astgenkey -- generates keys for for Asterisk IAX2 RSA authentication
astgenkey [ -q ] [ -n ] [ keyname ]
astgenkey This script generates an RSA private and public key pair in
PEM format for use by Asterisk. The private key should be kept a
secret, as it can be used to fake your system’s identity. Thus by
default (without the option -n ) the script will create a passphrase-
encrypted copy of your secret key: without entering the passphrase you
won’t be able to use it.
However if you want to use such a key with Asterisk, you’ll have to
start it interactively, because the scripts that start asterisk can’t
use that encrypted key.
The key is identified by a name. If you don’t write the name on the
command-line you’ll be prompted for one. The outputs of the script are:
The public key: not secret. Send this to the other side.
The private key: secret.
Those files should be copied to /var/lib/asterisk/keys
(The private key: on your system. The public key: on other systems)
To see the currently-installed keys from the asterisk CLI, use the
Don’t encrypt the private key.
The keys are created, using the umask of the user running the command.
To create the keys in a secure manner, you should check to ensure that
your umask is first set to disallow the private key from being world-
readable, such as with the following commands:
And then make the key accessible to Asterisk (assuming you run it as
chown asterisk /var/lib/asterisk/keys/yourname.*
asterisk(8), genrsa(1), rsa(1),
This manual page was written by Tzafrir Cohen
<email@example.com> Permission is granted to copy, distribute
and/or modify this document under the terms of the GNU General Public
License, Version 2 any later version published by the Free Software
On Debian systems, the complete text of the GNU General Public License
can be found in /usr/share/common-licenses/GPL.