributes if they are missing,
134 and prints a full key.
137 reads an RSA private key stored as ASN.1
138 encoded in the binary Distinguished Encoding Rules (DER)
139 and prints a Plan 9 RSA key,
145 ASN.1/DER is a popular key format on Unix and Windows;
146 it is often encoded in text form using the Privacy Enhanced Mail (PEM) format
147 in a section labeled as an
154 auth/pemdecode 'RSA PRIVATE KEY' | auth/asn12rsa
157 extracts the key section from a textual ASN.1/DER/PEM key
158 into binary ASN.1/DER format and then
159 converts it to a Plan 9 RSA key.
162 reads a Plan 9 RSA public or private key,
163 removes the private attributes, and prints the resulting public key.
164 Comment attributes are preserved.
167 reads a Plan 9 RSA public or private key and prints the public portion
168 in the format used by SSH: three space-separated decimal numbers
173 For compatibility with external SSH implementations, the public keys in
174 .B /sys/lib/ssh/keyring
177 are stored in this format.
180 reads a Plan 9 RSA private key and writes a self-signed X.509 certificate
181 encoded in ASN.1/DER format to standard output.
182 (Note that ASN.1/DER X.509 certificates are different from ASN.1/DER private keys).
183 The certificate uses the current time as its start time and expires
188 It contains the public half of the key
191 as the issuer/subject string (also known as a ``Distinguished Name'').
192 This info is typically in the form:
195 C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin
198 The X.509 ASN.1/DER format is often encoded in text using a PEM section
200 .RB `` CERTIFICATE .''
204 auth/rsa2x509 'C=US OU=''Bell Labs''' file |
205 auth/pemencode CERTIFICATE
208 generates such a textual certificate.
209 Applications that serve TLS-encrypted sessions (for example,
214 expect certificates in ASN.1/DER/PEM format.
216 Generate a fresh key and use it to start a TLS-enabled web server:
219 auth/rsagen -t 'service=tls owner=*' >key
220 auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
221 auth/pemencode CERTIFICATE >cert
222 cat key >/mnt/factotum/ctl
223 ip/httpd/httpd -c cert
226 Generate a fresh key and configure a remote Unix system to
227 allow use of that key for logins:
230 auth/rsagen -t 'service=ssh' >key
231 auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
232 cat key >/mnt/factotum/ctl
242 There are too many key formats.