/* -*- Mode: Text -*- */

autogen definitions options;

#include copyright.def
#include homerc.def
#include autogen-version.def

prog-name      = "ntp-keygen";
prog-title     = "Create a NTP host key";
package        = ntp;

test-main;

include        = '#include <stdlib.h>';
#include       version.def

flag = {
    value     = c;
    name      = certificate;
    arg-type  = string;
    arg-name  = scheme;
    ifdef     = OPENSSL;
    descrip   = "certificate scheme";
    doc = <<-  _EndOfDoc_
	scheme is one of
	RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160,
	DSA-SHA, or DSA-SHA1.

	Select the certificate message digest/signature encryption scheme.
	Note that RSA schemes must be used with a RSA sign key and DSA
	schemes must be used with a DSA sign key.  The default without
	this option is RSA-MD5.
	_EndOfDoc_;
};

#include       debug-opt.def

flag = {
    value     = e;
    name      = id-key;
    ifdef     = OPENSSL;
    descrip   = "Write IFF or GQ identity keys";
    doc = <<-  _EndOfDoc_
	Write the IFF or GQ client keys to the standard output.  This is
	intended for automatic key distribution by mail.
	_EndOfDoc_;
};

flag = {
    value     = G;
    name      = gq-params;
    ifdef     = OPENSSL;
    descrip   = "Generate GQ parameters and keys";
    doc = <<-  _EndOfDoc_
	Generate parameters and keys for the GQ identification scheme,
	obsoleting any that may exist.
	_EndOfDoc_;
};

flag = {
    value     = H;
    name      = host-key;
    ifdef     = OPENSSL;
    descrip   = "generate RSA host key";
    doc = <<-  _EndOfDoc_
	Generate new host keys, obsoleting any that may exist.
	_EndOfDoc_;
};

flag = {
    value     = I;
    name      = iffkey;
    ifdef     = OPENSSL;
    descrip   = "generate IFF parameters";
    doc = <<-  _EndOfDoc_
	Generate parameters for the IFF identification scheme, obsoleting
	any that may exist.
	_EndOfDoc_;
};

flag = {
    value     = i;
    name      = issuer-name;
    ifdef     = OPENSSL;
    arg-type  = string;
    arg-name  = issuer-name;
    descrip   = "set issuer name";
    doc = <<-  _EndOfDoc_
	Set the suject name to name.  This is used as the subject field
	in certificates and in the file name for host and sign keys.
	_EndOfDoc_;
};

flag = {
    value     = M;
    name      = md5key;
    descrip   = "generate MD5 keys";
    doc = <<-  _EndOfDoc_
	Generate MD5 keys, obsoleting any that may exist.
	_EndOfDoc_;
};

flag = {
    value     = m;
    name      = modulus;
    arg-type  = number;
    arg-name  = modulus;
    arg-range = '256->2048';
    ifdef     = OPENSSL;
    descrip   = "modulus";
    doc = <<-  _EndOfDoc_
	The number of bits in the prime modulus.  The default is 512.
	_EndOfDoc_;
};

flag = {
    value     = P;
    name      = pvt-cert;
    ifdef     = OPENSSL;
    descrip   = "generate PC private certificate";
    doc = <<-  _EndOfDoc_
	Generate a private certificate.  By default, the program generates
	public certificates.
	_EndOfDoc_;
};

flag = {
    value     = p;
    name      = pvt-passwd;
    ifdef     = OPENSSL;
    arg-type  = string;
    arg-name  = passwd;
    descrip   = "output private password";
    doc = <<-  _EndOfDoc_
	Encrypt generated files containing private data with the specified
	password and the DES-CBC algorithm.
	_EndOfDoc_;
};

flag = {
    value     = q;
    name      = get-pvt-passwd;
    ifdef     = OPENSSL;
    arg-type  = string;
    arg-name  = passwd;
    descrip   = "input private password";
    doc = <<-  _EndOfDoc_
	Set the password for reading files to the specified password.
	_EndOfDoc_;
};

flag = {
    value     = S;
    name      = sign-key;
    arg-type  = string;
    arg-name  = sign;
    ifdef     = OPENSSL;
    descrip   = "generate sign key (RSA or DSA)";
    doc = <<-  _EndOfDoc_
	Generate a new sign key of the designated type, obsoleting any
	that may exist.  By default, the program uses the host key as the
	sign key.
	_EndOfDoc_;
};

flag = {
    value     = s;
    name      = subject-name;
    arg-type  = string;
    arg-name  = host;
    ifdef     = OPENSSL;
    descrip   = "set subject name";
    doc = <<-  _EndOfDoc_
	Set the issuer name to name.  This is used for the issuer field
	in certificates and in the file name for identity files.
		_EndOfDoc_;
};

flag = {
    value     = T;
    name      = trusted-cert;
    ifdef     = OPENSSL;
    descrip   = "trusted certificate (TC scheme)";
    doc = <<-  _EndOfDoc_
	Generate a trusted certificate.  By default, the program generates
	a non-trusted certificate.
	_EndOfDoc_;
};

flag = {
    value     = V;
    name      = mv-params;
    arg-type  = number;
    arg-name  = num;
    ifdef     = OPENSSL;
    descrip   = "generate <num> MV parameters";
    doc = <<-  _EndOfDoc_
	Generate parameters and keys for the Mu-Varadharajan (MV)
	identification scheme.
	_EndOfDoc_;
};

flag = {
    value     = v;
    name      = mv-keys;
    arg-type  = number;
    arg-name  = num;
    ifdef     = OPENSSL;
    descrip   = "update <num> MV keys";
};

detail = <<-  _EODetail_
	If there is no new host key, look for an existing one.
	If one is not found, create it.
	_EODetail_;