NAME¶ipsec_newhostkey - generate a new raw RSA authentication key for a host
ipsec newhostkey [[--quiet] | [--verbose]] [--nssdirnssdir] [--password password] [--bits bits] [--seeddev device] [--hostname hostname] [--output filename]
DESCRIPTION¶newhostkey generates an RSA public/private key pair suitable for authenticating this host is generated and stored in the NSS database.
See ipsec_showhostkey(8) for how to extract the public key from the NSS database.
Output Options¶--output filename
SEE ALSO¶ipsec_rsasigkey(8), ipsec_showhostkey(8), ipsec.secrets(5)
HISTORY¶Originally written for the Linux FreeS/WAN project <https://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters
BUGS¶As with rsasigkey, the run time is difficult to predict, since depletion of the system's randomness pool can cause arbitrarily long waits for random bits for seeding the NSS library, and the prime-number searches can also take unpredictable (and potentially large) amounts of CPU time. See ipsec_rsasigkey(8) .
A higher-level tool that could handle the clerical details of changing to a new key would be helpful.