RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/docs/content/en/reference/guides/generating-secure-values.md

152 lines
4.5 KiB
Markdown
Raw Blame History

---
title: "Generating Secure Values"
description: "A reference guide on generating secure values such as password hashes, password strings, and cryptography keys"
lead: "This section contains reference documentation for generating secure values such as password hashes, password strings, and cryptography keys."
date: 2022-10-23T18:09:19+11:00
draft: false
images: []
menu:
reference:
parent: "guides"
weight: 220
toc: true
---
## Generating a Random Password Hash
Often times it's required that a random password is generated. While you could randomly generate a string then hash it,
we provide a convenience layer for this purpose.
### authelia
The __Authelia__ docker container or CLI binary can be used to generate a random alphanumeric string and output the
the string and the hash at the same time.
Use the `authelia crypto hash generate --help` command or see the [authelia crypto hash generate] reference guide for
more information on all available options and algorithms.
##### Using Docker
```bash
docker run authelia/authelia:latest authelia crypto hash generate argon2 --random --random.length 64 --random.charset alphanumeric
```
##### Using the Binary
```bash
authelia crypto hash generate argon2 --random --random.length 64 --random.charset alphanumeric
```
## Generating a Random Alphanumeric String
Some sections of the configuration recommend generating a random string. There are many ways to accomplish this and the
following methods are merely suggestions.
### authelia
The __Authelia__ docker container or CLI binary can be used to generate a random alphanumeric string.
Use the `authelia crypto rand --help` command or see the [authelia crypto rand] reference guide for more information on
all available options.
##### Using Docker
```bash
docker run authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric
```
##### Using the Binary
```bash
authelia crypto rand --length 64 --charset alphanumeric
```
### openssl
The `openssl` command on Linux can be used to generate a random alphanumeric string:
```bash
openssl rand -hex 64
```
### Linux
Basic Linux commands can be used to generate a random alphanumeric string:
```bash
LENGTH=64
tr -cd '[:alnum:]' < /dev/urandom | fold -w "${LENGTH}" | head -n 1 | tr -d '\n' ; echo
```
## Generating an RSA Keypair
Some sections of the configuration need an RSA keypair. There are many ways to achieve this, this section explains two
such ways.
### authelia
The __Authelia__ docker container or CLI binary can be used to generate a RSA 4096 bit keypair.
Use the `authelia crypto pair --help` command or see the [authelia crypto pair] reference guide for more
information on all available options.
##### Using Docker
```bash
docker run -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia:latest authelia crypto pair rsa generate --bits 4096 --directory /keys
```
##### Using the Binary
```bash
authelia crypto pair rsa generate --directory /path/to/keys
```
### openssl
The `openssl` command on Linux can be used to generate a RSA 4096 bit keypair:
```bash
openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
```
## Generating an RSA Self-Signed Certificate
Some sections of the configuration need a certificate and it may be possible to use a self-signed certificate. There are
many ways to achieve this, this section explains two such ways.
### authelia
The __Authelia__ docker container or binary can be used to generate a RSA 4096 bit self-signed certificate for the
domain `example.com`.
Use the `authelia crypto certificate --help` command or see the [authelia crypto certificate] reference guide for more
information on all available options.
##### Using Docker
```bash
docker run -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia authelia crypto certificate rsa generate --common-name example.com --directory /keys
```
##### Using the Binary
```bash
authelia crypto certificate rsa generate --common-name example.com --directory /path/to/keys
```
### openssl
The `openssl` command on Linux can be used to generate a RSA 4096 bit self-signed certificate for the domain
`example.com`:
```bash
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -subj '/CN=example.com'
```
[authelia crypto hash generate]: ../cli/authelia/authelia_crypto_hash_generate.md
[authelia crypto rand]: ../cli/authelia/authelia_crypto_rand.md
[authelia crypto pair]: ../cli/authelia/authelia_crypto_pair.md
[authelia crypto certificate]: ../cli/authelia/authelia_crypto_certificate.md
Reference in New Issue View Git Blame Copy Permalink