Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

astgenkey(8) [debian man page]

ASTGENKEY(8)						     Linux Programmer's Manual						      ASTGENKEY(8)

NAME

       astgenkey - generates keys for for Asterisk IAX2 RSA authentication

SYNOPSIS

       astgenkey [ -q ] [ -n ] [ keyname ]

DESCRIPTION

       astgenkey  This	script	generates  an RSA private and public key pair in PEM format for use by Asterisk.  The private key should be kept a
       secret, as it can be used to fake your system's identity.  Thus by default (without the option -n ) the script will  create  a  passphrase-
       encrypted copy of your secret key: without entering the passphrase you won't be able to use it.

       However	if  you want to use such a key with Asterisk, you'll have to start it interactively, because the scripts that start asterisk can't
       use that encrypted key.

       The key is identified by a name. If you don't write the name on the command-line you'll be prompted for one. The outputs of the script are:

       name.pub
	      The public key: not secret. Send this to the other side.

       name.key
	      The private key: secret.

       Those files should be copied to /var/lib/asterisk/keys

       (The private key: on your system. The public key: on other systems)

       To see the currently-installed keys from the asterisk CLI, use the command

	      show keys

OPTIONS

       -q
	      Run quietly.

       -n
	      Don't encrypt the private key.

SECURITY

       The keys are created, using the umask of the user running the command.  To create the keys in a secure manner, you should check	to  ensure
       that your umask is first set to disallow the private key from being world- readable, such as with the following commands:

       umask 0066

       astgenkey yourkey

       And then make the key accessible to Asterisk (assuming you run it as user "asterisk").

	 chown asterisk /var/lib/asterisk/keys/yourname.*

FILES

       /var/lib/asterisk/keys

SEE ALSO

       asterisk(8), genrsa(1), rsa(1),

       http://www.voip-info.org/wiki-Asterisk+iax+rsa+auth

AUTHOR

       This manual page was written by Tzafrir Cohen <tzafrir.cohen@xorcom.com> Permission is granted to copy, distribute and/or modify this docu-
       ment under the terms of the GNU General Public License, Version 2 any later version published by the Free Software Foundation.

       On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2.

Asterisk							  May 14th, 2005						      ASTGENKEY(8)

Check Out this Related Man Page

dnskeygen(1)						      General Commands Manual						      dnskeygen(1)

NAME

       dnskeygen - Generates public, private, and shared secret keys for DNS Security

SYNOPSIS

       /usr/bin/dnskeygen [-DHR] key-size [-zhu] [-p value] [-s value] -n name

OPTIONS

       Specifies  that the key cannot be used for authentication.  Specifies that the key cannot be used for encryption.  Generates a DSA/DSS key.
       The size (in bytes) must be one of the following values: 512, 576, 640, 704, 768, 832, 896, 960, or 1024.  Uses a large	exponent  for  key
       generation (RSA only).  Generates an HMAC-MD5 key.  The size (in bytes) must be between 1 and 512.  Generates a Host key for a host or ser-
       vice.  Specifies the name of the key that you generate.	Sets the protocol field value. The default is 2 (E-mail) for Host keys and 3  (DNS
       Security) for all others.  Generates an RSA key. The size (in bytes) must be between 512 and 4096.  Sets the strength value with which this
       key signs DNS records. The default is 1 for Zone keys and 0 for all others.  Generates a User key for E-mail or another purpose.  Generates
       a Zone key for DNS validation.

       When the dnskeygen command is executed with no options, it generates output containing a list of its options.

DESCRIPTION

       Use  the dnskeygen utility to generate and maintain keys for DNS Security. The utility can generate public and private keys to authenticate
       zone data and shared secret keys to use for Request/Transaction signatures.

RESTRICTIONS

       Although the dnskeygen command supports the full range of options offered by the Internet Software Consortium's (ISC) original program,	at
       this time, the operating system supports only the keys it generates for secure dynamic updates and zone transfers. See bind_manual_setup(7)
       and the Network Administration guide for more information about these features.

EXAMPLES

       In the following example, an administrator creates a private key for authentication of DNS dynamic updates (the forward slash    indicates
       line  continuation):  #	dnskeygen  -H  1024  -h -c -n pubnet-enterprise_update ** Adding dot to the name to make it fully qualified domain
       name** Generating 1024 bit HMAC-MD5 Key for pubnet-enterprise_update.

       Generated 1024 bit Key for pubnet-enterprise_update. id=0 alg=157 
	flags=16897

       # ls K* Kpubnet-enterprise_update.+157+00000.key Kpubnet-enterprise_update.+157+00000.private

FILES

       The dnskeygen command generates two files in the directory in which it is executed: Public key file.  Private key file.

SEE ALSO

       Commands: named(8)

       Files: named.conf(4)

       Others: bind_manual_setup(7)

       Network Administration

																      dnskeygen(1)
Man Page