FreeBSD Manual Pages
IPSEC_SHOWHOSTKEY(8) Executable programs IPSEC_SHOWHOSTKEY(8) NAME ipsec_showhostkey - show host's authentication key SYNOPSIS ipsec showhostkey [--verbose] {--version | --list | --dump | --left | --right | --ipseckey | --pem} [--ckaid ckaid | --rsaid rsaid] [--gateway gateway] [--precedence precedence] [--nssdir nssdir] [--password password] DESCRIPTION Showhostkey outputs (on standard output) a public key suitable for this host, in the format specified, using the host key information stored in the NSS database. In general, since only the super-user can access the NSS database, only the super-user can display the public key information. Common Options --version Print the libreswan version, then exit. --verbose Increase the verbosity. --nssdir nssdir Specify the libreswan directory that contains the NSS database (default /usr/local/etc/ipsec.d). --password password Specify the password to use when accessing the NSS database (default contained in /usr/local/etc/ipsec.d/nsspassword). List Options --list List the private keys. --dump List, with more details, the private keys. Public Key Options --ckaid ckaid Select the public key to display using the NSS ckaid. --rsaid rsaid Select the public key to display using the RSA key ID. --pem Print the selected public key in PEM encoded ASN.1 format. --left, --right Print the selected public key in ipsec.conf(5) format, as a leftrsasigkey or rightrsasigkey parameter respectively. For example, --left might give (with the key data trimmed down for clarity): leftrsasigkey=0sAQOF8tZ2...+buFuFn/ --ipseckey Print the selected public key in a format suitable for use as opportunistic-encryption DNS IPSECKEY record format (RFC 4025). A gateway can be specified with the --gateway, which currently supports IPv4 and IPv6 addresses. For the host name, the value returned by gethostname is used, with a . appended. For example, --ipseckey --gateway 10.11.12.13 might give (with the key data trimmed for clarity): IN IPSECKEY 10 1 2 10.11.12.13 AQOF8tZ2...+buFuFn/" --gateway gateway For --ipseckey, specify the gateway to display with the DNS IPSECKEY record. --precedence precedence For --ipseckey, specify the precedence to display with the DNS IPSECKEY record. DIAGNOSTICS A complaint about "no pubkey line found" indicates that the host has a key but it was generated with an old version of FreeS/WAN and does not contain the information that showhostkey needs. FILES /usr/local/etc/ipsec.d, /usr/local/etc/ipsec.d/nsspassword SEE ALSO ipsec.conf(5), ipsec rsasigkey(8) ipsec newhostkey(8) HISTORY Written for the Linux FreeS/WAN project <https://www.freeswan.org> by Henry Spencer. Updated by Paul Wouters for the IPSECKEY format. BUGS Arguably, rather than just reporting the no-IN-KEY-line-found problem, showhostkey should be smart enough to run the existing key through rsasigkey with the --oldkey option, to generate a suitable output line. AUTHOR Paul Wouters placeholder to suppress warning libreswan 05/13/2025 IPSEC_SHOWHOSTKEY(8)
NAME | SYNOPSIS | DESCRIPTION | DIAGNOSTICS | FILES | SEE ALSO | HISTORY | BUGS | AUTHOR
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ipsec_showhostkey&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>