


   SPX Version 2.2                                               createkey(1)



   Name
     createkey - SPX createkey utility to generate RSA key files

   Syntax
     createkey [ -av ] [ -k _k_e_y_s_i_z_e ] [ -p _p_r_i_m_e_s ] [ -u _u_u_i_d ] [ -n _f_u_l_l_n_a_m_e
     ] _n_a_m_e

   Description
     The _c_r_e_a_t_e_k_e_y command is used to create long term RSA keys for princi-
     pals.  It prompts for randomness by engaging the user in a brief dialo-
     gue.  The predictability of the key is only as good as the "uncertainty"
     of this dialogue.  Both what the user types in and the time it takes to
     respond figure into this "uncertainty".

     If the -u option is not specified, a new uuid is generated based on the
     host internet address and the current time.  The keysize parameter con-
     trols the approximate desired modulus size, 512 bit keys being the
     default.

     The _c_r_e_a_t_e_k_e_y utility prompts for the password to encrypt the private
     key.  This is also known as the user's SPX password.  This password
     should be selected carefully.

     The keys are written in ASCII-encoded hex files.  The public and private
     key files begin with the principal's relative distinguished name (RDN).
     The RDN is normally constructed as CN=_n_a_m_e.  The -a option results in an
     "authority" RDN, OU=_n_a_m_e.  The files then contain the ASCII-encoded hex
     uuid.  The public key file then contains the ASCII-encoded hex value of
     the BER (ISO8845) encoded key.  The private key file contains an alter-
     nate hash function computed from the user's password, followed by the
     BER encoded private key, encrypted under a hash of the password.

     You will need to use _c_r_e_a_t_e_k_e_y only in those situations in which new
     principals are being added to the system.

   Options

     -k _k_e_y_s_i_z_e          The approximate desired modulus size, in bits.
                         Defaults to 512.

     -u _u_u_i_d             UUID.  Generated if not supplied.

     -p _p_r_i_m_e_s           File containing two prime numbers in ASCII encoded
                         hex, most significant "nibble" first.  Whitespace
                         characters are ignored and the two primes must be
                         delimeted either by beginning or end of file, or by
                         a non-hex character, which is to be skipped over.

     -a                  An authority principal (use OU= to create the RDN).

     -v                  Verbose mode

     -n _f_u_l_l_n_a_m_e         Specifies the real name for principals.  For users,


   Digital Equipment Corporation                                            1






   createkey(1)                                               SPX Version 2.2


                         the real name is the user's fullname.  If the -n
                         option is not specified on the command line, create-
                         key prompts for the fullname.

   Files
     _n_a_m_e_privkey, _n_a_m_e_pubkey

   See Also

     spx(1), createcertif(1), cdb_edit(8)














































   2                                            Digital Equipment Corporation


99