Trang chủ Khám phá Trợ giúp
Đăng nhập
RISCI_ATOM
/
harvey
mirror of https://github.com/Harvey-OS/harvey.git
1
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Tree: eaaf46328a
Branches Tags
harvey
/
sys
/
man
/
8
/
rsa

rsa 4.6 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243 
  1. .TH RSA 8
    2. 

  2. .SH NAME
    3. 

  3. rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa keys
    4. 

  4. .SH SYNOPSIS
    5. 

  5. .B auth/rsagen
    6. 

  6. [
    7. 

  7. .B -b
    8. 

  8. .I nbits
    9. 

  9. ]
    10. 

  10. [
    11. 

  11. .B -t
    12. 

  12. .I tag
    13. 

  13. ]
    14. 

  14. .PP
    15. 

  15. .B auth/rsafill
    16. 

  16. [
    17. 

  17. .I file
    18. 

  18. ]
    19. 

  19. .PP
    20. 

  20. .B auth/asn12rsa
    21. 

  21. [
    22. 

  22. .B -t
    23. 

  23. .I tag
    24. 

  24. ]
    25. 

  25. [
    26. 

  26. .I file
    27. 

  27. ]
    28. 

  28. .PP
    29. 

  29. .B auth/rsa2pub
    30. 

  30. [
    31. 

  31. .I file
    32. 

  32. ]
    33. 

  33. .PP
    34. 

  34. .B auth/rsa2ssh
    35. 

  35. [
    36. 

  36. .I file
    37. 

  37. ]
    38. 

  38. .PP
    39. 

  39. .B auth/rsa2x509
    40. 

  40. [
    41. 

  41. .B -e
    42. 

  42. .I expiretime
    43. 

  43. ]
    44. 

  44. .I certinfo
    45. 

  45. [
    46. 

  46. .I file
    47. 

  47. ]
    48. 

  48. .SH DESCRIPTION
    49. 

  49. Plan 9 represents an RSA key as an attribute-value pair list
    50. 

  50. prefixed with the string
    51. 

  51. .BR key ;
    52. 

  52. this is the generic key format used by
    53. 

  53. .IR factotum (4).
    54. 

  54. A full RSA private key has the following attributes:
    55. 

  55. .TF proto
    56. 

  56. .PD
    57. 

  57. .TP
    58. 

  58. .B proto
    59. 

  59. must be
    60. 

  60. .B rsa
    61. 

  61. .TP
    62. 

  62. .B size
    63. 

  63. the number of significant bits in
    64. 

  64. .B n
    65. 

  65. .TP
    66. 

  66. .B ek
    67. 

  67. the encryption exponent
    68. 

  68. .TP
    69. 

  69. .B n
    70. 

  70. the product of
    71. 

  71. .B !p
    72. 

  72. and
    73. 

  73. .B !q
    74. 

  74. .TP
    75. 

  75. .B !dk
    76. 

  76. the decryption exponent
    77. 

  77. .TP
    78. 

  78. .B !p
    79. 

  79. a large prime
    80. 

  80. .TP
    81. 

  81. .B !q
    82. 

  82. another large prime
    83. 

  83. .TP
    84. 

  84. .B "!kp\fR, \fL!kq\fR, \fL!c2
    85. 

  85. parameters derived from the other attributes, cached to speed decryption
    86. 

  86. .PD
    87. 

  87. .LP
    88. 

  88. All the numbers are in hexadecimal except
    89. 

  89. .IR size ,
    90. 

  90. which is decimal.
    91. 

  91. An RSA public key omits the attributes beginning with
    92. 

  92. .LR ! .
    93. 

  93. A key may have other attributes as well (for example, a
    94. 

  94. .B service
    95. 

  95. attribute identifying how this key is typically used),
    96. 

  96. but to these utilities such attributes are merely comments.
    97. 

  97. .PP
    98. 

  98. For example, a very small (and thus insecure) private key and corresponding
    99. 

  99. public key might be:
    100. 

  100. .IP
    101. 

  101. .EX
    102. 

  102. key proto=rsa size=8 ek=7 n=8F !dk=67 !p=B !q=D !kp=3 !kq=7 !c2=6
    103. 

  103. key proto=rsa size=8 ek=7 n=8F
    104. 

  104. .EE
    105. 

  105. .LP
    106. 

  106. Note that the order of the attributes does not matter.
    107. 

  107. .PP
    108. 

  108. .I Rsagen
    109. 

  109. prints a randomly generated RSA private key
    110. 

  110. whose
    111. 

  111. .B n
    112. 

  112. has exactly
    113. 

  113. .I nbits
    114. 

  114. (default 1024)
    115. 

  115. significant bits.
    116. 

  116. If
    117. 

  117. .I tag
    118. 

  118. is specified, it is printed between
    119. 

  119. .B key
    120. 

  120. and
    121. 

  121. .BR proto=rsa ;
    122. 

  122. typically,
    123. 

  123. .I tag
    124. 

  124. is a sequence of attribute-value comments describing the key.
    125. 

  125. .PP
    126. 

  126. .I Rsafill
    127. 

  127. reads a private key,
    128. 

  128. recomputes the
    129. 

  129. .BR !kp ,
    130. 

  130. .BR !kq ,
    131. 

  131. and
    132. 

  132. .BR !c2
    133. 

  133. attributes if they are missing,
    134. 

  134. and prints a full key.
    135. 

  135. .PP
    136. 

  136. .I Asn12rsa
    137. 

  137. reads an RSA private key stored as ASN.1
    138. 

  138. encoded in the binary Distinguished Encoding Rules (DER)
    139. 

  139. and prints a Plan 9 RSA key,
    140. 

  140. inserting
    141. 

  141. .I tag
    142. 

  142. exactly as
    143. 

  143. .I rsagen
    144. 

  144. does.
    145. 

  145. ASN.1/DER is a popular key format on Unix and Windows;
    146. 

  146. it is often encoded in text form using the Privacy Enhanced Mail (PEM) format
    147. 

  147. in a section labeled as an
    148. 

  148. .RB `` RSA
    149. 

  149. .B PRIVATE
    150. 

  150. .BR KEY .''
    151. 

  151. The command:
    152. 

  152. .IP
    153. 

  153. .EX
    154. 

  154. auth/pemdecode 'RSA PRIVATE KEY' | auth/asn12rsa
    155. 

  155. .EE
    156. 

  156. .LP
    157. 

  157. extracts the key section from a textual ASN.1/DER/PEM key
    158. 

  158. into binary ASN.1/DER format and then
    159. 

  159. converts it to a Plan 9 RSA key.
    160. 

  160. .PP
    161. 

  161. .I Rsa2pub
    162. 

  162. reads a Plan 9 RSA public or private key,
    163. 

  163. removes the private attributes, and prints the resulting public key.
    164. 

  164. Comment attributes are preserved.
    165. 

  165. .PP
    166. 

  166. .I Rsa2ssh
    167. 

  167. reads a Plan 9 RSA public or private key and prints the public portion 
    168. 

  168. in the format used by SSH: three space-separated decimal numbers
    169. 

  169. .BR size ,
    170. 

  170. .BR ek ,
    171. 

  171. and
    172. 

  172. .BR n .
    173. 

  173. For compatibility with external SSH implementations, the public keys in
    174. 

  174. .B /sys/lib/ssh/keyring
    175. 

  175. and
    176. 

  176. .B $home/lib/keyring
    177. 

  177. are stored in this format.
    178. 

  178. .PP
    179. 

  179. .I Rsa2x509
    180. 

  180. reads a Plan 9 RSA private key and writes a self-signed X.509 certificate
    181. 

  181. encoded in ASN.1/DER format to standard output.
    182. 

  182. (Note that ASN.1/DER X.509 certificates are different from ASN.1/DER private keys).
    183. 

  183. The certificate uses the current time as its start time and expires
    184. 

  184. .I expiretime
    185. 

  185. seconds
    186. 

  186. (default 3 years)
    187. 

  187. later.
    188. 

  188. It contains the public half of the key
    189. 

  189. and includes
    190. 

  190. .I certinfo
    191. 

  191. as the issuer/subject string (also known as a ``Distinguished Name'').
    192. 

  192. This info is typically in the form:
    193. 

  193. .IP
    194. 

  194. .EX
    195. 

  195. C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin
    196. 

  196. .EE
    197. 

  197. .LP
    198. 

  198. The X.509 ASN.1/DER format is often encoded in text using a PEM section
    199. 

  199. labeled as a
    200. 

  200. .RB `` CERTIFICATE .''
    201. 

  201. The command:
    202. 

  202. .IP
    203. 

  203. .EX
    204. 

  204. auth/rsa2x509 'C=US OU=''Bell Labs''' file |
    205. 

  205. auth/pemencode CERTIFICATE
    206. 

  206. .EE
    207. 

  207. .LP
    208. 

  208. generates such a textual certificate.
    209. 

  209. Applications that serve TLS-encrypted sessions (for example,
    210. 

  210. .IR httpd (8),
    211. 

  211. .IR pop3 (8),
    212. 

  212. and
    213. 

  213. .IR tlssrv (8))
    214. 

  214. expect certificates in ASN.1/DER/PEM format.
    215. 

  215. .SH EXAMPLES
    216. 

  216. Generate a fresh key and use it to start a TLS-enabled web server:
    217. 

  217. .IP
    218. 

  218. .EX
    219. 

  219. auth/rsagen -t 'service=tls owner=*' >key
    220. 

  220. auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
    221. 

  221. 	auth/pemencode CERTIFICATE >cert
    222. 

  222. cat key >/mnt/factotum/ctl
    223. 

  223. ip/httpd/httpd -c cert
    224. 

  224. .EE
    225. 

  225. .PP
    226. 

  226. Generate a fresh key and configure a remote Unix system to
    227. 

  227. allow use of that key for logins:
    228. 

  228. .IP
    229. 

  229. .EX
    230. 

  230. auth/rsagen -t 'service=ssh' >key
    231. 

  231. auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
    232. 

  232. cat key >/mnt/factotum/ctl
    233. 

  233. ssh unix
    234. 

  234. .EE
    235. 

  235. .SH SOURCE
    236. 

  236. .B /sys/src/cmd/auth
    237. 

  237. .SH "SEE ALSO
    238. 

  238. .IR ssh (1),
    239. 

  239. .IR factotum (4),
    240. 

  240. .IR dsa (8),
    241. 

  241. .IR pem (8)
    242. 

  242. .SH BUGS
    243. 

  243. There are too many key formats.
    244.