astgenkey man page
astgenkey — generates keys for for Asterisk IAX2 RSA authentication
astgenkey [ -q ] [ -n ] [ keyname ]
astgenkey This script generates an RSA private and public key pair in PEM format for use by Asterisk. The private key should be kept a secret, as it can be used to fake your system's identity. Thus by default (without the option -n ) the script will create a passphrase-encrypted copy of your secret key: without entering the passphrase you won't be able to use it.
However if you want to use such a key with Asterisk, you'll have to start it interactively, because the scripts that start asterisk can't use that encrypted key.
The key is identified by a name. If you don't write the name on the command-line you'll be prompted for one. The outputs of the script are:
The public key: not secret. Send this to the other side.
The private key: secret.
Those files should be copied to /var/lib/asterisk/keys
(The private key: on your system. The public key: on other systems)
To see the currently-installed keys from the asterisk CLI, use the command
Don't encrypt the private key.
The keys are created, using the umask of the user running the command. To create the keys in a secure manner, you should check to ensure that your umask is first set to disallow the private key from being world- readable, such as with the following commands:
And then make the key accessible to Asterisk (assuming you run it as user "asterisk").
chown asterisk /var/lib/asterisk/keys/yourname.*
asterisk(8), genrsa(1), rsa(1),
This manual page was written by Tzafrir Cohen <email@example.com> Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 any later version published by the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2.