New CRYPTOP_GENPUBKEY (6) opcode to generate a public/private key file pair:
xcall CRYPTO, CRYPTOP_GENPUBKEY, status, pubkeyfile, encoding, privkeyfile, decoding, cflags, cipher, passphrase, keybits, cmode
Parameters
pubkeyfile and privkeyfile (in place of the src and dst parameters for other opcodes) must be set to the filespecs for the generated public and private key files.
encoding and decoding should be ""; there are no options for this opcode.
cflags should be set to CRYPF_NONE, since output is always to file
cipher should be set to either CRYPTO_CIPHER_RSA or CRYPTO_CIPHER_DSA (3)
passphrase (in place of the key parameter for other opcodes) must be set to the passphrase to encrypt the private key file or "" for none.
keybits must be a multiple of 64, between 384 and 4096.
cmode determines the format of the public key file:
| • | CRYPTO_MODE_OPENSSH (0) OpenSSH format |
| • | CRYPTO_MODE_RFC4716 (3) RFC 4716 format |
Comments
For Linux login authentication, the most typical options would be:
cipher = CRYPTO_CIPHER_RSA
keybits = 2048
cmode = CRYPTO_MODE_OPENSSH
