Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

strongimcv_pki---keyid(1) [centos man page]

PKI --KEYID(1)							    strongSwan							    PKI --KEYID(1)

NAME

       pki --keyid - Calculate key identifiers of a key or certificate

SYNOPSIS

       pki --keyid [--in file] [--type type] [--debug level]

       pki --keyid --options file

       pki --keyid -h | --help

DESCRIPTION

       This sub-command of pki(1) calculates key identifiers of private keys and certificates.

OPTIONS

       -h, --help
	      Print usage information with a summary of the available options.

       -v, --debug level
	      Set debug level, default: 1.

       -+, --options file
	      Read command line options from file.

       -i, --in file
	      Input file. If not given the input is read from STDIN.

       -t, --type type
	      Type  of	input.	One  of  rsa-priv (RSA private key), ecdsa-priv (ECDSA private key), pub (public key), pkcs10 (PKCS#10 certificate
	      request), x509 (X.509 certificate), defaults to rsa-priv.

EXAMPLES

       Calculate key identifiers of an RSA private key:

	 pki --keyid --in key.der
	 subjectKeyIdentifier:	    6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
	 subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...

       Calculate key identifiers of an X.509 certificate:

	 pki --keyid --in cert.der --type x509
	 subjectKeyIdentifier:	    6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
	 subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...

SEE ALSO

       pki(1)

5.1.1								    2013-07-31							    PKI --KEYID(1)

Check Out this Related Man Page

PKI --SELF(1)							    strongSwan							     PKI --SELF(1)

NAME

       pki --self - Create a self-signed certificate

SYNOPSIS

       pki --self [--in file|--keyid hex] [--type t] --dn distinguished-name [--san subjectAltName] [--lifetime days] [--serial hex] [--flag flag]
		  [--digest digest] [--ca] [--ocsp uri] [--pathlen len] [--nc-permitted name] [--nc-excluded name] [--policy-mapping mapping]
		  [--policy-explicit len] [--policy-inhibit len] [--policy-any len] [--cert-policy oid [--cps-uri uri] [--user-notice text]]
		  [--outform encoding] [--debug level]

       pki --self --options file

       pki --self -h | --help

DESCRIPTION

       This sub-command of pki(1) is used to create a self-signed certificate.

OPTIONS

       -h, --help
	      Print usage information with a summary of the available options.

       -v, --debug level
	      Set debug level, default: 1.

       -+, --options file
	      Read command line options from file.

       -i, --in file
	      Private key input file. If not given the key is read from STDIN.

       -x, --keyid hex
	      Key ID of a private key on a smartcard.

       -t, --type type
	      Type of the input key. Either rsa or ecdsa, defaults to rsa.

       -d, --dn distinguished-name
	      Subject and issuer distinguished name (DN). Required.

       -a, --san subjectAltName
	      subjectAltName extension to include in certificate. Can be used multiple times.

       -l, --lifetime days
	      Days the certificate is valid, default: 1095.

       -s, --serial hex
	      Serial number in hex. It is randomly allocated by default.

       -e, --flag flag
	      Add extendedKeyUsage flag. One of serverAuth, clientAuth, crlSign, or ocspSigning. Can be used multiple times.

       -g, --digest digest
	      Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. Defaults to sha1.

       -f, --outform encoding
	      Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

       -b, --ca
	      Include CA basicConstraint extension in certificate.

       -o, --ocsp uri
	      OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple times.

       -p, --pathlen len
	      Set path length constraint.

       -n, --nc-permitted name
	      Add permitted NameConstraint extension to certificate.

       -N, --nc-excluded name
	      Add excluded NameConstraint extension to certificate.

       -M, --policy-mapping issuer-oid:subject-oid
	      Add policyMapping from issuer to subject OID.

       -E, --policy-explicit len
	      Add requireExplicitPolicy constraint.

       -H, --policy-inhibit len
	      Add inhibitPolicyMapping constraint.

       -A, --policy-any len
	      Add inhibitAnyPolicy constraint.

   Certificate Policy
       Multiple certificatePolicy extensions can be added. Each with the following information:

       -P, --cert-policy oid
	      OID to include in certificatePolicy extension. Required.

       -C, --cps-uri uri
	      Certification Practice statement URI for certificatePolicy.

       -U, --user-notice text
	      User notice for certificatePolicy.

EXAMPLES

       Generate a self-signed certificate using the given RSA key:

	 pki --self --in key.der --dn "C=CH, O=strongSwan, CN=moon" 
	     --san moon.strongswan.org > cert.der

SEE ALSO

       pki(1)

5.1.1								    2013-07-31							     PKI --SELF(1)
Man Page