1.TH ntp.keys 5 "07 Jan 2016" "4.2.8p5" "File Formats"
2.\"
3.\" EDIT THIS FILE WITH CAUTION (ntp.man)
4.\"
5.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5
6.\" From the definitions ntp.keys.def
7.\" and the template file agman-file.tpl
8.Sh NAME
9.Nm ntp.keys
10.Nd NTP symmetric key file format
11
12.\"
13.SH NAME
14ntp.keys \- NTP symmetric key file format configuration file
15.de1 NOP
16. it 1 an-trap
17. if \\n[.$] \,\\$*\/
18..
19.ie t \
20.ds B-Font [CB]
21.ds I-Font [CI]
22.ds R-Font [CR]
23.el \
24.ds B-Font B
25.ds I-Font I
26.ds R-Font R
27.SH SYNOPSIS
28\f\*[B-Font]\fP
29[\f\*[B-Font]\-\-option-name\f[]]
30[\f\*[B-Font]\-\-option-name\f[] \f\*[I-Font]value\f[]]
31.sp \n(Ppu
32.ne 2
33
34All arguments must be options.
35.sp \n(Ppu
36.ne 2
37
38.SH DESCRIPTION
39This document describes the format of an NTP symmetric key file.
40For a description of the use of this type of file, see the
41"Authentication Support"
42section of the
43\fCntp.conf\f[]\fR(5)\f[]
44page.
45.sp \n(Ppu
46.ne 2
47
48\fCntpd\f[]\fR(8)\f[]
49reads its keys from a file specified using the
50\f\*[B-Font]\-k\f[]
51command line option or the
52\f\*[B-Font]keys\f[]
53statement in the configuration file.
54While key number 0 is fixed by the NTP standard
55(as 56 zero bits)
56and may not be changed,
57one or more keys numbered between 1 and 65534
58may be arbitrarily set in the keys file.
59.sp \n(Ppu
60.ne 2
61
62The key file uses the same comment conventions
63as the configuration file.
64Key entries use a fixed format of the form
65.sp \n(Ppu
66.ne 2
67
68.in +4
69\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
70.in -4
71.sp \n(Ppu
72.ne 2
73
74where
75\f\*[I-Font]keyno\f[]
76is a positive integer (between 1 and 65534),
77\f\*[I-Font]type\f[]
78is the message digest algorithm,
79and
80\f\*[I-Font]key\f[]
81is the key itself.
82.sp \n(Ppu
83.ne 2
84
85The
86\f\*[I-Font]key\f[]
87may be given in a format
88controlled by the
89\f\*[I-Font]type\f[]
90field.
91The
92\f\*[I-Font]type\f[]
93\f[C]MD5\f[]
94is always supported.
95If
96\f[C]ntpd\f[]
97was built with the OpenSSL library
98then any digest library supported by that library may be specified.
99However, if compliance with FIPS 140-2 is required the
100\f\*[I-Font]type\f[]
101must be either
102\f[C]SHA\f[]
103or
104\f[C]SHA1\f[].
105.sp \n(Ppu
106.ne 2
107
108What follows are some key types, and corresponding formats:
109.sp \n(Ppu
110.ne 2
111
112.TP 7
113.NOP \f[C]MD5\f[]
114The key is 1 to 16 printable characters terminated by
115an EOL,
116whitespace,
117or
118a
119\f[C]#\f[]
120(which is the "start of comment" character).
121.sp \n(Ppu
122.ne 2
123
124.br
125.ns
126.TP 7
127.NOP \f[C]SHA\f[]
128.br
129.ns
130.TP 7
131.NOP \f[C]SHA1\f[]
132.br
133.ns
134.TP 7
135.NOP \f[C]RMD160\f[]
136The key is a hex-encoded ASCII string of 40 characters,
137which is truncated as necessary.
138.PP
139.sp \n(Ppu
140.ne 2
141
142Note that the keys used by the
143\fCntpq\f[]\fR(8)\f[]
144and
145\fCntpdc\f[]\fR(8)\f[]
146programs are checked against passwords
147requested by the programs and entered by hand,
148so it is generally appropriate to specify these keys in ASCII format.
149.SH FILES
150.TP 14
151.NOP \fI/etc/ntp.keys\f[]
152the default name of the configuration file
153.PP
154.SH "SEE ALSO"
155\fCntp.conf\f[]\fR(5)\f[],
156\fCntpd\f[]\fR(@NTPD_MS@)\f[],
157\fCntpdate\f[]\fR(@NTPDATE_MS@)\f[],
158\fCntpdc\f[]\fR(@NTPDC_MS@)\f[],
159\fCsntp\f[]\fR(@SNTP_MS@)\f[]
160.SH "AUTHORS"
161The University of Delaware and Network Time Foundation
162.SH "COPYRIGHT"
163Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
164This program is released under the terms of the NTP license, <http://ntp.org/license>.
165.SH "BUGS"
166Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
167.SH NOTES
168This document was derived from FreeBSD.
169.sp \n(Ppu
170.ne 2
171
172This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
173option definitions.
2.\"
3.\" EDIT THIS FILE WITH CAUTION (ntp.man)
4.\"
5.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5
6.\" From the definitions ntp.keys.def
7.\" and the template file agman-file.tpl
8.Sh NAME
9.Nm ntp.keys
10.Nd NTP symmetric key file format
11
12.\"
13.SH NAME
14ntp.keys \- NTP symmetric key file format configuration file
15.de1 NOP
16. it 1 an-trap
17. if \\n[.$] \,\\$*\/
18..
19.ie t \
20.ds B-Font [CB]
21.ds I-Font [CI]
22.ds R-Font [CR]
23.el \
24.ds B-Font B
25.ds I-Font I
26.ds R-Font R
27.SH SYNOPSIS
28\f\*[B-Font]\fP
29[\f\*[B-Font]\-\-option-name\f[]]
30[\f\*[B-Font]\-\-option-name\f[] \f\*[I-Font]value\f[]]
31.sp \n(Ppu
32.ne 2
33
34All arguments must be options.
35.sp \n(Ppu
36.ne 2
37
38.SH DESCRIPTION
39This document describes the format of an NTP symmetric key file.
40For a description of the use of this type of file, see the
41"Authentication Support"
42section of the
43\fCntp.conf\f[]\fR(5)\f[]
44page.
45.sp \n(Ppu
46.ne 2
47
48\fCntpd\f[]\fR(8)\f[]
49reads its keys from a file specified using the
50\f\*[B-Font]\-k\f[]
51command line option or the
52\f\*[B-Font]keys\f[]
53statement in the configuration file.
54While key number 0 is fixed by the NTP standard
55(as 56 zero bits)
56and may not be changed,
57one or more keys numbered between 1 and 65534
58may be arbitrarily set in the keys file.
59.sp \n(Ppu
60.ne 2
61
62The key file uses the same comment conventions
63as the configuration file.
64Key entries use a fixed format of the form
65.sp \n(Ppu
66.ne 2
67
68.in +4
69\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
70.in -4
71.sp \n(Ppu
72.ne 2
73
74where
75\f\*[I-Font]keyno\f[]
76is a positive integer (between 1 and 65534),
77\f\*[I-Font]type\f[]
78is the message digest algorithm,
79and
80\f\*[I-Font]key\f[]
81is the key itself.
82.sp \n(Ppu
83.ne 2
84
85The
86\f\*[I-Font]key\f[]
87may be given in a format
88controlled by the
89\f\*[I-Font]type\f[]
90field.
91The
92\f\*[I-Font]type\f[]
93\f[C]MD5\f[]
94is always supported.
95If
96\f[C]ntpd\f[]
97was built with the OpenSSL library
98then any digest library supported by that library may be specified.
99However, if compliance with FIPS 140-2 is required the
100\f\*[I-Font]type\f[]
101must be either
102\f[C]SHA\f[]
103or
104\f[C]SHA1\f[].
105.sp \n(Ppu
106.ne 2
107
108What follows are some key types, and corresponding formats:
109.sp \n(Ppu
110.ne 2
111
112.TP 7
113.NOP \f[C]MD5\f[]
114The key is 1 to 16 printable characters terminated by
115an EOL,
116whitespace,
117or
118a
119\f[C]#\f[]
120(which is the "start of comment" character).
121.sp \n(Ppu
122.ne 2
123
124.br
125.ns
126.TP 7
127.NOP \f[C]SHA\f[]
128.br
129.ns
130.TP 7
131.NOP \f[C]SHA1\f[]
132.br
133.ns
134.TP 7
135.NOP \f[C]RMD160\f[]
136The key is a hex-encoded ASCII string of 40 characters,
137which is truncated as necessary.
138.PP
139.sp \n(Ppu
140.ne 2
141
142Note that the keys used by the
143\fCntpq\f[]\fR(8)\f[]
144and
145\fCntpdc\f[]\fR(8)\f[]
146programs are checked against passwords
147requested by the programs and entered by hand,
148so it is generally appropriate to specify these keys in ASCII format.
149.SH FILES
150.TP 14
151.NOP \fI/etc/ntp.keys\f[]
152the default name of the configuration file
153.PP
154.SH "SEE ALSO"
155\fCntp.conf\f[]\fR(5)\f[],
156\fCntpd\f[]\fR(@NTPD_MS@)\f[],
157\fCntpdate\f[]\fR(@NTPDATE_MS@)\f[],
158\fCntpdc\f[]\fR(@NTPDC_MS@)\f[],
159\fCsntp\f[]\fR(@SNTP_MS@)\f[]
160.SH "AUTHORS"
161The University of Delaware and Network Time Foundation
162.SH "COPYRIGHT"
163Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
164This program is released under the terms of the NTP license, <http://ntp.org/license>.
165.SH "BUGS"
166Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
167.SH NOTES
168This document was derived from FreeBSD.
169.sp \n(Ppu
170.ne 2
171
172This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
173option definitions.