1.de1 NOP 2. it 1 an-trap 3. if \\n[.$] \,\\$*\/ 4.. 5.ie t \ 6.ds B-Font [CB] 7.ds I-Font [CI] 8.ds R-Font [CR] 9.el \ 10.ds B-Font B 11.ds I-Font I 12.ds R-Font R 13.TH ntp-keygen 1ntp-keygenman "23 Jun 2020" "ntp (4.2.8p15)" "User Commands" 14.\" 15.\" EDIT THIS FILE WITH CAUTION (in-mem file) 16.\" 17.\" It has been AutoGen-ed June 23, 2020 at 02:21:08 AM by AutoGen 5.18.5 18.\" From the definitions ntp-keygen-opts.def 19.\" and the template file agman-cmd.tpl 20.SH NAME 21\f\*[B-Font]ntp-keygen\fP 22\- Create a NTP host key 23.SH SYNOPSIS 24\f\*[B-Font]ntp-keygen\fP 25.\" Mixture of short (flag) options and long options 26[\f\*[B-Font]\-flags\f[]] 27[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]] 28[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]] 29.sp \n(Ppu 30.ne 2 31 32All arguments must be options. 33.sp \n(Ppu 34.ne 2 35 36.SH DESCRIPTION 37This program generates cryptographic data files used by the NTPv4 38authentication and identification schemes. 39It can generate message digest keys used in symmetric key cryptography and, 40if the OpenSSL software library has been installed, it can generate host keys, 41signing keys, certificates, and identity keys and parameters used in Autokey 42public key cryptography. 43These files are used for cookie encryption, 44digital signature, and challenge/response identification algorithms 45compatible with the Internet standard security infrastructure. 46.sp \n(Ppu 47.ne 2 48 49The message digest symmetric keys file is generated in a format 50compatible with NTPv3. 51All other files are in PEM-encoded printable ASCII format, 52so they can be embedded as MIME attachments in email to other sites 53and certificate authorities. 54By default, files are not encrypted. 55.sp \n(Ppu 56.ne 2 57 58When used to generate message digest symmetric keys, the program 59produces a file containing ten pseudo-random printable ASCII strings 60suitable for the MD5 message digest algorithm included in the 61distribution. 62If the OpenSSL library is installed, it produces an additional ten 63hex-encoded random bit strings suitable for SHA1, AES-128-CMAC, and 64other message digest algorithms. 65The message digest symmetric keys file must be distributed and stored 66using secure means beyond the scope of NTP itself. 67Besides the keys used for ordinary NTP associations, additional keys 68can be defined as passwords for the 69\fCntpq\f[]\fR(1ntpqmdoc)\f[] 70and 71\fCntpdc\f[]\fR(1ntpdcmdoc)\f[] 72utility programs. 73.sp \n(Ppu 74.ne 2 75 76The remaining generated files are compatible with other OpenSSL 77applications and other Public Key Infrastructure (PKI) resources. 78Certificates generated by this program are compatible with extant 79industry practice, although some users might find the interpretation of 80X509v3 extension fields somewhat liberal. 81However, the identity keys are probably not compatible with anything 82other than Autokey. 83.sp \n(Ppu 84.ne 2 85 86Some files used by this program are encrypted using a private password. 87The 88\f\*[B-Font]\-p\f[] 89option specifies the read password for local encrypted files and the 90\f\*[B-Font]\-q\f[] 91option the write password for encrypted files sent to remote sites. 92If no password is specified, the host name returned by the Unix 93\fChostname\f[]\fR(1)\f[] 94command, normally the DNS name of the host, is used as the the default read 95password, for convenience. 96The 97\f\*[B-Font]ntp-keygen\fP 98program prompts for the password if it reads an encrypted file 99and the password is missing or incorrect. 100If an encrypted file is read successfully and 101no write password is specified, the read password is used 102as the write password by default. 103.sp \n(Ppu 104.ne 2 105 106The 107\f\*[B-Font]pw\f[] 108option of the 109\f\*[B-Font]crypto\f[] 110\fCntpd\f[]\fR(1ntpdmdoc)\f[] 111configuration command specifies the read 112password for previously encrypted local files. 113This must match the local read password used by this program. 114If not specified, the host name is used. 115Thus, if files are generated by this program without an explicit password, 116they can be read back by 117\fCntpd\f[]\fR(1ntpdmdoc)\f[] 118without specifying an explicit password but only on the same host. 119If the write password used for encryption is specified as the host name, 120these files can be read by that host with no explicit password. 121.sp \n(Ppu 122.ne 2 123 124Normally, encrypted files for each host are generated by that host and 125used only by that host, although exceptions exist as noted later on 126this page. 127The symmetric keys file, normally called 128\fIntp.keys\f[], 129is usually installed in 130\fI/etc\f[]. 131Other files and links are usually installed in 132\fI/usr/local/etc\f[], 133which is normally in a shared filesystem in 134NFS-mounted networks and cannot be changed by shared clients. 135In these cases, NFS clients can specify the files in another 136directory such as 137\fI/etc\f[] 138using the 139\f\*[B-Font]keysdir\f[] 140\fCntpd\f[]\fR(1ntpdmdoc)\f[] 141configuration file command. 142.sp \n(Ppu 143.ne 2 144 145This program directs commentary and error messages to the standard 146error stream 147\fIstderr\f[] 148and remote files to the standard output stream 149\fIstdout\f[] 150where they can be piped to other applications or redirected to files. 151The names used for generated files and links all begin with the 152string 153\fIntpkey\&*\f[] 154and include the file type, generating host and filestamp, 155as described in the 156\fICryptographic Data Files\f[] 157section below. 158.SS Running the Program 159The safest way to run the 160\f\*[B-Font]ntp-keygen\fP 161program is logged in directly as root. 162The recommended procedure is change to the 163\f\*[I-Font]keys\f[] 164directory, usually 165\fI/usr/local/etc\f[], 166then run the program. 167.sp \n(Ppu 168.ne 2 169 170To test and gain experience with Autokey concepts, log in as root and 171change to the 172\f\*[I-Font]keys\f[] 173directory, usually 174\fI/usr/local/etc\f[]. 175When run for the first time, or if all files with names beginning with 176\fIntpkey\&*\f[] 177have been removed, use the 178\f\*[B-Font]ntp-keygen\fP 179command without arguments to generate a default 180\f\*[B-Font]RSA\f[] 181host key and matching 182\f\*[B-Font]RSA-MD5\f[] 183certificate file with expiration date one year hence, 184which is all that is necessary in many cases. 185The program also generates soft links from the generic names 186to the respective files. 187If run again without options, the program uses the 188existing keys and parameters and generates a new certificate file with 189new expiration date one year hence, and soft link. 190.sp \n(Ppu 191.ne 2 192 193The host key is used to encrypt the cookie when required and so must be 194\f\*[B-Font]RSA\f[] 195type. 196By default, the host key is also the sign key used to encrypt signatures. 197When necessary, a different sign key can be specified and this can be 198either 199\f\*[B-Font]RSA\f[] 200or 201\f\*[B-Font]DSA\f[] 202type. 203By default, the message digest type is 204\f\*[B-Font]MD5\f[], 205but any combination 206of sign key type and message digest type supported by the OpenSSL library 207can be specified, including those using the 208\f\*[B-Font]AES128CMAC\f[], \f\*[B-Font]MD2\f[], \f\*[B-Font]MD5\f[], \f\*[B-Font]MDC2\f[], \f\*[B-Font]SHA\f[], \f\*[B-Font]SHA1\f[] 209and 210\f\*[B-Font]RIPE160\f[] 211message digest algorithms. 212However, the scheme specified in the certificate must be compatible 213with the sign key. 214Certificates using any digest algorithm are compatible with 215\f\*[B-Font]RSA\f[] 216sign keys; 217however, only 218\f\*[B-Font]SHA\f[] 219and 220\f\*[B-Font]SHA1\f[] 221certificates are compatible with 222\f\*[B-Font]DSA\f[] 223sign keys. 224.sp \n(Ppu 225.ne 2 226 227Private/public key files and certificates are compatible with 228other OpenSSL applications and very likely other libraries as well. 229Certificates or certificate requests derived from them should be compatible 230with extant industry practice, although some users might find 231the interpretation of X509v3 extension fields somewhat liberal. 232However, the identification parameter files, although encoded 233as the other files, are probably not compatible with anything other than Autokey. 234.sp \n(Ppu 235.ne 2 236 237Running the program as other than root and using the Unix 238\fCsu\f[]\fR(1)\f[] 239command 240to assume root may not work properly, since by default the OpenSSL library 241looks for the random seed file 242\fI.rnd\f[] 243in the user home directory. 244However, there should be only one 245\fI.rnd\f[], 246most conveniently 247in the root directory, so it is convenient to define the 248RANDFILE 249environment variable used by the OpenSSL library as the path to 250\fI.rnd\f[]. 251.sp \n(Ppu 252.ne 2 253 254Installing the keys as root might not work in NFS-mounted 255shared file systems, as NFS clients may not be able to write 256to the shared keys directory, even as root. 257In this case, NFS clients can specify the files in another 258directory such as 259\fI/etc\f[] 260using the 261\f\*[B-Font]keysdir\f[] 262\fCntpd\f[]\fR(1ntpdmdoc)\f[] 263configuration file command. 264There is no need for one client to read the keys and certificates 265of other clients or servers, as these data are obtained automatically 266by the Autokey protocol. 267.sp \n(Ppu 268.ne 2 269 270Ordinarily, cryptographic files are generated by the host that uses them, 271but it is possible for a trusted agent (TA) to generate these files 272for other hosts; however, in such cases files should always be encrypted. 273The subject name and trusted name default to the hostname 274of the host generating the files, but can be changed by command line options. 275It is convenient to designate the owner name and trusted name 276as the subject and issuer fields, respectively, of the certificate. 277The owner name is also used for the host and sign key files, 278while the trusted name is used for the identity files. 279.sp \n(Ppu 280.ne 2 281 282All files are installed by default in the keys directory 283\fI/usr/local/etc\f[], 284which is normally in a shared filesystem 285in NFS-mounted networks. 286The actual location of the keys directory 287and each file can be overridden by configuration commands, 288but this is not recommended. 289Normally, the files for each host are generated by that host 290and used only by that host, although exceptions exist 291as noted later on this page. 292.sp \n(Ppu 293.ne 2 294 295Normally, files containing private values, 296including the host key, sign key and identification parameters, 297are permitted root read/write-only; 298while others containing public values are permitted world readable. 299Alternatively, files containing private values can be encrypted 300and these files permitted world readable, 301which simplifies maintenance in shared file systems. 302Since uniqueness is insured by the 303\f\*[I-Font]hostname\f[] 304and 305\f\*[I-Font]filestamp\f[] 306file name extensions, the files for an NTP server and 307dependent clients can all be installed in the same shared directory. 308.sp \n(Ppu 309.ne 2 310 311The recommended practice is to keep the file name extensions 312when installing a file and to install a soft link 313from the generic names specified elsewhere on this page 314to the generated files. 315This allows new file generations to be activated simply 316by changing the link. 317If a link is present, 318\fCntpd\f[]\fR(1ntpdmdoc)\f[] 319follows it to the file name to extract the 320\f\*[I-Font]filestamp\f[]. 321If a link is not present, 322\fCntpd\f[]\fR(1ntpdmdoc)\f[] 323extracts the 324\f\*[I-Font]filestamp\f[] 325from the file itself. 326This allows clients to verify that the file and generation times 327are always current. 328The 329\f\*[B-Font]ntp-keygen\fP 330program uses the same 331\f\*[I-Font]filestamp\f[] 332extension for all files generated 333at one time, so each generation is distinct and can be readily 334recognized in monitoring data. 335.sp \n(Ppu 336.ne 2 337 338Run the command on as many hosts as necessary. 339Designate one of them as the trusted host (TH) using 340\f\*[B-Font]ntp-keygen\fP 341with the 342\f\*[B-Font]\-T\f[] 343option and configure it to synchronize from reliable Internet servers. 344Then configure the other hosts to synchronize to the TH directly or 345indirectly. 346A certificate trail is created when Autokey asks the immediately 347ascendant host towards the TH to sign its certificate, which is then 348provided to the immediately descendant host on request. 349All group hosts should have acyclic certificate trails ending on the TH. 350.sp \n(Ppu 351.ne 2 352 353The host key is used to encrypt the cookie when required and so must be 354RSA type. 355By default, the host key is also the sign key used to encrypt 356signatures. 357A different sign key can be assigned using the 358\f\*[B-Font]\-S\f[] 359option and this can be either 360\f\*[B-Font]RSA\f[] 361or 362\f\*[B-Font]DSA\f[] 363type. 364By default, the signature 365message digest type is 366\f\*[B-Font]MD5\f[], 367but any combination of sign key type and 368message digest type supported by the OpenSSL library can be specified 369using the 370\f\*[B-Font]\-c\f[] 371option. 372.sp \n(Ppu 373.ne 2 374 375The rules say cryptographic media should be generated with proventic 376filestamps, which means the host should already be synchronized before 377this program is run. 378This of course creates a chicken-and-egg problem 379when the host is started for the first time. 380Accordingly, the host time 381should be set by some other means, such as eyeball-and-wristwatch, at 382least so that the certificate lifetime is within the current year. 383After that and when the host is synchronized to a proventic source, the 384certificate should be re-generated. 385.sp \n(Ppu 386.ne 2 387 388Additional information on trusted groups and identity schemes is on the 389\*[Lq]Autokey Public-Key Authentication\*[Rq] 390page. 391.sp \n(Ppu 392.ne 2 393 394File names begin with the prefix 395\fIntpkey\f[]_ 396and end with the suffix 397\fI_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[], 398where 399\f\*[I-Font]hostname\f[] 400is the owner name, usually the string returned 401by the Unix 402\fChostname\f[]\fR(1)\f[] 403command, and 404\f\*[I-Font]filestamp\f[] 405is the NTP seconds when the file was generated, in decimal digits. 406This both guarantees uniqueness and simplifies maintenance 407procedures, since all files can be quickly removed 408by a 409\f\*[B-Font]rm\f[] \fIntpkey\&*\f[] 410command or all files generated 411at a specific time can be removed by a 412\f\*[B-Font]rm\f[] \fI\&*\f[]\f\*[I-Font]filestamp\f[] 413command. 414To further reduce the risk of misconfiguration, 415the first two lines of a file contain the file name 416and generation date and time as comments. 417.SS Trusted Hosts and Groups 418Each cryptographic configuration involves selection of a signature scheme 419and identification scheme, called a cryptotype, 420as explained in the 421\fIAuthentication\f[] \fIOptions\f[] 422section of 423\fCntp.conf\f[]\fR(5)\f[]. 424The default cryptotype uses 425\f\*[B-Font]RSA\f[] 426encryption, 427\f\*[B-Font]MD5\f[] 428message digest 429and 430\f\*[B-Font]TC\f[] 431identification. 432First, configure a NTP subnet including one or more low-stratum 433trusted hosts from which all other hosts derive synchronization 434directly or indirectly. 435Trusted hosts have trusted certificates; 436all other hosts have nontrusted certificates. 437These hosts will automatically and dynamically build authoritative 438certificate trails to one or more trusted hosts. 439A trusted group is the set of all hosts that have, directly or indirectly, 440a certificate trail ending at a trusted host. 441The trail is defined by static configuration file entries 442or dynamic means described on the 443\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[] 444section of 445\fCntp.conf\f[]\fR(5)\f[]. 446.sp \n(Ppu 447.ne 2 448 449On each trusted host as root, change to the keys directory. 450To insure a fresh fileset, remove all 451\fIntpkey\f[] 452files. 453Then run 454\f\*[B-Font]ntp-keygen\fP 455\f\*[B-Font]\-T\f[] 456to generate keys and a trusted certificate. 457On all other hosts do the same, but leave off the 458\f\*[B-Font]\-T\f[] 459flag to generate keys and nontrusted certificates. 460When complete, start the NTP daemons beginning at the lowest stratum 461and working up the tree. 462It may take some time for Autokey to instantiate the certificate trails 463throughout the subnet, but setting up the environment is completely automatic. 464.sp \n(Ppu 465.ne 2 466 467If it is necessary to use a different sign key or different digest/signature 468scheme than the default, run 469\f\*[B-Font]ntp-keygen\fP 470with the 471\f\*[B-Font]\-S\f[] \f\*[I-Font]type\f[] 472option, where 473\f\*[I-Font]type\f[] 474is either 475\f\*[B-Font]RSA\f[] 476or 477\f\*[B-Font]DSA\f[]. 478The most frequent need to do this is when a 479\f\*[B-Font]DSA\f[]\-signed 480certificate is used. 481If it is necessary to use a different certificate scheme than the default, 482run 483\f\*[B-Font]ntp-keygen\fP 484with the 485\f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[] 486option and selected 487\f\*[I-Font]scheme\f[] 488as needed. 489If 490\f\*[B-Font]ntp-keygen\fP 491is run again without these options, it generates a new certificate 492using the same scheme and sign key, and soft link. 493.sp \n(Ppu 494.ne 2 495 496After setting up the environment it is advisable to update certificates 497from time to time, if only to extend the validity interval. 498Simply run 499\f\*[B-Font]ntp-keygen\fP 500with the same flags as before to generate new certificates 501using existing keys, and soft links. 502However, if the host or sign key is changed, 503\fCntpd\f[]\fR(1ntpdmdoc)\f[] 504should be restarted. 505When 506\fCntpd\f[]\fR(1ntpdmdoc)\f[] 507is restarted, it loads any new files and restarts the protocol. 508Other dependent hosts will continue as usual until signatures are refreshed, 509at which time the protocol is restarted. 510.SS Identity Schemes 511As mentioned on the Autonomous Authentication page, 512the default 513\f\*[B-Font]TC\f[] 514identity scheme is vulnerable to a middleman attack. 515However, there are more secure identity schemes available, 516including 517\f\*[B-Font]PC\f[], \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[] 518and 519\f\*[B-Font]MV\f[] 520schemes described below. 521These schemes are based on a TA, one or more trusted hosts 522and some number of nontrusted hosts. 523Trusted hosts prove identity using values provided by the TA, 524while the remaining hosts prove identity using values provided 525by a trusted host and certificate trails that end on that host. 526The name of a trusted host is also the name of its sugroup 527and also the subject and issuer name on its trusted certificate. 528The TA is not necessarily a trusted host in this sense, but often is. 529.sp \n(Ppu 530.ne 2 531 532In some schemes there are separate keys for servers and clients. 533A server can also be a client of another server, 534but a client can never be a server for another client. 535In general, trusted hosts and nontrusted hosts that operate 536as both server and client have parameter files that contain 537both server and client keys. 538Hosts that operate 539only as clients have key files that contain only client keys. 540.sp \n(Ppu 541.ne 2 542 543The PC scheme supports only one trusted host in the group. 544On trusted host alice run 545\f\*[B-Font]ntp-keygen\fP 546\f\*[B-Font]\-P\f[] 547\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[] 548to generate the host key file 549\fIntpkey\f[]_ \f\*[B-Font]RSA\f[] \fIkey_alice.\f[] \f\*[I-Font]filestamp\f[] 550and trusted private certificate file 551\fIntpkey\f[]_ \f\*[B-Font]RSA-MD5\f[] \f\*[B-Font]_\f[] \fIcert_alice.\f[] \f\*[I-Font]filestamp\f[], 552and soft links. 553Copy both files to all group hosts; 554they replace the files which would be generated in other schemes. 555On each host 556\f\*[I-Font]bob\f[] 557install a soft link from the generic name 558\fIntpkey_host_\f[]\f\*[I-Font]bob\f[] 559to the host key file and soft link 560\fIntpkey_cert_\f[]\f\*[I-Font]bob\f[] 561to the private certificate file. 562Note the generic links are on bob, but point to files generated 563by trusted host alice. 564In this scheme it is not possible to refresh 565either the keys or certificates without copying them 566to all other hosts in the group, and recreating the soft links. 567.sp \n(Ppu 568.ne 2 569 570For the 571\f\*[B-Font]IFF\f[] 572scheme proceed as in the 573\f\*[B-Font]TC\f[] 574scheme to generate keys 575and certificates for all group hosts, then for every trusted host in the group, 576generate the 577\f\*[B-Font]IFF\f[] 578parameter file. 579On trusted host alice run 580\f\*[B-Font]ntp-keygen\fP 581\f\*[B-Font]\-T\f[] 582\f\*[B-Font]\-I\f[] 583\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[] 584to produce her parameter file 585\fIntpkey_IFFpar_alice.\f[]\f\*[I-Font]filestamp\f[], 586which includes both server and client keys. 587Copy this file to all group hosts that operate as both servers 588and clients and install a soft link from the generic 589\fIntpkey_iff_alice\f[] 590to this file. 591If there are no hosts restricted to operate only as clients, 592there is nothing further to do. 593As the 594\f\*[B-Font]IFF\f[] 595scheme is independent 596of keys and certificates, these files can be refreshed as needed. 597.sp \n(Ppu 598.ne 2 599 600If a rogue client has the parameter file, it could masquerade 601as a legitimate server and present a middleman threat. 602To eliminate this threat, the client keys can be extracted 603from the parameter file and distributed to all restricted clients. 604After generating the parameter file, on alice run 605\f\*[B-Font]ntp-keygen\fP 606\f\*[B-Font]\-e\f[] 607and pipe the output to a file or email program. 608Copy or email this file to all restricted clients. 609On these clients install a soft link from the generic 610\fIntpkey_iff_alice\f[] 611to this file. 612To further protect the integrity of the keys, 613each file can be encrypted with a secret password. 614.sp \n(Ppu 615.ne 2 616 617For the 618\f\*[B-Font]GQ\f[] 619scheme proceed as in the 620\f\*[B-Font]TC\f[] 621scheme to generate keys 622and certificates for all group hosts, then for every trusted host 623in the group, generate the 624\f\*[B-Font]IFF\f[] 625parameter file. 626On trusted host alice run 627\f\*[B-Font]ntp-keygen\fP 628\f\*[B-Font]\-T\f[] 629\f\*[B-Font]\-G\f[] 630\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[] 631to produce her parameter file 632\fIntpkey_GQpar_alice.\f[]\f\*[I-Font]filestamp\f[], 633which includes both server and client keys. 634Copy this file to all group hosts and install a soft link 635from the generic 636\fIntpkey_gq_alice\f[] 637to this file. 638In addition, on each host 639\f\*[I-Font]bob\f[] 640install a soft link 641from generic 642\fIntpkey_gq_\f[]\f\*[I-Font]bob\f[] 643to this file. 644As the 645\f\*[B-Font]GQ\f[] 646scheme updates the 647\f\*[B-Font]GQ\f[] 648parameters file and certificate 649at the same time, keys and certificates can be regenerated as needed. 650.sp \n(Ppu 651.ne 2 652 653For the 654\f\*[B-Font]MV\f[] 655scheme, proceed as in the 656\f\*[B-Font]TC\f[] 657scheme to generate keys 658and certificates for all group hosts. 659For illustration assume trish is the TA, alice one of several trusted hosts 660and bob one of her clients. 661On TA trish run 662\f\*[B-Font]ntp-keygen\fP 663\f\*[B-Font]\-V\f[] \f\*[I-Font]n\f[] 664\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[], 665where 666\f\*[I-Font]n\f[] 667is the number of revokable keys (typically 5) to produce 668the parameter file 669\fIntpkeys_MVpar_trish.\f[]\f\*[I-Font]filestamp\f[] 670and client key files 671\fIntpkeys_MVkey\f[]\f\*[I-Font]d\f[] \f\*[I-Font]_\f[] \fItrish.\f[] \f\*[I-Font]filestamp\f[] 672where 673\f\*[I-Font]d\f[] 674is the key number (0 \&< 675\f\*[I-Font]d\f[] 676\&< 677\f\*[I-Font]n\f[]). 678Copy the parameter file to alice and install a soft link 679from the generic 680\fIntpkey_mv_alice\f[] 681to this file. 682Copy one of the client key files to alice for later distribution 683to her clients. 684It does not matter which client key file goes to alice, 685since they all work the same way. 686Alice copies the client key file to all of her clients. 687On client bob install a soft link from generic 688\fIntpkey_mvkey_bob\f[] 689to the client key file. 690As the 691\f\*[B-Font]MV\f[] 692scheme is independent of keys and certificates, 693these files can be refreshed as needed. 694.SS Command Line Options 695.TP 7 696.NOP \f\*[B-Font]\-b\f[] \f\*[B-Font]\-\-imbits\f[]= \f\*[I-Font]modulus\f[] 697Set the number of bits in the identity modulus for generating identity keys to 698\f\*[I-Font]modulus\f[] 699bits. 700The number of bits in the identity modulus defaults to 256, but can be set to 701values from 256 to 2048 (32 to 256 octets). 702Use the larger moduli with caution, as this can consume considerable computing 703resources and increases the size of authenticated packets. 704.TP 7 705.NOP \f\*[B-Font]\-c\f[] \f\*[B-Font]\-\-certificate\f[]= \f\*[I-Font]scheme\f[] 706Select certificate signature encryption/message digest scheme. 707The 708\f\*[I-Font]scheme\f[] 709can be one of the following: 710\f\*[B-Font]RSA-MD2\f[], \f\*[B-Font]RSA-MD5\f[], \f\*[B-Font]RSA-MDC2\f[], \f\*[B-Font]RSA-SHA\f[], \f\*[B-Font]RSA-SHA1\f[], \f\*[B-Font]RSA-RIPEMD160\f[], \f\*[B-Font]DSA-SHA\f[], 711or 712\f\*[B-Font]DSA-SHA1\f[]. 713Note that 714\f\*[B-Font]RSA\f[] 715schemes must be used with an 716\f\*[B-Font]RSA\f[] 717sign key and 718\f\*[B-Font]DSA\f[] 719schemes must be used with a 720\f\*[B-Font]DSA\f[] 721sign key. 722The default without this option is 723\f\*[B-Font]RSA-MD5\f[]. 724If compatibility with FIPS 140-2 is required, either the 725\f\*[B-Font]DSA-SHA\f[] 726or 727\f\*[B-Font]DSA-SHA1\f[] 728scheme must be used. 729.TP 7 730.NOP \f\*[B-Font]\-C\f[] \f\*[B-Font]\-\-cipher\f[]= \f\*[I-Font]cipher\f[] 731Select the OpenSSL cipher to encrypt the files containing private keys. 732The default without this option is three-key triple DES in CBC mode, 733\f\*[B-Font]des-ede3-cbc\f[]. 734The 735\f\*[B-Font]openssl\f[] \f\*[B-Font]\-h\f[] 736command provided with OpenSSL displays available ciphers. 737.TP 7 738.NOP \f\*[B-Font]\-d\f[] \f\*[B-Font]\-\-debug-level\f[] 739Increase debugging verbosity level. 740This option displays the cryptographic data produced in eye-friendly billboards. 741.TP 7 742.NOP \f\*[B-Font]\-D\f[] \f\*[B-Font]\-\-set-debug-level\f[]= \f\*[I-Font]level\f[] 743Set the debugging verbosity to 744\f\*[I-Font]level\f[]. 745This option displays the cryptographic data produced in eye-friendly billboards. 746.TP 7 747.NOP \f\*[B-Font]\-e\f[] \f\*[B-Font]\-\-id-key\f[] 748Write the 749\f\*[B-Font]IFF\f[] 750or 751\f\*[B-Font]GQ\f[] 752public parameters from the 753\f\*[I-Font]IFFkey\f[] \f\*[I-Font]or\f[] \f\*[I-Font]GQkey\f[] 754client keys file previously specified 755as unencrypted data to the standard output stream 756\fIstdout\f[]. 757This is intended for automatic key distribution by email. 758.TP 7 759.NOP \f\*[B-Font]\-G\f[] \f\*[B-Font]\-\-gq-params\f[] 760Generate a new encrypted 761\f\*[B-Font]GQ\f[] 762parameters and key file for the Guillou-Quisquater (GQ) identity scheme. 763This option is mutually exclusive with the 764\f\*[B-Font]\-I\f[] 765and 766\f\*[B-Font]\-V\f[] 767options. 768.TP 7 769.NOP \f\*[B-Font]\-H\f[] \f\*[B-Font]\-\-host-key\f[] 770Generate a new encrypted 771\f\*[B-Font]RSA\f[] 772public/private host key file. 773.TP 7 774.NOP \f\*[B-Font]\-I\f[] \f\*[B-Font]\-\-iffkey\f[] 775Generate a new encrypted 776\f\*[B-Font]IFF\f[] 777key file for the Schnorr (IFF) identity scheme. 778This option is mutually exclusive with the 779\f\*[B-Font]\-G\f[] 780and 781Fl V 782options. 783.TP 7 784.NOP \f\*[B-Font]\-i\f[] \f\*[B-Font]\-\-ident\f[]= \f\*[I-Font]group\f[] 785Set the optional Autokey group name to 786\f\*[I-Font]group\f[]. 787This is used in the identity scheme parameter file names of 788\f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[], 789and 790\f\*[B-Font]MV\f[] 791client parameters files. 792In that role, the default is the host name if no group is provided. 793The group name, if specified using 794\f\*[B-Font]\-i\f[] 795or 796\f\*[B-Font]\-s\f[] 797following an 798\[oq]@@\[cq] 799character, is also used in certificate subject and issuer names in the form 800\f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[] 801and should match the group specified via 802\f\*[B-Font]crypto\f[] \f\*[B-Font]ident\f[] 803or 804\f\*[B-Font]server\f[] \f\*[B-Font]ident\f[] 805in the ntpd configuration file. 806.TP 7 807.NOP \f\*[B-Font]\-l\f[] \f\*[B-Font]\-\-lifetime\f[]= \f\*[I-Font]days\f[] 808Set the lifetime for certificate expiration to 809\f\*[I-Font]days\f[]. 810The default lifetime is one year (365 days). 811.TP 7 812.NOP \f\*[B-Font]\-m\f[] \f\*[B-Font]\-\-modulus\f[]= \f\*[I-Font]bits\f[] 813Set the number of bits in the prime modulus for generating files to 814\f\*[I-Font]bits\f[]. 815The modulus defaults to 512, but can be set from 256 to 2048 (32 to 256 octets). 816Use the larger moduli with caution, as this can consume considerable computing 817resources and increases the size of authenticated packets. 818.TP 7 819.NOP \f\*[B-Font]\-M\f[] \f\*[B-Font]\-\-md5key\f[] 820Generate a new symmetric keys file containing 10 821\f\*[B-Font]MD5\f[] 822keys, and if OpenSSL is available, 10 823\f\*[B-Font]SHA\f[] 824keys. 825An 826\f\*[B-Font]MD5\f[] 827key is a string of 20 random printable ASCII characters, while a 828\f\*[B-Font]SHA\f[] 829key is a string of 40 random hex digits. 830The file can be edited using a text editor to change the key type or key content. 831This option is mutually exclusive with all other options. 832.TP 7 833.NOP \f\*[B-Font]\-p\f[] \f\*[B-Font]\-\-password\f[]= \f\*[I-Font]passwd\f[] 834Set the password for reading and writing encrypted files to 835\f\*[I-Font]passwd\f[]. 836These include the host, sign and identify key files. 837By default, the password is the string returned by the Unix 838\f\*[B-Font]hostname\f[] 839command. 840.TP 7 841.NOP \f\*[B-Font]\-P\f[] \f\*[B-Font]\-\-pvt-cert\f[] 842Generate a new private certificate used by the 843\f\*[B-Font]PC\f[] 844identity scheme. 845By default, the program generates public certificates. 846Note: the PC identity scheme is not recommended for new installations. 847.TP 7 848.NOP \f\*[B-Font]\-q\f[] \f\*[B-Font]\-\-export-passwd\f[]= \f\*[I-Font]passwd\f[] 849Set the password for writing encrypted 850\f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[] \f\*[B-Font]and\f[] \f\*[B-Font]MV\f[] 851identity files redirected to 852\fIstdout\f[] 853to 854\f\*[I-Font]passwd\f[]. 855In effect, these files are decrypted with the 856\f\*[B-Font]\-p\f[] 857password, then encrypted with the 858\f\*[B-Font]\-q\f[] 859password. 860By default, the password is the string returned by the Unix 861\f\*[B-Font]hostname\f[] 862command. 863.TP 7 864.NOP \f\*[B-Font]\-s\f[] \f\*[B-Font]\-\-subject-key\f[]= [host] [@@ \f\*[I-Font]group\f[]] 865Specify the Autokey host name, where 866\f\*[I-Font]host\f[] 867is the optional host name and 868\f\*[I-Font]group\f[] 869is the optional group name. 870The host name, and if provided, group name are used in 871\f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[] 872form as certificate subject and issuer. 873Specifying 874\f\*[B-Font]\-s\f[] \f\*[B-Font]\-@@\f[] \f\*[I-Font]group\f[] 875is allowed, and results in leaving the host name unchanged, as with 876\f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[]. 877The group name, or if no group is provided, the host name are also used in the 878file names of 879\f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[], 880and 881\f\*[B-Font]MV\f[] 882identity scheme client parameter files. 883If 884\f\*[I-Font]host\f[] 885is not specified, the default host name is the string returned by the Unix 886\f\*[B-Font]hostname\f[] 887command. 888.TP 7 889.NOP \f\*[B-Font]\-S\f[] \f\*[B-Font]\-\-sign-key\f[]= [\f\*[B-Font]RSA\f[] | \f\*[B-Font]DSA\f[]] 890Generate a new encrypted public/private sign key file of the specified type. 891By default, the sign key is the host key and has the same type. 892If compatibility with FIPS 140-2 is required, the sign key type must be 893\f\*[B-Font]DSA\f[]. 894.TP 7 895.NOP \f\*[B-Font]\-T\f[] \f\*[B-Font]\-\-trusted-cert\f[] 896Generate a trusted certificate. 897By default, the program generates a non-trusted certificate. 898.TP 7 899.NOP \f\*[B-Font]\-V\f[] \f\*[B-Font]\-\-mv-params\f[] \f\*[I-Font]nkeys\f[] 900Generate 901\f\*[I-Font]nkeys\f[] 902encrypted server keys and parameters for the Mu-Varadharajan (MV) 903identity scheme. 904This option is mutually exclusive with the 905\f\*[B-Font]\-I\f[] 906and 907\f\*[B-Font]\-G\f[] 908options. 909Note: support for this option should be considered a work in progress. 910.PP 911.SS Random Seed File 912All cryptographically sound key generation schemes must have means 913to randomize the entropy seed used to initialize 914the internal pseudo-random number generator used 915by the library routines. 916The OpenSSL library uses a designated random seed file for this purpose. 917The file must be available when starting the NTP daemon and 918\f\*[B-Font]ntp-keygen\fP 919program. 920If a site supports OpenSSL or its companion OpenSSH, 921it is very likely that means to do this are already available. 922.sp \n(Ppu 923.ne 2 924 925It is important to understand that entropy must be evolved 926for each generation, for otherwise the random number sequence 927would be predictable. 928Various means dependent on external events, such as keystroke intervals, 929can be used to do this and some systems have built-in entropy sources. 930Suitable means are described in the OpenSSL software documentation, 931but are outside the scope of this page. 932.sp \n(Ppu 933.ne 2 934 935The entropy seed used by the OpenSSL library is contained in a file, 936usually called 937\fI.rnd\f[], 938which must be available when starting the NTP daemon 939or the 940\f\*[B-Font]ntp-keygen\fP 941program. 942The NTP daemon will first look for the file 943using the path specified by the 944\f\*[B-Font]randfile\f[] 945subcommand of the 946\f\*[B-Font]crypto\f[] 947configuration command. 948If not specified in this way, or when starting the 949\f\*[B-Font]ntp-keygen\fP 950program, 951the OpenSSL library will look for the file using the path specified 952by the 953RANDFILE 954environment variable in the user home directory, 955whether root or some other user. 956If the 957RANDFILE 958environment variable is not present, 959the library will look for the 960\fI.rnd\f[] 961file in the user home directory. 962Since both the 963\f\*[B-Font]ntp-keygen\fP 964program and 965\fCntpd\f[]\fR(1ntpdmdoc)\f[] 966daemon must run as root, the logical place to put this file is in 967\fI/.rnd\f[] 968or 969\fI/root/.rnd\f[]. 970If the file is not available or cannot be written, 971the daemon exits with a message to the system log and the program 972exits with a suitable error message. 973.SS Cryptographic Data Files 974All file formats begin with two nonencrypted lines. 975The first line contains the file name, including the generated host name 976and filestamp, in the format 977\fIntpkey_\f[]\f\*[I-Font]key\f[] \f\*[I-Font]_\f[] \f\*[I-Font]name\f[]. \f\*[I-Font]filestamp\f[], 978where 979\f\*[I-Font]key\f[] 980is the key or parameter type, 981\f\*[I-Font]name\f[] 982is the host or group name and 983\f\*[I-Font]filestamp\f[] 984is the filestamp (NTP seconds) when the file was created. 985By convention, 986\f\*[I-Font]key\f[] 987names in generated file names include both upper and lower case 988characters, while 989\f\*[I-Font]key\f[] 990names in generated link names include only lower case characters. 991The filestamp is not used in generated link names. 992The second line contains the datestamp in conventional Unix 993\fIdate\f[] 994format. 995Lines beginning with 996\[oq]#\[cq] 997are considered comments and ignored by the 998\f\*[B-Font]ntp-keygen\fP 999program and 1000\fCntpd\f[]\fR(1ntpdmdoc)\f[] 1001daemon. 1002.sp \n(Ppu 1003.ne 2 1004 1005The remainder of the file contains cryptographic data, encoded first using ASN.1 1006rules, then encrypted if necessary, and finally written in PEM-encoded 1007printable ASCII text, preceded and followed by MIME content identifier lines. 1008.sp \n(Ppu 1009.ne 2 1010 1011The format of the symmetric keys file, ordinarily named 1012\fIntp.keys\f[], 1013is somewhat different than the other files in the interest of backward compatibility. 1014Ordinarily, the file is generated by this program, but it can be constructed 1015and edited using an ordinary text editor. 1016.br 1017.in +4 1018.nf 1019# ntpkey_MD5key_bk.ntp.org.3595864945 1020# Thu Dec 12 19:22:25 2013 10211 MD5 L";Nw<\`.I<f4U0)247"i # MD5 key 10222 MD5 &>l0%XXK9O'51VwV<xq~ # MD5 key 10233 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key 10244 MD5 Yue:tL[+vR)M\`n~bY,'? # MD5 key 10255 MD5 B;fx'Kgr/&4ZTbL6=RxA # MD5 key 10266 MD5 4eYwa\`o}3i@@@@V@@..R9!l # MD5 key 10277 MD5 \`A.([h+;wTQ|xfi%Sn_! # MD5 key 10288 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key 10299 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key 103010 MD5 2late4Me # MD5 key 103111 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key 103212 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key 103313 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key 103414 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key 103515 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key 103616 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key 103717 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key 103818 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key 103919 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key 104020 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key 1041.in -4 1042.fi 1043.in +4 1044Figure 1. Typical Symmetric Key File 1045.in -4 1046.sp \n(Ppu 1047.ne 2 1048 1049Figure 1 shows a typical symmetric keys file used by the reference 1050implementation. 1051Following the header the keys are entered one per line in the format 1052.in +4 1053\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] 1054.in -4 1055where 1056\f\*[I-Font]keyno\f[] 1057is a positive integer in the range 1-65535; 1058\f\*[I-Font]type\f[] 1059is the key type for the message digest algorithm, which in the absence of the 1060OpenSSL library must be 1061\f\*[B-Font]MD5\f[] 1062to designate the MD5 message digest algorithm; 1063if the OpenSSL library is installed, the key type can be any 1064message digest algorithm supported by that library; 1065however, if compatibility with FIPS 140-2 is required, 1066the key type must be either 1067\f\*[B-Font]SHA\f[] 1068or 1069\f\*[B-Font]SHA1\f[]; 1070\f\*[I-Font]key\f[] 1071is the key itself, 1072which is a printable ASCII string 20 characters or less in length: 1073each character is chosen from the 93 printable characters 1074in the range 0x21 through 0x7e ( 1075\[oq]\[cq]! 1076through 1077\[oq]~\[cq] 1078\&) excluding space and the 1079\[oq]#\[cq] 1080character, and terminated by whitespace or a 1081\[oq]#\[cq] 1082character. 1083An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which 1084is truncated as necessary. 1085.sp \n(Ppu 1086.ne 2 1087 1088Note that the keys used by the 1089\fCntpq\f[]\fR(1ntpqmdoc)\f[] 1090and 1091\fCntpdc\f[]\fR(1ntpdcmdoc)\f[] 1092programs 1093are checked against passwords requested by the programs 1094and entered by hand, so it is generally appropriate to specify these keys 1095in human readable ASCII format. 1096.sp \n(Ppu 1097.ne 2 1098 1099The 1100\f\*[B-Font]ntp-keygen\fP 1101program generates a symmetric keys file 1102\fIntpkey_MD5key_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[]. 1103Since the file contains private shared keys, 1104it should be visible only to root and distributed by secure means 1105to other subnet hosts. 1106The NTP daemon loads the file 1107\fIntp.keys\f[], 1108so 1109\f\*[B-Font]ntp-keygen\fP 1110installs a soft link from this name to the generated file. 1111Subsequently, similar soft links must be installed by manual 1112or automated means on the other subnet hosts. 1113While this file is not used with the Autokey Version 2 protocol, 1114it is needed to authenticate some remote configuration commands 1115used by the 1116\fCntpq\f[]\fR(1ntpqmdoc)\f[] 1117and 1118\fCntpdc\f[]\fR(1ntpdcmdoc)\f[] 1119utilities. 1120.SH "OPTIONS" 1121.TP 1122.NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]imbits\f[], \f\*[B-Font]\-\-imbits\f[]=\f\*[I-Font]imbits\f[] 1123identity modulus bits. 1124This option takes an integer number as its argument. 1125The value of 1126\f\*[I-Font]imbits\f[] 1127is constrained to being: 1128.in +4 1129.nf 1130.na 1131in the range 256 through 2048 1132.fi 1133.in -4 1134.sp 1135The number of bits in the identity modulus. The default is 256. 1136.TP 1137.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[], \f\*[B-Font]\-\-certificate\f[]=\f\*[I-Font]scheme\f[] 1138certificate scheme. 1139.sp 1140scheme is one of 1141RSA-MD2, RSA-MD5, RSA-MDC2, RSA-SHA, RSA-SHA1, RSA-RIPEMD160, 1142DSA-SHA, or DSA-SHA1. 1143.sp 1144Select the certificate signature encryption/message digest scheme. 1145Note that RSA schemes must be used with a RSA sign key and DSA 1146schemes must be used with a DSA sign key. The default without 1147this option is RSA-MD5. 1148.TP 1149.NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]cipher\f[], \f\*[B-Font]\-\-cipher\f[]=\f\*[I-Font]cipher\f[] 1150privatekey cipher. 1151.sp 1152Select the cipher which is used to encrypt the files containing 1153private keys. The default is three-key triple DES in CBC mode, 1154equivalent to "\fB-C des-ede3-cbc\fP". The openssl tool lists ciphers 1155available in "\fBopenssl \-h\fP" output. 1156.TP 1157.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[] 1158Increase debug verbosity level. 1159This option may appear an unlimited number of times. 1160.sp 1161.TP 1162.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[] 1163Set the debug verbosity level. 1164This option may appear an unlimited number of times. 1165This option takes an integer number as its argument. 1166.sp 1167.TP 1168.NOP \f\*[B-Font]\-e\f[], \f\*[B-Font]\-\-id\-key\f[] 1169Write IFF or GQ identity keys. 1170.sp 1171Write the public parameters from the IFF or GQ client keys to 1172the standard output. 1173This is intended for automatic key distribution by email. 1174.TP 1175.NOP \f\*[B-Font]\-G\f[], \f\*[B-Font]\-\-gq\-params\f[] 1176Generate GQ parameters and keys. 1177.sp 1178Generate parameters and keys for the GQ identification scheme, 1179obsoleting any that may exist. 1180.TP 1181.NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-host\-key\f[] 1182generate RSA host key. 1183.sp 1184Generate new host keys, obsoleting any that may exist. 1185.TP 1186.NOP \f\*[B-Font]\-I\f[], \f\*[B-Font]\-\-iffkey\f[] 1187generate IFF parameters. 1188.sp 1189Generate parameters for the IFF identification scheme, obsoleting 1190any that may exist. 1191.TP 1192.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[], \f\*[B-Font]\-\-ident\f[]=\f\*[I-Font]group\f[] 1193set Autokey group name. 1194.sp 1195Set the optional Autokey group name to name. This is used in 1196the file name of IFF, GQ, and MV client parameters files. In 1197that role, the default is the host name if this option is not 1198provided. The group name, if specified using \fB-i/--ident\fP or 1199using \fB-s/--subject-name\fP following an '\fB@@\fP' character, 1200is also a part of the self-signed host certificate subject and 1201issuer names in the form \fBhost@@group\fP and should match the 1202'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in the 1203\fBntpd\fP configuration file. 1204.TP 1205.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]lifetime\f[], \f\*[B-Font]\-\-lifetime\f[]=\f\*[I-Font]lifetime\f[] 1206set certificate lifetime. 1207This option takes an integer number as its argument. 1208.sp 1209Set the certificate expiration to lifetime days from now. 1210.TP 1211.NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]modulus\f[], \f\*[B-Font]\-\-modulus\f[]=\f\*[I-Font]modulus\f[] 1212prime modulus. 1213This option takes an integer number as its argument. 1214The value of 1215\f\*[I-Font]modulus\f[] 1216is constrained to being: 1217.in +4 1218.nf 1219.na 1220in the range 256 through 2048 1221.fi 1222.in -4 1223.sp 1224The number of bits in the prime modulus. The default is 512. 1225.TP 1226.NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-md5key\f[] 1227generate symmetric keys. 1228.sp 1229Generate symmetric keys, obsoleting any that may exist. 1230.TP 1231.NOP \f\*[B-Font]\-P\f[], \f\*[B-Font]\-\-pvt\-cert\f[] 1232generate PC private certificate. 1233.sp 1234Generate a private certificate. By default, the program generates 1235public certificates. 1236.TP 1237.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-password\f[]=\f\*[I-Font]passwd\f[] 1238local private password. 1239.sp 1240Local files containing private data are encrypted with the 1241DES-CBC algorithm and the specified password. The same password 1242must be specified to the local ntpd via the "crypto pw password" 1243configuration command. The default password is the local 1244hostname. 1245.TP 1246.NOP \f\*[B-Font]\-q\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-export\-passwd\f[]=\f\*[I-Font]passwd\f[] 1247export IFF or GQ group keys with password. 1248.sp 1249Export IFF or GQ identity group keys to the standard output, 1250encrypted with the DES-CBC algorithm and the specified password. 1251The same password must be specified to the remote ntpd via the 1252"crypto pw password" configuration command. See also the option 1253--id-key (-e) for unencrypted exports. 1254.TP 1255.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]host@group\f[], \f\*[B-Font]\-\-subject\-name\f[]=\f\*[I-Font]host@group\f[] 1256set host and optionally group name. 1257.sp 1258Set the Autokey host name, and optionally, group name specified 1259following an '\fB@@\fP' character. The host name is used in the file 1260name of generated host and signing certificates, without the 1261group name. The host name, and if provided, group name are used 1262in \fBhost@@group\fP form for the host certificate subject and issuer 1263fields. Specifying '\fB-s @@group\fP' is allowed, and results in 1264leaving the host name unchanged while appending \fB@@group\fP to the 1265subject and issuer fields, as with \fB-i group\fP. The group name, or 1266if not provided, the host name are also used in the file names 1267of IFF, GQ, and MV client parameter files. 1268.TP 1269.NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]sign\f[], \f\*[B-Font]\-\-sign\-key\f[]=\f\*[I-Font]sign\f[] 1270generate sign key (RSA or DSA). 1271.sp 1272Generate a new sign key of the designated type, obsoleting any 1273that may exist. By default, the program uses the host key as the 1274sign key. 1275.TP 1276.NOP \f\*[B-Font]\-T\f[], \f\*[B-Font]\-\-trusted\-cert\f[] 1277trusted certificate (TC scheme). 1278.sp 1279Generate a trusted certificate. By default, the program generates 1280a non-trusted certificate. 1281.TP 1282.NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-params\f[]=\f\*[I-Font]num\f[] 1283generate <num> MV parameters. 1284This option takes an integer number as its argument. 1285.sp 1286Generate parameters and keys for the Mu-Varadharajan (MV) 1287identification scheme. 1288.TP 1289.NOP \f\*[B-Font]\-v\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-keys\f[]=\f\*[I-Font]num\f[] 1290update <num> MV keys. 1291This option takes an integer number as its argument. 1292.sp 1293This option has not been fully documented. 1294.TP 1295.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[] 1296Display usage information and exit. 1297.TP 1298.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[] 1299Pass the extended usage information through a pager. 1300.TP 1301.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]] 1302Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP 1303configuration file listed in the \fBOPTION PRESETS\fP section, below. 1304The command will exit after updating the config file. 1305.TP 1306.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[] 1307Load options from \fIcfgfile\fP. 1308The \fIno-load-opts\fP form will disable the loading 1309of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early, 1310out of order. 1311.TP 1312.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}] 1313Output version of program and exit. The default mode is `v', a simple 1314version. The `c' mode will print copyright information and `n' will 1315print the full copyright notice. 1316.PP 1317.SH "OPTION PRESETS" 1318Any option that is not marked as \fInot presettable\fP may be preset 1319by loading values from configuration ("RC" or ".INI") file(s) and values from 1320environment variables named: 1321.nf 1322 \fBNTP_KEYGEN_<option-name>\fP or \fBNTP_KEYGEN\fP 1323.fi 1324.ad 1325The environmental presets take precedence (are processed later than) 1326the configuration files. 1327The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP". 1328If any of these are directories, then the file \fI.ntprc\fP 1329is searched for within those directories. 1330.SH USAGE 1331.SH "ENVIRONMENT" 1332See \fBOPTION PRESETS\fP for configuration environment variables. 1333.SH "FILES" 1334See \fBOPTION PRESETS\fP for configuration files. 1335.SH "EXIT STATUS" 1336One of the following exit values will be returned: 1337.TP 1338.NOP 0 " (EXIT_SUCCESS)" 1339Successful program execution. 1340.TP 1341.NOP 1 " (EXIT_FAILURE)" 1342The operation failed or the command syntax was not valid. 1343.TP 1344.NOP 66 " (EX_NOINPUT)" 1345A specified configuration file could not be loaded. 1346.TP 1347.NOP 70 " (EX_SOFTWARE)" 1348libopts had an internal operational error. Please report 1349it to autogen-users@lists.sourceforge.net. Thank you. 1350.PP 1351.SH "AUTHORS" 1352The University of Delaware and Network Time Foundation 1353.SH "COPYRIGHT" 1354Copyright (C) 1992-2020 The University of Delaware and Network Time Foundation all rights reserved. 1355This program is released under the terms of the NTP license, <http://ntp.org/license>. 1356.SH BUGS 1357It can take quite a while to generate some cryptographic values. 1358.sp \n(Ppu 1359.ne 2 1360 1361Please report bugs to http://bugs.ntp.org . 1362.sp \n(Ppu 1363.ne 2 1364 1365Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org 1366.SH NOTES 1367Portions of this document came from FreeBSD. 1368.sp \n(Ppu 1369.ne 2 1370 1371This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP 1372option definitions. 1373