'\" t .\" Title: IPSEC_SHOWHOSTKEY .\" Author: Paul Wouters .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 06/11/2019 .\" Manual: Executable programs .\" Source: libreswan .\" Language: English .\" .TH "IPSEC_SHOWHOSTKEY" "8" "06/11/2019" "libreswan" "Executable programs" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ipsec_showhostkey \- show host\*(Aqs authentication key .SH "SYNOPSIS" .HP \w'\fBipsec\fR\ 'u \fBipsec\fR \fIshowhostkey\fR [\-\-verbose] {\-\-version\ |\ \-\-list\ |\ \-\-dump\ |\ \-\-left\ |\ \-\-right\ |\ \-\-ipseckey} .br [\-\-ckaid\ \fIckaid\fR\ |\ \-\-rsaid\ \fIrsaid\fR] .br [\-\-gateway\ \fIgateway\fR] [\-\-precedence\ \fIprecedence\fR] .br [\-\-nssdir\ \fInssdir\fR] [\-\-password\ \fIpassword\fR] .SH "DESCRIPTION" .PP \fIShowhostkey\fR outputs (on standard output) a public key suitable for this host, in the format specified, using the host key information stored in the NSS database\&. .PP In general, since only the super\-user can access the NSS database, only the super\-user can display the public key information\&. .SS "Common Options" .PP \fB\-\-version\fR .RS 4 Print the libreswan version, then exit\&. .RE .PP \fB\-\-verbose\fR .RS 4 Increase the verbosity\&. .RE .PP \fB\-\-nssdir \fR\fB\fInssdir\fR\fR .RS 4 Specify the libreswan directory that contains the NSS database (default /var/lib/ipsec/nss)\&. .RE .PP \fB\-\-password \fR\fB\fIpassword\fR\fR .RS 4 Specify the password to use when accessing the NSS database (default contained in /etc/ipsec\&.d/nsspassword)\&. .RE .SS "List Options" .PP \fB\-\-list\fR .RS 4 List the private keys\&. .RE .PP \fB\-\-dump\fR .RS 4 List, with more details, the private keys\&. .RE .SS "Public Key Options" .PP \fB\-\-ckaid\fR \fIckaid\fR .RS 4 Select the public key to display using the NSS ckaid\&. .RE .PP \fB\-\-rsaid\fR \fIrsaid\fR .RS 4 Select the public key to display using the RSA key ID\&. .RE .PP \fB\-\-left\fR, \fB\-\-right\fR .RS 4 Print the selected public key in \fBipsec.conf\fR(5) format, as a \fBleftrsasigkey\fR or \fBrightrsasigkey\fR parameter respectively\&. For example, \fB\-\-left\fR might give (with the key data trimmed down for clarity): .sp .if n \{\ .RS 4 .\} .nf leftrsasigkey=0sAQOF8tZ2\&.\&.\&.+buFuFn/ .fi .if n \{\ .RE .\} .RE .PP \fB\-\-ipseckey\fR .RS 4 Print the selected public key in a format suitable for use as opportunistic\-encryption DNS IPSECKEY record format (RFC 4025)\&. A gateway can be specified with the \fB\-\-gateway\fR, which currently supports IPv4 and IPv6 addresses\&. For the host name, the value returned by \fIgethostname\fR is used, with a \fB\&.\fR appended\&. .sp For example, \fB\-\-ipseckey \-\-gateway 10\&.11\&.12\&.13\fR might give (with the key data trimmed for clarity): .sp .if n \{\ .RS 4 .\} .nf IN IPSECKEY 10 1 2 10\&.11\&.12\&.13 AQOF8tZ2\&.\&.\&.+buFuFn/" .fi .if n \{\ .RE .\} .RE .PP \fB\-\-gateway \fR\fB\fIgateway\fR\fR .RS 4 For \fB\-\-ipseckey\fR, specify the \fIgateway\fR to display with the DNS IPSECKEY record\&. .RE .PP \fB\-\-precedence \fR\fB\fIprecedence\fR\fR .RS 4 For \fB\-\-ipseckey\fR, specify the \fIprecedence\fR to display with the DNS IPSECKEY record\&. .RE .SH "DIAGNOSTICS" .PP A complaint about \(lqno pubkey line found\(rq indicates that the host has a key but it was generated with an old version of FreeS/WAN and does not contain the information that \fIshowhostkey\fR needs\&. .SH "FILES" .PP /var/lib/ipsec/nss, /etc/ipsec\&.d/nsspassword .SH "SEE ALSO" .PP \fBipsec.conf\fR(5), \fBipsec rsasigkey\fR(8) \fBipsec newhostkey\fR(8) .SH "HISTORY" .PP Written for the Linux FreeS/WAN project <\m[blue]\fBhttps://www\&.freeswan\&.org\fR\m[]> by Henry Spencer\&. Updated by Paul Wouters for the IPSECKEY format\&. .SH "BUGS" .PP Arguably, rather than just reporting the no\-IN\-KEY\-line\-found problem, \fIshowhostkey\fR should be smart enough to run the existing key through \fIrsasigkey\fR with the \fB\-\-oldkey\fR option, to generate a suitable output line\&. .SH "AUTHOR" .PP \fBPaul Wouters\fR .RS 4 placeholder to suppress warning .RE