iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Integrating the WebSafe2 Internet Security
Processor (WISP)
iTP Secure WebServer System Administrator’s Guide—523346-002
5-12
Generating the Public/Private Key Pair and
Obtaining the Certificate
-kek_clear kek-value
specifies the clear KEK value. If kek-value is not supplied in the command line,
you are prompted by keyadmin to enter it. Keyadmin computes the check digits of
KEK and asks you to verify that it is correct. The size of KEK is 16 bytes (32 hex
digits).
-length key-length
specifies the length of the key in bits. This option allows you to control the size of
the encryption key. The default key size and the minimum key size is 512 bits. The
maximum key size is 1024 bits, or 512 bits for the exportable version of the iTP
Secure WebServer.
-verbose
specifies that complete information associated with the command string should be
displayed.
Example
When you enter the keyadmin command and press Return, you are prompted for the
clear KEK key. Your response is not echoed. The following example dialog shows
correct keyadmin syntax and the prompts keyadmin displays.
The value of -kek_mfk0 consists of the left and right portions of the encrypted KEK.
Compare the KEK with the Example on page 5-10. The keyadmin command does not
echo the clear KEK key that you type, but in this example, the value consistent with the
same example would be F445DF43798097A1A42043A70B4F8A61. If the check
digits don’t match the value on the SCT display, run the command again, taking care to
enter the clear text and cryptogram correctly.
bin/keyadmin -verbose -websafegen \
test-cert.req -widconf wid.config \
-dn 'CN =testing,OU=web,O="Tandem Computers, Inc.", \
L=Cupertino,ST=California,C=US' \
-kek_clear F445DF43798097A1A42043A70B4F8A61 \
-kek_mfk0 20F6479470CC73F20325C6824FF0D6E2 -length 512
Check digits of clear KEK: xxxx
Is it correct (y or n)?: y
After the keyadmin utility finishes running the command, it generates a file named
cert-req.txt in the directory where the command was run. This file contains the
public key and DN encoded in PKCS #10 format.