Documentation Index
Fetch the complete documentation index at: https://mintlify.com/strongswan/strongswan/llms.txt
Use this file to discover all available pages before exploring further.
pki --gen generates a new private key. The key is written in DER format by default, or PEM format when --outform pem is specified.
Synopsis
Options
Key type to generate. Accepted values:
rsa— RSA key (default)ecdsa— ECDSA keyed25519— Ed25519 key (Edwards-curve DSA, 256-bit)ed448— Ed448 key (Edwards-curve DSA, 448-bit)
Key size in bits. Applies to RSA and ECDSA only; Ed25519 and Ed448 have fixed key sizes.Default sizes when omitted:
- RSA:
2048 - ECDSA:
384
- RSA:
2048,3072,4096 - ECDSA:
256,384,521
Generate RSA key using safe primes. This increases generation time significantly but may be required for certain compliance scenarios.
Number of key shares to split the private key into (threshold secret sharing). Must be 2 or greater. Used together with
--threshold.Minimum number of shares required to reconstruct the private key. Must be at least 1 and no greater than
--shares.Output encoding format. Accepted values:
pem, der. Output is written to stdout; redirect with > to save to a file.Examples
Generate an Ed25519 key (recommended for new deployments):The key is written in DER (binary) format by default. Use
--outform pem when the key will be stored in a file or referenced by swanctl.conf.