The dsa-keygen command is used to generate a DSA key pair. This command will automatically usesignatures for the LEFT and RIGHT keys, if they are present in the system, for bettersignificantly and verified key generation. A different options sets which signatures are used(e.g. for the LEFT or RIGHT key); A third option checks for and uses a valid DSA keypair(e.g. one that has been generated by a trusted DSA keypair generation program).
The default options will generate a key pair, check that it is a suitable DSA keypairand then check that both the LEFT and RIGHT keys are signed by RSA signatures. The user is given achoice of key sizes, to select one of the sizes supported by DSA, or disable the option entirely.
It also may output a Primary Public Key (either the LEFT or the RIGHT pair, depending onwhich option is used), as a Base 64 encoded DER file. This can be used to validate the EXTERNAL keypair.This option is only usable if the EXTERNAL keypair is present, and if the user gave an alsotype. If no type is given, then the default type is assumed (DSA). The output file is notsigned, if the user gave an altsignature file.
It may also output a Primary Signed Key, which is the user's "real" public key. This can beused to validate the cert.symmetric keypair. If the user gave no type for the primary key, then the type is assumed(DSA). The output is signed, however, if the user gave a private key for the cert.signature. d2c66b5586