.B \-\-output
filename
[
.B \-\-quiet
]
.B \e
.br
.in +10
[
.B \-\-bits
n
]
[
.B \-\-hostname
host
]
.SH DESCRIPTION
.I Newhostkey
outputs (into
.IR filename ,
which can be `\fB-\fR' for standard output)
an RSA private key suitable for this host,
in
.IR /etc/ipsec.secrets
format
(see
.IR ipsec.secrets (5)).
Normally,
.I newhostkey
invokes
.IR rsasigkey
(see
.IR ipsec_rsasigkey (8))
with the
.B \-\-verbose
option, so a narrative of what is being done appears on standard error.
.PP
The
.B \-\-output
specifier, although it is syntactically an option and can appear at
any point among the options (it doesn't have to be first),
is not optional.
The specified
.I filename
is created under umask
.B 077
if nonexistent;
if it already exists and is non-empty,
a warning message about that is sent to standard error,
and the output is appended to the file.
.PP
The
.IR rsasigkey
to tell it what host name to label the output with
(via its
.B \-\-hostname
option).
.PP
The output format is that of
.IR rsasigkey ,
with bracketing added to complete the
.I ipsec.secrets
format.
In the usual case, where
.I ipsec.secrets
contains only the host's own private key,
the output of
.I newhostkey
is sufficient as a complete
.I ipsec.secrets
file.
.SH SEE ALSO
ipsec.secrets(5), ipsec_rsasigkey(8)
.SH HISTORY
Written for the Linux FreeS/WAN project



Man(1) output converted with
man2html