rsa man page on Plan9

Man page or keyword search:  
man Server   549 pages
apropos Keyword Search (all sections)
Output format
Plan9 logo
[printable version]

RSA(8)									RSA(8)

NAME
       rsagen,	rsafill,  asn12rsa,  rsa2pub, rsa2ssh, rsa2x509 - generate and
       format rsa keys

SYNOPSIS
       auth/rsagen [ -b nbits ] [ -t tag ]

       auth/rsafill [ file ]

       auth/asn12rsa [ -t tag ] [ file ]

       auth/rsa2pub [ file ]

       auth/rsa2ssh [ file ]

       auth/rsa2x509 [ -e expiretime ] certinfo [ file ]

DESCRIPTION
       Plan 9 represents an RSA key as an attribute-value pair	list  prefixed
       with  the  string  key;	this  is the generic key format used by facto‐
       tum(4).	A full RSA private key has the following attributes:

       proto  must be rsa

       size   the number of significant bits in n

       ek     the encryption exponent

       n      the product of !p and !q

       !dk    the decryption exponent

       !p     a large prime

       !q     another large prime

       !kp, !kq, !c2
	      parameters derived from the other attributes,  cached  to	 speed
	      decryption

       All  the	 numbers are in hexadecimal except size, which is decimal.  An
       RSA public key omits the attributes beginning with A key may have other
       attributes  as  well  (for example, a service attribute identifying how
       this key is typically used), but to these utilities such attributes are
       merely comments.

       For  example,  a	 very small (and thus insecure) private key and corre‐
       sponding public key might be:

	      key proto=rsa size=8 ek=7 n=8F !dk=67 !p=B !q=D !kp=3 !kq=7 !c2=6
	      key proto=rsa size=8 ek=7 n=8F

       Note that the order of the attributes does not matter.

       Rsagen prints a randomly generated RSA private key whose n has  exactly
       nbits  (default	1024)  significant  bits.   If tag is specified, it is
       printed between key and proto=rsa; typically,  tag  is  a  sequence  of
       attribute-value comments describing the key.

       Rsafill	reads  a  private  key,	 recomputes  the  !kp,	!kq,  and  !c2
       attributes if they are missing, and prints a full key.

       Asn12rsa reads an RSA private key stored as ASN.1 encoded in the binary
       Distinguished Encoding Rules (DER) and prints a Plan 9 RSA key, insert‐
       ing tag exactly as rsagen does.	ASN.1/DER is a popular key  format  on
       Unix  and  Windows;  it is often encoded in text form using the Privacy
       Enhanced Mail (PEM) format in a section labeled	as  an	``RSA  PRIVATE
       KEY.''  The command:

	      auth/pemdecode 'RSA PRIVATE KEY' | auth/asn12rsa

       extracts	 the  key section from a textual ASN.1/DER/PEM key into binary
       ASN.1/DER format and then converts it to a Plan 9 RSA key.

       Rsa2pub reads a Plan 9 RSA public or private key, removes  the  private
       attributes,  and	 prints	 the resulting public key.  Comment attributes
       are preserved.

       Rsa2ssh reads a Plan 9 RSA public or private key and prints the	public
       portion	in  the format used by SSH: three space-separated decimal num‐
       bers size, ek, and n.  For compatibility with external SSH  implementa‐
       tions,  the  public  keys in /sys/lib/ssh/keyring and $home/lib/keyring
       are stored in this format.

       Rsa2x509 reads a Plan 9 RSA private key and writes a self-signed	 X.509
       certificate encoded in ASN.1/DER format to standard output.  (Note that
       ASN.1/DER X.509	certificates  are  different  from  ASN.1/DER  private
       keys).	The  certificate  uses	the current time as its start time and
       expires expiretime seconds (default 3 years) later.   It	 contains  the
       public  half  of	 the  key  and includes certinfo as the issuer/subject
       string (also known as a ``Distinguished Name'').	 This  info  is	 typi‐
       cally in the form:

	      C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin

       The X.509 ASN.1/DER format is often encoded in text using a PEM section
       labeled as a ``CERTIFICATE.''  The command:

	      auth/rsa2x509 'C=US OU=''Bell Labs''' file |
	      auth/pemencode CERTIFICATE

       generates such a textual certificate.   Applications  that  serve  TLS-
       encrypted  sessions  (for  example,  httpd(8),  pop3(8), and tlssrv(8))
       expect certificates in ASN.1/DER/PEM format.

EXAMPLES
       Generate a fresh key and use it to start a TLS-enabled web server:

	      auth/rsagen -t 'service=tls owner=*' >key
	      auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
		   auth/pemencode CERTIFICATE >cert
	      cat key >/mnt/factotum/ctl
	      ip/httpd/httpd -c cert

       Generate a fresh key and configure a remote Unix system to allow use of
       that key for logins:

	      auth/rsagen -t 'service=ssh' >key
	      auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
	      cat key >/mnt/factotum/ctl
	      ssh unix

SOURCE
       /sys/src/cmd/auth

SEE ALSO
       ssh(1), factotum(4), dsa(8), pem(8)

BUGS
       There are too many key formats.

									RSA(8)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server Plan9

List of man pages available for Plan9

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net