.TH RSA 8
.SH NAME
-rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa keys
+rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509, rsa2csr \- generate and format rsa keys
.SH SYNOPSIS
.B rsagen
[
[
.I file
]
+.PP
+.B rsa2csr
+.I subject
+[
+.I file
+]
.SH DESCRIPTION
Plan 9 represents an RSA key as an attribute-value pair list
prefixed with the string
C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin
.EE
.LP
+One can append further Distinguished Names, DNS Names and
+E-Mail addresses as a ``Subject Alternative Name'' separated
+with a comma after the main subject.
+.LP
The X.509 ASN.1/DER format is often encoded in text using a PEM section
labeled as a
.RB `` CERTIFICATE .''
for TLS server applications. It is recommended to put the key into
.IR secstore (1),
avoiding it being stored unencrypted on the filesystem.
+.PP
+.I Rsa2csr
+takes the
+.I subject
+and a RSA private key and outputs a signing request in ASN.1 format.
.SH EXAMPLES
Generate a fresh key and use it to start a TLS-enabled web server:
.IP
auth/pemdecode 'PRIVATE KEY' key.pem |
auth/asn12rsa -t 'service=tls' >/mnt/factotum/ctl
.EE
+.PP
+Generate a certificate signing request (CSR) in PEM format:
+.IP
+.EX
+auth/rsa2csr 'CN=example.com' key |
+ auth/pemencode 'CERTIFICATE REQUEST'
+.EE
.SH SOURCE
.B /sys/src/cmd/auth
.SH "SEE ALSO
.IR factotum (4),
.IR pem (8),
-.IR ssh (1)
.SH BUGS
There are too many key formats.