diff --git a/salt/utils/sanitizers.py b/salt/utils/sanitizers.py
new file mode 100644
index 0000000000..d2f1cff0ef
--- /dev/null
+++ b/salt/utils/sanitizers.py
@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright 2016 SUSE LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import re
+import os.path
+from salt.ext.six import text_type as text
+
+
+from salt.exceptions import CommandExecutionError
+
+
+class InputSanitizer(object):
+    @staticmethod
+    def trim(value):
+        '''
+        Raise an exception if value is empty. Otherwise strip it down.
+        :param value:
+        :return:
+        '''
+        value = (value or '').strip()
+        if not value:
+            raise CommandExecutionError("Empty value during sanitation")
+
+        return text(value)
+
+    @staticmethod
+    def filename(value):
+        '''
+        Remove everything that would affect paths in the filename
+
+        :param value:
+        :return:
+        '''
+        return re.sub('[^a-zA-Z0-9.-_ ]', '', os.path.basename(InputSanitizer.trim(value)))
+
+    @staticmethod
+    def hostname(value):
+        '''
+        Clean value for RFC1123.
+
+        :param value:
+        :return:
+        '''
+        return re.sub(r'[^a-zA-Z0-9.-]', '', InputSanitizer.trim(value))
+
+    id = hostname
+
+
+clean = InputSanitizer()
diff --git a/salt/wheel/key.py b/salt/wheel/key.py
index c95ac4a15c..f8fc95c330 100644
--- a/salt/wheel/key.py
+++ b/salt/wheel/key.py
@@ -37,6 +37,8 @@ import logging
 from salt.key import get_key
 import salt.crypt
 import salt.utils
+from salt.utils.sanitizers import clean
+
 
 __func_alias__ = {
     'list_': 'list',
@@ -318,6 +320,8 @@ def gen(id_=None, keysize=2048):
     '''
     if id_ is None:
         id_ = hashlib.sha512(os.urandom(32)).hexdigest()
+    else:
+        id_ = clean.filename(id_)
     ret = {'priv': '',
            'pub': ''}
     priv = salt.crypt.gen_keys(__opts__['pki_dir'], id_, keysize)
@@ -371,6 +375,7 @@ def gen_accept(id_, keysize=2048, force=False):
         >>> wheel.cmd('key.list', ['accepted'])
         {'minions': ['foo', 'minion1', 'minion2', 'minion3']}
     '''
+    id_ = clean.id(id_)
     ret = gen(id_, keysize)
     acc_path = os.path.join(__opts__['pki_dir'], 'minions', id_)
     if os.path.isfile(acc_path) and not force: