Public/Private Key

CRYPTO's opcode CRYPTOP_GENPUBKEY is used to generate a public/private key file pair. Its syntax differs slightly from the other opcodes:

xcall CRYPTO, CRYPTOP_GENPUBKEY, status, pubkeyfile, decoding, privkeyfile, encoding, cflags, cipher, passphrase, keybits, cmode

Parameters

status

Returns the result status of the operation: >= 0 for success (number of bytes output to dst), <0 for errors (see CRYPTERR_xxx in CRYPTO.DEF)

pubkeyfile and privkeyfile (in place of the src and dst parameters for other opcodes)

must be set to the filespecs for the generated public and private key files.

decoding and encoding

should be ""; there are no options for this opcode.

cflags

should be set to CRYPF_NONE, since output is always to file

cipher

should be set to either CRYPTO_CIPHER_RSA or CRYPTO_CIPHER_DSA

passphrase (in place of the key parameter for other opcodes)

must be set to the passphrase to encrypt the private key file or "" for none.

keybits

must be a multiple of 64, between 384 and 4096.

cmode

determines the format of the public key file:

• CRYPTO_MODE_OPENSSH (0) OpenSSH format

• CRYPTO_MODE_RFC4716 (3) RFC 4716 format

Comments

For Linux login authentication, the most typical options would be:

cipher = CRYPTO_CIPHER_RSA

keybits = 2048

cmode = CRYPTO_MODE_OPENSSH