4.5 KiB
| title | description | lead | date | draft | images | menu | weight | toc | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Generating Secure Values | A reference guide on generating secure values such as password hashes, password strings, and cryptography keys | This section contains reference documentation for generating secure values such as password hashes, password strings, and cryptography keys. | 2022-10-23T18:09:19+11:00 | false |
|
220 | true |
Generating a Random Password Hash
Often times it's required that a random password is generated. While you could randomly generate a string then hash it, we provide a convenience layer for this purpose.
authelia
The Authelia docker container or CLI binary can be used to generate a random alphanumeric string and output the string and the hash at the same time.
Use the authelia crypto hash generate --help command or see the authelia crypto hash generate reference guide for
more information on all available options and algorithms.
Using Docker
docker run authelia/authelia:latest authelia crypto hash generate argon2 --random --random.length 64 --random.charset alphanumeric
Using the Binary
authelia crypto hash generate argon2 --random --random.length 64 --random.charset alphanumeric
Generating a Random Alphanumeric String
Some sections of the configuration recommend generating a random string. There are many ways to accomplish this and the following methods are merely suggestions.
authelia
The Authelia docker container or CLI binary can be used to generate a random alphanumeric string.
Use the authelia crypto rand --help command or see the authelia crypto rand reference guide for more information on
all available options.
Using Docker
docker run authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric
Using the Binary
authelia crypto rand --length 64 --charset alphanumeric
openssl
The openssl command on Linux can be used to generate a random alphanumeric string:
openssl rand -hex 64
Linux
Basic Linux commands can be used to generate a random alphanumeric string:
LENGTH=64
tr -cd '[:alnum:]' < /dev/urandom | fold -w "${LENGTH}" | head -n 1 | tr -d '\n' ; echo
Generating an RSA Keypair
Some sections of the configuration need an RSA keypair. There are many ways to achieve this, this section explains two such ways.
authelia
The Authelia docker container or CLI binary can be used to generate a RSA 4096 bit keypair.
Use the authelia crypto pair --help command or see the authelia crypto pair reference guide for more
information on all available options.
Using Docker
docker run -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia:latest authelia crypto pair rsa generate --bits 4096 --directory /keys
Using the Binary
authelia crypto pair rsa generate --directory /path/to/keys
openssl
The openssl command on Linux can be used to generate a RSA 4096 bit keypair:
openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Generating an RSA Self-Signed Certificate
Some sections of the configuration need a certificate and it may be possible to use a self-signed certificate. There are many ways to achieve this, this section explains two such ways.
authelia
The Authelia docker container or binary can be used to generate a RSA 4096 bit self-signed certificate for the
domain example.com.
Use the authelia crypto certificate --help command or see the authelia crypto certificate reference guide for more
information on all available options.
Using Docker
docker run -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia authelia crypto certificate rsa generate --common-name example.com --directory /keys
Using the Binary
authelia crypto certificate rsa generate --common-name example.com --directory /path/to/keys
openssl
The openssl command on Linux can be used to generate a RSA 4096 bit self-signed certificate for the domain
example.com:
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -subj '/CN=example.com'