The key will be bitsize long (default: 512 bits) with a minimum of 32 bits and a maximum of 4096 bits. Keyfile is the file in which the server stores its keys; the default is /keydb/signerkey, and many authentication programs such as logind(8) by default expect to find their server key there. Creating a signer's default key afresh typically invalidates all certificates previously issued by that signer, because their signatures will not verify. The mode of the keyfile should be set to be readable only by the user running those programs.
The -a option specifies the signature algorithm. Currently alg can be either elgamal or rsa. RSA keys are now used by default.
CREATESIGNERKEY(8 ) | Rev: Tue Mar 31 02:42:38 GMT 2015 |