Section: Linux Programmer's Manual (8)
Updated: May 14th, 2005
astgenkey - generates keys for for Asterisk IAX2 RSA authentication
[ -q ] [ -n ] [ keyname ]
This script generates an RSA private and public key pair in PEM format
for use by Asterisk. The private key should be kept a secret, as it can
be used to fake your system's identity. Thus by default (without the
) the script will create a passphrase-encrypted copy of your secret key:
without entering the passphrase you won't be able to use it.
However if you want to use such a key with Asterisk, you'll have to start
it interactively, because the scripts that start asterisk can't use that
The key is identified by a name. If you don't write the name on the
command-line you'll be prompted for one. The outputs of the script are:
The public key: not secret. Send this to the other side.
The private key: secret.
Those files should be copied to
(The private key: on your system. The public key: on other systems)
To see the currently-installed keys from the asterisk CLI, use the command
Don't encrypt the private key.
The keys are created, using the umask of the user running the command.
To create the keys in a secure manner, you should check to ensure that
your umask is first set to disallow the private key from being world-
readable, such as with the following commands:
And then make the key accessible to Asterisk (assuming you run it as
chown asterisk /var/lib/asterisk/keys/yourname.*
This manual page was written by Tzafrir Cohen <email@example.com
Permission is granted to copy, distribute and/or modify this document under
the terms of the GNU General Public License, Version 2 any
later version published by the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public
License can be found in /usr/share/common-licenses/GPL-2.