CRYPTO's opcode CRYPTOP_GENPUBKEY is used to generate a public/private key file pair. Its syntax differs slightly from the other opcodes:
xcall CRYPTO, CRYPTOP_GENPUBKEY, status, pubkeyfile, decoding, privkeyfile, encoding, cflags, cipher, passphrase, keybits, cmode
Parameters
status
Returns the result status of the operation: >= 0 for success (number of bytes output to dst), <0 for errors. See CRYPTERR_xxx in CRYPTO.DEF in SOSLIB:[907,16].
pubkeyfile and privkeyfile (in place of the src and dst parameters for other opcodes)
must be set to the filespecs for the generated public and private key files.
decoding and encoding
should be ""; there are no options for this opcode.
cflags
should be set to CRYPF_NONE, since output is always to file
cipher
should be set to either CRYPTO_CIPHER_RSA or CRYPTO_CIPHER_DSA
passphrase (in place of the key parameter for other opcodes)
must be set to the passphrase to encrypt the private key file or "" for none.
keybits
must be a multiple of 64, between 384 and 4096.
cmode
determines the format of the public key file:
| • | CRYPTO_MODE_OPENSSH (0) OpenSSH format |
| • | CRYPTO_MODE_RFC4716 (3) RFC 4716 format |
Comments
For Unix login authentication, the most typical options would be:
cipher = CRYPTO_CIPHER_RSA
keybits = 2048
cmode = CRYPTO_MODE_OPENSSH
