Previous: The quick key manipulation interface, Up: Unattended Usage of GPG [Contents][Index]
Sep 06, 2019 The minimum effort to generate a key pair involves running the ssh-keygen command. If you are rotating keys as a precaution and without any concern of compromise, you can use the old key pair to authenticate the transfer of the new public key before removing the old key. A passphrase-protected private key requires the passphrase to be. Jan 31, 2010 How to create a self signed ssl cert with no passphrase for your test server. Generate your key with openssl. State/O = Internet Widgits Pty Ltd Getting Private key.
The command --generate-key may be used along with the option--batch for unattended key generation. This is the mostflexible way of generating keys, but it is also the most complex one.Consider using the quick key manipulation interface described in theprevious subsection “The quick key manipulation interface”.
The parameters for the key are either read from stdin or given as afile on the command line. The format of the parameter file is asfollows:
Control statements:
Print text as diagnostic.
Suppress actual key generation (useful for syntax checking).
Perform the key generation. Note that an implicit commit is done atthe next Key-Type parameter.
Do not write the key to the default or commandline given keyring butto filename. This must be given before the first commit to takeplace, duplicate specification of the same filename is ignored, thelast filename before a commit is used. The filename is used until anew filename is used (at commit points) and all keys are written tothat file. If a new filename is given, this file is created (andoverwrites an existing one).
See the previous subsection “Ephemeral home directories” for a morerobust way to contain side-effects.
This option is a no-op for GnuPG 2.1 and later.
See the previous subsection “Ephemeral home directories”.
This option is a no-op for GnuPG 2.1 and later.
Using this option allows the creation of keys without any passphraseprotection. This option is mainly intended for regression tests.
If given the keys are created using a faster and a somewhat lesssecure random number generator. This option may be used for keyswhich are only used for a short time and do not require fullcryptographic strength. It takes only effect if used together withthe control statement ‘%no-protection’.
General Parameters:
Starts a new parameter block by giving the type of the primarykey. The algorithm must be capable of signing. This is a requiredparameter. algo may either be an OpenPGP algorithm number or astring with the algorithm name. The special value ‘default’ maybe used for algo to create the default key type; in this case a‘Key-Usage’ shall not be given and ‘default’ also be usedfor ‘Subkey-Type’.
The requested length of the generated key in bits. The default isreturned by running the command ‘gpg --gpgconf-list’.
This is optional and used to generate a CSR or certificate for analready existing key. Key-Length will be ignored when given.
Space or comma delimited list of key usages. Allowed values are‘encrypt’, ‘sign’, and ‘auth’. This is used togenerate the key flags. Please make sure that the algorithm iscapable of this usage. Note that OpenPGP requires that all primarykeys are capable of certification, so no matter what usage is givenhere, the ‘cert’ flag will be on. If no ‘Key-Usage’ isspecified and the ‘Key-Type’ is not ‘default’, all allowedusages for that particular algorithm are used; if it is not given but‘default’ is used the usage will be ‘sign’.
This generates a secondary key (subkey). Currently only one subkeycan be handled. See also ‘Key-Type’ above.
Length of the secondary key (subkey) in bits. The default is returnedby running the command ‘gpg --gpgconf-list’.
Key usage lists for a subkey; similar to ‘Key-Usage’.
If you want to specify a passphrase for the secret key, enter it here.Default is to use the Pinentry dialog to ask for a passphrase.
The three parts of a user name. Remember to use UTF-8 encoding here.If you don’t give any of them, no user ID is created.
Set the expiration date for the key (and the subkey). It may eitherbe entered in ISO date format (e.g. Microsoft powerpoint 2010 product key generator download no survey no password. '20000815T145012') or as number ofdays, weeks, month or years after the creation date. The specialnotation 'seconds=N' is also allowed to specify a number of secondssince creation. Without a letter days are assumed. Note that thereis no check done on the overflow of the type used by OpenPGP fortimestamps. Thus you better make sure that the given value makesense. Although OpenPGP works with time intervals, GnuPG uses anabsolute value internally and thus the last year we can represent is2105.
Set the creation date of the key as stored in the key information andwhich is also part of the fingerprint calculation. Either a date like'1986-04-26' or a full timestamp like '19860426T042640' may be used.The time is considered to be UTC. The special notation 'seconds=N'may be used to directly specify a the number of seconds since Epoch(Unix time). If it is not given the current time is used.
Set the cipher, hash, and compression preference values for this key.This expects the same type of string as the sub-command ‘setpref’in the --edit-key menu.
Add a designated revoker to the generated key. Algo is the public keyalgorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.)fpr is the fingerprint of the designated revoker. The optional‘sensitive’ flag marks the designated revoker as sensitiveinformation. Only v4 keys may be designated revokers.
This is an optional parameter that specifies the preferred keyserverURL for the key.
This is an optional parameter only used with the status linesKEY_CREATED and KEY_NOT_CREATED. string may be up to 100characters and should not contain spaces. It is useful for batch keygeneration to associate a key parameter block with a status line.
Here is an example on how to create a key in an ephemeral home directory:
If you want to create a key with the default algorithms you would usethese parameters:
Previous: The quick key manipulation interface, Up: Unattended Usage of GPG [Contents][Index]
Several tools exist to generate SSH public/private key pairs. The following sections show how to generate an SSH key pair on UNIX, UNIX-like and Windows platforms.
UNIX and UNIX-like platforms (including Solaris and Linux) include the ssh-keygen utility to generate SSH key pairs.
filename
is your choice of file name for the private key:The ssh-keygen utility prompts you for a passphrase for the private key.
Note:
While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.
The ssh-keygen utility prompts you to enter the passphrase again.
filename
and the public key has been saved as filename
.pub
. It also displays information about the key fingerprint and randomart image.The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.
To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.
As the key is being generated, move the mouse around the blank area as directed.
Note:
While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.
.ppk
(PuTTY private key).Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.
.pub
extension to indicate that the file contains a public key.ssh
utility on Linux), export the private key:.ppk
format, using an extension such as .openssh
to indicate the file's content.