.\" $Header$ .\" .\" transcript compatibility for postscript use. .\" .\" synopsis: .P! .\" .de P! .fl \!!1 setgray .fl \\&.\" .fl \!!0 setgray .fl \" force out current output buffer \!!save /psv exch def currentpoint translate 0 0 moveto \!!/showpage{}def .fl \" prolog .sy sed \-e 's/^/!/' \\$1\" bring in postscript file \!!psv restore . .de pF .ie \\*(f1 .ds f1 \\n(.f .el .ie \\*(f2 .ds f2 \\n(.f .el .ie \\*(f3 .ds f3 \\n(.f .el .ie \\*(f4 .ds f4 \\n(.f .el .tm ? font overflow .ft \\$1 .. .de fP .ie !\\*(f4 \{\ . ft \\*(f4 . ds f4\" ' br \} .el .ie !\\*(f3 \{\ . ft \\*(f3 . ds f3\" ' br \} .el .ie !\\*(f2 \{\ . ft \\*(f2 . ds f2\" ' br \} .el .ie !\\*(f1 \{\ . ft \\*(f1 . ds f1\" ' br \} .el .tm ? font underflow .. .ds f1\" .ds f2\" .ds f3\" .ds f4\" '\" t .ta 8n 16n 24n 32n 40n 48n 56n 64n 72n .TH ASTGENKEY 8 "May 14th, 2005" "Asterisk" "Linux Programmer's Manual" .SH NAME .B astgenkey \- generates keys for for Asterisk IAX2 RSA authentication .SH SYNOPSIS .PP .B astgenkey [ \-q ] [ \-n ] [ \fIkeyname\fP ] .SH DESCRIPTION .B astgenkey This script generates an RSA private and public key pair in PEM format for use by Asterisk. The private key should be kept a secret, as it can be used to fake your system's identity. Thus by default (without the option .I \-n ) the script will create a passphrase-encrypted copy of your secret key: without entering the passphrase you won't be able to use it. However if you want to use such a key with Asterisk, you'll have to start it interactively, because the scripts that start asterisk can't use that encrypted key. The key is identified by a name. If you don't write the name on the command-line you'll be prompted for one. The outputs of the script are: .I name\fB.pub .RS The public key: not secret. Send this to the other side. .RE .I name\fB.key .RS The private key: secret. .RE Those files should be copied to .I /var/lib/asterisk/keys (The private key: on your system. The public key: on other systems) To see the currently-installed keys from the asterisk CLI, use the command .RS keys show .RE .SH OPTIONS .B \-q .RS Run quietly. .RE .B \-n .RS Don't encrypt the private key. .RE .SH SECURITY The keys are created, using the umask of the user running the command. To create the keys in a secure manner, you should check to ensure that your umask is first set to disallow the private key from being world- readable, such as with the following commands: .I umask 0066 .I astgenkey yourkey And then make the key accessible to Asterisk (assuming you run it as user "asterisk"). chown asterisk /var/lib/asterisk/keys/yourname.* .SH FILES .I /var/lib/asterisk/keys .RS .RE .SH "SEE ALSO" asterisk(8), genrsa(1), rsa(1), http://www.voip\-info.org/wiki\-Asterisk+iax+rsa+auth .SH "AUTHOR" This manual page was written by Tzafrir Cohen Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 any later version published by the Free Software Foundation. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common\-licenses/GPL\-2.