Generating Keys Using Command Line

RandPassGenerator 1.3The RandPassGenerator Java application is a simple command-line utility for generating random passwords, passphrases, and raw keys. It is designed very conservatively to ensure that the random values it provides offer full cryptographic strength requested by the user.

Usage Information

Generating PGP Keys. This article will guide you through the process of generating public and private keys for encrypting emails. This is for people using command line (unix) mail readers such as Mutt as well as those who use Linux workstations. The basic function is to create public and private key pairs. PuTTY stores keys in its own format in.ppk files. However, the tool can also convert keys to and from other formats. PuTTYgen.exe on Windows is a graphical tool. A command-line version is available for Linux.

  1. To create a new key pair, select the type of key to generate from the bottom of the screen (using SSH-2 RSA with 2048 bit key size is good for most people; another good well-known alternative is ECDSA). Then click Generate, and start moving the mouse within the Window. Putty uses mouse movements to collect randomness.
  2. How to configure SSH keys using cPanel. This article describes how to create and deploy SSH keys using cPanel. If your hosting account does not include cPanel, or if you want to use the command line to configure SSH keys, please see this article. Table of Contents. Using SSH keys. Generating a new key. To generate a new SSH key pair for.

To use RandPassGenerator, you'll need the Oracle Java Runtime Environment; any recent version should be sufficient, but at a minimum version 9 is recommended.

The RandPassGenerator can also run from a terminal or console. The command-line syntax is simple:

Options

-v {Print verbose messages during operation, in addition to logging}

-str S {Use generation strength of S bits (default: 160)}

-pw N {Generate N random password of the specified strength}

-pp N {Generate N random passphrases of the specified strength}

-k N {Generate N random keys of the specified strength}

-enc {Encrypt generated random key using a random password that is at least a 16 characters (256-bit AES) and write to file named the Key ID (KEY_ID.enc). A prompt for a random password to us will appear. Users should generate a random password to use for encryption prior to generating keys. ('java -jar RandPassGenerator.jar -pw 1 -str 96' will generate a 16 character password).}

-decrypt {Decrypt encrypted key file using a random password that is at least a 16 characters and save as text file (KEY_ID_decrypted.txt). A prompt for the name of the encrypted file to decrypt will appear, then a prompt for the random password to use will appear.}

Unusual options:

-pplen M {When generating passphrases, longest word should be M letters long (minimum value of M is 3)}

-ppurl U {Use the URL U to load words for passphrase (default: use internal list)}

-pwcs P {Use character pattern P for characters to use in passwords (lowercase, uppercase, number, special character, or combination)}

-log F {Log all operations to the log file F (default: ./randpass.log)}

-out F {Write output to file F (default: writes to stdout)}

-c N {Format output passwords and keys in chunks of N characters}

-sep S {For chunk formatting, use S as the separator (default: -)}

At least one of the options -pw, -pp, or -k must be supplied. The keys, passwords, or passphrases produced by RandPassGenerator will be written to the standard output (stdout), so they can easily be redirected to a file. The -out option can also be used to write the output to a file. All messages are written to the standard error (stderr).

Detailed log messages are appended to the specified log file - if the log file cannot be opened, then the tool will not run.

Note that the -pwcs option is a little strange. Each character in the value represents a full set of characters. Any lowercase lettermeans 'add a character set of all lowercase letters', any uppercase letter means 'add a set of all uppercase letter', any digit means'add a set of all digits', and anything else means 'add a set of all punctuation marks'. There is no way to supply a fully custom character set. Normally, you should not use the -pwcs option, you should let RandPassGenerator use its default character set.

Examples

Example 1: generate 5 random passwords using the default mixed character set, at default strength of 160, saved into file GoodPasswords.dat

Example 2: generate 20 random passphrases using the default dictionary, at strength of 256, with verbose messages, using words up to 9 letters long, and output saved into the file passphrases.txt

Example 3: generate 200 random keys at strength of 192, with logging to keygen.log, and output to mykeys.out.

Example 4: generate 100 passwords at strength 160, using a character set of lowercase letters and digits, with output redirected to hi-quality-stuff.txt

Example 5: generate 10 passwords at strength 128, formatted into chunks of five characters each, separated by /.

Example 6: generate 1 random key at strength 256, and encrypt to file using random password.

Example 7: Decrypt encrypted key file.

Design Information

The foundation of RandPassGenerator is an implementation of the NIST SP800-90 Hash DRBG. It uses entropy, carefully gathered from system sources, to generate quality random output. The internal strength of the DRBG is 192 bits, according to NIST SP800-57, using the SHA-384 algorithm. In accordance with SP800-90, the DRBG is seeded with at least 888 bits of high quality entropy from entropy sources prior to any operation.

This implementation uses the seed mechanism of the Java SecureRandom class for gathering entropy. This implementation performs self-tests at every execution, so that users can be confident that no library problems have affected operation. Two kinds of self-tests are performed:

  1. Known-answer tests from the NIST Hash_DRBG verification suite test file.
  2. Simple statistical tests on DRBG output.

If the tests don't pass, the tool reports failure and refuses to run.

The strength mechanism implemented here is quite simple. For passwords, the size of the character set used defines thebits-per-character, and password length is then computed to meet or exceed the requested strength (typically, this is somewhere around 5-6 bits per character). Similarly, for passphrases the size of the usable dictionary defines the bits-per-word, and passphrase length is then computed to meet or exceed the requested strength (for the default dictionary and settings, roughly 16 bits-per-word). Duplicates are eliminated and the entropy is computed based on the number of unique characters or words.

The RandPassGenerator tool performs extensive logging. By default, log entries are appended to the local file 'randpass.log'. No actual key data, random data, or seed data is written to the log file.

License

See LICENSE.

Command Line Tutorial

Contributing

See CONTRIBUTING.

Disclaimer

See DISCLAIMER.

These commands generate and use private keys in unencrypted binary(not Base64 “PEM”) PKCS#8 format. The PKCS#8 format is used here becauseit is the most interoperable format when dealing with software that isn'tbased on OpenSSL.

OpenSSL has a variety of commands that can be used to operate on privatekey files, some of which are specific to RSA (e.g. openssl rsa andopenssl genrsa) or which have other limitations. Here we always useopenssl pkey, openssl genpkey, and openssl pkcs8, regardless of the typeof key.

The first section describes how to generate private keys. The second andthird sections describe how to extract the public key from the generatedprivate key. The last section describes how to inspect a private key'smetadata.

Generating Private Keys

Ed25519 isn't listed here because OpenSSL's command line utilities do notsupport Ed25519 keys yet.

ECC

The key will use the named curve form, i.e. the only correct form, whichunfortunately isn't the default form in all versions of OpenSSL.

The algorithm identifier will be id-ecPublicKey (1.2.840.10045.2.1),which is what software for signing and verifying ECDSA signatures expects.

ECC P-256

Generating Keys Using Command Line In Atom

ECC P-384

RSA

The key will have two primes (i.e. it will not be a multi-prime key), andpublic exponent 65537, which are by far the most interoperable parameters.Unless you have special requirements, generate a 2048-bit key.

The key's algorithm identifier is rsaEncryption (1.2.840.113549.1.1.1),which is the most interoperable form. Almost all software will accept keysmarked as such for use in RSA encryption and for RSA PKCS#1 1.5 signatures andRSA-PSS signatures.

Generating Keys Using Command Line Argument

2048-bit RSA

3072-bit RSA

Extracting the Public Key from the Private Key as a SubjectPublicKeyInfo.

PKCS#8 files are self-describing, and PKCS#8 private key files contain thepublic key, so the public key can be extracted from the private key file:

Examples:

Extracting an RSA Public Key from the Private Key Without the SubjectPublicKeyInfo Metadata

Above, we said we would only need openssl pkey, openssl genpkey, andopenssl pkcs8, but that's only true if you don't need to output thelegacy form of the public key. If you need the legacy form in binary (“DER”)format then can do the conversion following this example:

The Base64 (“PEM”) form can be output following this example:

Inspecting a Key's Public Metadata

PKCS#8 files are self-describing, and PKCS#8 private key files contain thepublic key, so a single command can output all the public properties forany private key.

Monster hunter generations five star key quests. Resources:. finalnodeCommunity Links. ★★★ RULES ★★★.Submissions must be directly relevant to Monster HunterNon-Monster Hunter related material will be removed at moderator discretion.Certain topics belong in specific subredditsMemes and similar posts belong in and will be removed from this sub.

WARNING: By default OpenSSL's command line tool will output the valueof the private key, even when you ask for it to output the public metadata;the -noout parameter suppresses this.

For example, if you generated p256-private-key.p8 as described in thein the section on generating private keys, then given the command:

you'd see output like this (with a different value for pub, the public key):

As another example, if you generated rsa-2048-private-key.p8as described in the section on generating private keys, then this:

Generating Keys Using Command Line Programming

would output something like this (with a different modulus value):

Comments are closed.