RSA(8)                                                     RSA(8)

     NAME
          rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 -
          generate and format rsa keys

     SYNOPSIS
          rsagen [ -b nbits ] [ -t tag ]

          rsafill [ file ]

          asn12rsa [ -t tag ] [ file ]

          rsa2pub [ file ]

          rsa2ssh [ file ]

          rsa2x509 [ -e expiretime ] certinfo [ file ]

     DESCRIPTION
          Plan 9 represents an RSA key as an attribute-value pair list
          prefixed with the string key; this is the generic key format
          used by factotum(4). A full RSA private key has the follow-
          ing attributes:

          proto  must be rsa

          size   the number of significant bits in n

          ek     the encryption exponent

          n      the product of !p and !q

          !dk    the decryption exponent

          !p     a large prime

          !q     another large prime

          !kp, !kq, !c2
                 parameters derived from the other attributes, cached
                 to speed decryption

          All the numbers are in hexadecimal except size , which is
          decimal.  An RSA public key omits the attributes beginning
          with `! .'  A key may have other attributes as well (for
          example, a service attribute identifying how this key is
          typically used), but to these utilities such attributes are
          merely comments.

          For example, a very small (and thus insecure) private key

     Page 1                       Plan 9            (printed 11/18/24)

     RSA(8)                                                     RSA(8)

          and corresponding public key might be:

               key proto=rsa size=8 ek=7 n=8F !dk=67 !p=B !q=D !kp=3 !kq=7 !c2=6
               key proto=rsa size=8 ek=7 n=8F

          Note that the order of the attributes does not matter.

          Rsagen prints a randomly generated RSA private key whose n
          has exactly nbits (default 1024) significant bits.  If tag
          is specified, it is printed between key and proto=rsa; typi-
          cally, tag is a sequence of attribute-value comments
          describing the key.

          Rsafill reads a private key, recomputes the !kp, !kq, and
          !c2 attributes if they are missing, and prints a full key.

          Asn12rsa reads an RSA private key stored as ASN.1 encoded in
          the binary Distinguished Encoding Rules (DER) and prints a
          Plan 9 RSA key, inserting tag exactly as rsagen does.
          ASN.1/DER is a popular key format on Unix and Windows; it is
          often encoded in text form using the Privacy Enhanced Mail
          (PEM) format in a section labeled as an ``RSA PRIVATE KEY.''
          The command:

               auth/pemdecode 'RSA PRIVATE KEY' | auth/asn12rsa

          extracts the key section from a textual ASN.1/DER/PEM key
          into binary ASN.1/DER format and then converts it to a Plan
          9 RSA key.

          Rsa2pub reads a Plan 9 RSA public or private key, removes
          the private attributes, and prints the resulting public key.
          Comment attributes are preserved.

          Rsa2ssh reads a Plan 9 RSA public or private key and prints
          the public portion in the format used by SSH: three space-
          separated decimal numbers size, ek, and n.  For compatibil-
          ity with external SSH implementations, the public keys in
          /sys/lib/ssh/keyring and $home/lib/keyring are stored in
          this format.

          Rsa2x509 reads a Plan 9 RSA private key and writes a self-
          signed X.509 certificate encoded in ASN.1/DER format to
          standard output.  (Note that ASN.1/DER X.509 certificates
          are different from ASN.1/DER private keys).  The certificate
          uses the current time as its start time and expires
          expiretime seconds (default 3 years) later.  It contains the
          public half of the key and includes certinfo as the
          issuer/subject string (also known as a ``Distinguished
          Name'').  This info is typically in the form:

               C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin

     Page 2                       Plan 9            (printed 11/18/24)

     RSA(8)                                                     RSA(8)

          The X.509 ASN.1/DER format is often encoded in text using a
          PEM section labeled as a ``CERTIFICATE.''  The command:

               auth/rsa2x509 'C=US OU=''Bell Labs''' file |
               auth/pemencode CERTIFICATE

          generates such a textual certificate.  Applications that
          serve TLS-encrypted sessions (for example, httpd(8),
          pop3(8), and tlssrv(8)) expect certificates in ASN.1/DER/PEM
          format.

     EXAMPLES
          Generate a fresh key and use it to start a TLS-enabled web
          server:

               auth/rsagen -t 'service=tls owner=*' >key
               auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
                    auth/pemencode CERTIFICATE >cert
               cat key >/mnt/factotum/ctl
               ip/httpd/httpd -c cert

          Generate a fresh key and configure a remote Unix system to
          allow use of that key for logins:

               auth/rsagen -t 'service=ssh' >key
               auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
               cat key >/mnt/factotum/ctl
               ssh unix

     SOURCE
          /sys/src/cmd/auth

     SEE ALSO
          factotum(4), pem(8), ssh(1)

     BUGS
          There are too many key formats.

     Page 3                       Plan 9            (printed 11/18/24)