generate vpn rsa-key
Generates a pair of RSA public and private keys.
- Bit-length of the generated key, in 16-bit increments. The length ranges from 1024 through 4096. The default length is 2192.
- When specified, sets the public exponent to 65537. When absent, sets the public exponent to 3.
Use this command to generate a pair of RSA public and private keys. This command is available only to users with administrative privileges.
RSA key pairs authenticate identities of hosts or users and securely exchange a random one-time key, which is then used for a session as the symmetrical encryption key. The public key or keys (more than one public key can be derived from the private key component) are shared with the peer that requests communication with the holder of the private key. Due to this potential one-to-many relationship, the private key is typically generated by and stored on the server, and the public key or keys are distributed to one or more clients.
The RSA key pair for the local host is generated by using this command in operational mode. After the key pair is generated, it is stored at the location that is specified by the local-key rsa-key-name option. By default, this location is the localhost.key file in the /config/ipsec.d/rsa-keys/ directory.
You can change the name and location of the key file by using security vpn rsa-keys.
The following example shows how to extract the public key in an exportable form. The public key can be extracted in the format that is used in RFC-2537, RSA/MD5 KEYs and SIGs in the Domain Name System (DNS), as the credentials of a peer by extracting it from the localhost.key file. You can then paste it into the appropriate configuration parameter on the peer.
vyatta@WEST:~$ generate vpn rsa-key Generating rsa-key to /config/ipsec.d/rsa-keys/localhost.key Your new local RSA key has been generated. RSA key fingerprint: d0:75:1b:c9:36:c7:3a:48:0a:d8:11:06:41:90:57:cb vyatta@WEST:~$ show vpn ike rsa-keys Local public key (/opt/Vyatta/etc/config/ipsec.d/rsa-keys/localhost.key): 0sAQOaH8PuqTqHW6kkm6hAM7Mt4juBt7tdOQAqiNfaHou72+T/1/ztUmsnXzT7c7YGGQQ95eej9IDgBGmhnmGa9kXn/Upa7M8Te9bINNAkHT7DqSxflEYH2eVFT3/Q0ZghCU8U51a66OqAbuXpfQxAZ6ujAxmGBS3FOC2b9GSRqyybGSLDoniRWSFZ12Yd5ckX4CprhJmryGU0mZn9leE5kQLiUfONPcEywCmi50RqKTcQsXgFZuEE0nw+d7K6CrJLALyOqtXEPW0kRmaqcZXhuwlOtDHgws2vUal7H+vQCq6OjKuO8+3xvLNZxH3820z81PytcnAa8X7YmrsjIV8MfWGPobk6l27ZjGOo9ZG44nEAS3KX
The following example shows how to generate a pair of RSA public and private keys.
vyatta@WEST:~$ generate vpn rsa-key bits 1024 Generating rsa-key to /config/ipsec.d/rsa-keys/localhost.key Your new local RSA key has been generated. RSA key fingerprint: 78:af:08:60:92:34:c6:02:94:a2:52:53:69:91:a0:91