1338530Sdelphij.Dd August 14 2018 2280849Scy.Dt NTP_KEYGEN 8 User Commands 3280849Scy.Os 4280849Scy.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc) 5158688Spav.\" 6158688Spav.\" $FreeBSD: stable/11/usr.sbin/ntp/doc/ntp-keygen.8 338530 2018-09-08 04:09:30Z delphij $ 7158688Spav.\" 8338530Sdelphij.\" It has been AutoGen-ed August 14, 2018 at 08:30:38 AM by AutoGen 5.18.5 9280849Scy.\" From the definitions ntp-keygen-opts.def 10280849Scy.\" and the template file agmdoc-cmd.tpl 11158688Spav.Sh NAME 12158688Spav.Nm ntp-keygen 13280849Scy.Nd Create a NTP host key 14158688Spav.Sh SYNOPSIS 15158688Spav.Nm 16280849Scy.\" Mixture of short (flag) options and long options 17280849Scy.Op Fl flags 18280849Scy.Op Fl flag Op Ar value 19280849Scy.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc 20280849Scy.Pp 21280849ScyAll arguments must be options. 22280849Scy.Pp 23158688Spav.Sh DESCRIPTION 24158688SpavThis program generates cryptographic data files used by the NTPv4 25158688Spavauthentication and identification schemes. 26330106SdelphijIt can generate message digest keys used in symmetric key cryptography and, 27330106Sdelphijif the OpenSSL software library has been installed, it can generate host keys, 28330106Sdelphijsigning keys, certificates, and identity keys and parameters used in Autokey 29330106Sdelphijpublic key cryptography. 30162893SruThese files are used for cookie encryption, 31330106Sdelphijdigital signature, and challenge/response identification algorithms 32158688Spavcompatible with the Internet standard security infrastructure. 33158688Spav.Pp 34330106SdelphijThe message digest symmetric keys file is generated in a format 35330106Sdelphijcompatible with NTPv3. 36330106SdelphijAll other files are in PEM\-encoded printable ASCII format, 37330106Sdelphijso they can be embedded as MIME attachments in email to other sites 38158688Spavand certificate authorities. 39162893SruBy default, files are not encrypted. 40280849Scy.Pp 41330106SdelphijWhen used to generate message digest symmetric keys, the program 42330106Sdelphijproduces a file containing ten pseudo\-random printable ASCII strings 43330106Sdelphijsuitable for the MD5 message digest algorithm included in the 44330106Sdelphijdistribution. 45280849ScyIf the OpenSSL library is installed, it produces an additional ten 46330106Sdelphijhex\-encoded random bit strings suitable for SHA1, AES\-128\-CMAC, and 47330106Sdelphijother message digest algorithms. 48330106SdelphijThe message digest symmetric keys file must be distributed and stored 49280849Scyusing secure means beyond the scope of NTP itself. 50280849ScyBesides the keys used for ordinary NTP associations, additional keys 51280849Scycan be defined as passwords for the 52280849Scy.Xr ntpq 8 53280849Scyand 54280849Scy.Xr ntpdc 8 55280849Scyutility programs. 56280849Scy.Pp 57280849ScyThe remaining generated files are compatible with other OpenSSL 58280849Scyapplications and other Public Key Infrastructure (PKI) resources. 59280849ScyCertificates generated by this program are compatible with extant 60280849Scyindustry practice, although some users might find the interpretation of 61280849ScyX509v3 extension fields somewhat liberal. 62280849ScyHowever, the identity keys are probably not compatible with anything 63280849Scyother than Autokey. 64280849Scy.Pp 65280849ScySome files used by this program are encrypted using a private password. 66162893SruThe 67280849Scy.Fl p 68330106Sdelphijoption specifies the read password for local encrypted files and the 69280849Scy.Fl q 70330106Sdelphijoption the write password for encrypted files sent to remote sites. 71280849ScyIf no password is specified, the host name returned by the Unix 72330106Sdelphij.Xr hostname 1 73330106Sdelphijcommand, normally the DNS name of the host, is used as the the default read 74330106Sdelphijpassword, for convenience. 75330106SdelphijThe 76330106Sdelphij.Nm 77330106Sdelphijprogram prompts for the password if it reads an encrypted file 78330106Sdelphijand the password is missing or incorrect. 79330106SdelphijIf an encrypted file is read successfully and 80330106Sdelphijno write password is specified, the read password is used 81330106Sdelphijas the write password by default. 82280849Scy.Pp 83158688SpavThe 84330106Sdelphij.Cm pw 85280849Scyoption of the 86330106Sdelphij.Ic crypto 87330106Sdelphij.Xr ntpd 8 88280849Scyconfiguration command specifies the read 89280849Scypassword for previously encrypted local files. 90330106SdelphijThis must match the local read password used by this program. 91280849ScyIf not specified, the host name is used. 92330106SdelphijThus, if files are generated by this program without an explicit password, 93280849Scythey can be read back by 94330106Sdelphij.Xr ntpd 8 95330106Sdelphijwithout specifying an explicit password but only on the same host. 96330106SdelphijIf the write password used for encryption is specified as the host name, 97330106Sdelphijthese files can be read by that host with no explicit password. 98280849Scy.Pp 99280849ScyNormally, encrypted files for each host are generated by that host and 100280849Scyused only by that host, although exceptions exist as noted later on 101280849Scythis page. 102280849ScyThe symmetric keys file, normally called 103330106Sdelphij.Pa ntp.keys , 104280849Scyis usually installed in 105280849Scy.Pa /etc . 106280849ScyOther files and links are usually installed in 107280849Scy.Pa /usr/local/etc , 108280849Scywhich is normally in a shared filesystem in 109280849ScyNFS\-mounted networks and cannot be changed by shared clients. 110330106SdelphijIn these cases, NFS clients can specify the files in another 111330106Sdelphijdirectory such as 112330106Sdelphij.Pa /etc 113330106Sdelphijusing the 114330106Sdelphij.Ic keysdir 115330106Sdelphij.Xr ntpd 8 116330106Sdelphijconfiguration file command. 117280849Scy.Pp 118280849ScyThis program directs commentary and error messages to the standard 119280849Scyerror stream 120330106Sdelphij.Pa stderr 121280849Scyand remote files to the standard output stream 122330106Sdelphij.Pa stdout 123280849Scywhere they can be piped to other applications or redirected to files. 124280849ScyThe names used for generated files and links all begin with the 125280849Scystring 126330106Sdelphij.Pa ntpkey\&* 127280849Scyand include the file type, generating host and filestamp, 128280849Scyas described in the 129330106Sdelphij.Sx "Cryptographic Data Files" 130280849Scysection below. 131280849Scy.Ss Running the Program 132158688SpavThe safest way to run the 133158688Spav.Nm 134158688Spavprogram is logged in directly as root. 135330106SdelphijThe recommended procedure is change to the 136330106Sdelphij.Ar keys 137330106Sdelphijdirectory, usually 138185072Sdanger.Pa /usr/local/etc , 139162893Sruthen run the program. 140330106Sdelphij.Pp 141330106SdelphijTo test and gain experience with Autokey concepts, log in as root and 142330106Sdelphijchange to the 143330106Sdelphij.Ar keys 144330106Sdelphijdirectory, usually 145330106Sdelphij.Pa /usr/local/etc . 146330106SdelphijWhen run for the first time, or if all files with names beginning with 147330106Sdelphij.Pa ntpkey\&* 148330106Sdelphijhave been removed, use the 149330106Sdelphij.Nm 150330106Sdelphijcommand without arguments to generate a default 151330106Sdelphij.Cm RSA 152330106Sdelphijhost key and matching 153330106Sdelphij.Cm RSA\-MD5 154330106Sdelphijcertificate file with expiration date one year hence, 155158688Spavwhich is all that is necessary in many cases. 156158688SpavThe program also generates soft links from the generic names 157158688Spavto the respective files. 158330106SdelphijIf run again without options, the program uses the 159330106Sdelphijexisting keys and parameters and generates a new certificate file with 160330106Sdelphijnew expiration date one year hence, and soft link. 161158688Spav.Pp 162330106SdelphijThe host key is used to encrypt the cookie when required and so must be 163330106Sdelphij.Cm RSA 164330106Sdelphijtype. 165158688SpavBy default, the host key is also the sign key used to encrypt signatures. 166158688SpavWhen necessary, a different sign key can be specified and this can be 167330106Sdelphijeither 168330106Sdelphij.Cm RSA 169330106Sdelphijor 170330106Sdelphij.Cm DSA 171330106Sdelphijtype. 172330106SdelphijBy default, the message digest type is 173330106Sdelphij.Cm MD5 , 174330106Sdelphijbut any combination 175158688Spavof sign key type and message digest type supported by the OpenSSL library 176330106Sdelphijcan be specified, including those using the 177330106Sdelphij.Cm AES128CMAC , MD2 , MD5 , MDC2 , SHA , SHA1 178330106Sdelphijand 179330106Sdelphij.Cm RIPE160 180330106Sdelphijmessage digest algorithms. 181158688SpavHowever, the scheme specified in the certificate must be compatible 182158688Spavwith the sign key. 183330106SdelphijCertificates using any digest algorithm are compatible with 184330106Sdelphij.Cm RSA 185330106Sdelphijsign keys; 186330106Sdelphijhowever, only 187330106Sdelphij.Cm SHA 188330106Sdelphijand 189330106Sdelphij.Cm SHA1 190330106Sdelphijcertificates are compatible with 191330106Sdelphij.Cm DSA 192330106Sdelphijsign keys. 193158688Spav.Pp 194158688SpavPrivate/public key files and certificates are compatible with 195158688Spavother OpenSSL applications and very likely other libraries as well. 196158688SpavCertificates or certificate requests derived from them should be compatible 197158688Spavwith extant industry practice, although some users might find 198158688Spavthe interpretation of X509v3 extension fields somewhat liberal. 199158688SpavHowever, the identification parameter files, although encoded 200158688Spavas the other files, are probably not compatible with anything other than Autokey. 201158688Spav.Pp 202158688SpavRunning the program as other than root and using the Unix 203330106Sdelphij.Xr su 1 204158688Spavcommand 205158688Spavto assume root may not work properly, since by default the OpenSSL library 206158688Spavlooks for the random seed file 207330106Sdelphij.Pa .rnd 208158688Spavin the user home directory. 209158688SpavHowever, there should be only one 210330106Sdelphij.Pa .rnd , 211158688Spavmost conveniently 212158688Spavin the root directory, so it is convenient to define the 213330106Sdelphij.Ev RANDFILE 214158688Spavenvironment variable used by the OpenSSL library as the path to 215330106Sdelphij.Pa .rnd . 216158688Spav.Pp 217280849ScyInstalling the keys as root might not work in NFS\-mounted 218158688Spavshared file systems, as NFS clients may not be able to write 219158688Spavto the shared keys directory, even as root. 220158688SpavIn this case, NFS clients can specify the files in another 221158688Spavdirectory such as 222158688Spav.Pa /etc 223158688Spavusing the 224158688Spav.Ic keysdir 225330106Sdelphij.Xr ntpd 8 226330106Sdelphijconfiguration file command. 227158688SpavThere is no need for one client to read the keys and certificates 228158688Spavof other clients or servers, as these data are obtained automatically 229158688Spavby the Autokey protocol. 230158688Spav.Pp 231158688SpavOrdinarily, cryptographic files are generated by the host that uses them, 232158688Spavbut it is possible for a trusted agent (TA) to generate these files 233158688Spavfor other hosts; however, in such cases files should always be encrypted. 234158688SpavThe subject name and trusted name default to the hostname 235158688Spavof the host generating the files, but can be changed by command line options. 236158688SpavIt is convenient to designate the owner name and trusted name 237158688Spavas the subject and issuer fields, respectively, of the certificate. 238158688SpavThe owner name is also used for the host and sign key files, 239158688Spavwhile the trusted name is used for the identity files. 240280849Scy.Pp 241280849ScyAll files are installed by default in the keys directory 242280849Scy.Pa /usr/local/etc , 243280849Scywhich is normally in a shared filesystem 244280849Scyin NFS\-mounted networks. 245280849ScyThe actual location of the keys directory 246280849Scyand each file can be overridden by configuration commands, 247280849Scybut this is not recommended. 248280849ScyNormally, the files for each host are generated by that host 249280849Scyand used only by that host, although exceptions exist 250280849Scyas noted later on this page. 251280849Scy.Pp 252280849ScyNormally, files containing private values, 253280849Scyincluding the host key, sign key and identification parameters, 254280849Scyare permitted root read/write\-only; 255280849Scywhile others containing public values are permitted world readable. 256280849ScyAlternatively, files containing private values can be encrypted 257280849Scyand these files permitted world readable, 258280849Scywhich simplifies maintenance in shared file systems. 259330106SdelphijSince uniqueness is insured by the 260330106Sdelphij.Ar hostname 261330106Sdelphijand 262330106Sdelphij.Ar filestamp 263330106Sdelphijfile name extensions, the files for an NTP server and 264280849Scydependent clients can all be installed in the same shared directory. 265280849Scy.Pp 266280849ScyThe recommended practice is to keep the file name extensions 267280849Scywhen installing a file and to install a soft link 268280849Scyfrom the generic names specified elsewhere on this page 269280849Scyto the generated files. 270280849ScyThis allows new file generations to be activated simply 271280849Scyby changing the link. 272330106SdelphijIf a link is present, 273330106Sdelphij.Xr ntpd 8 274330106Sdelphijfollows it to the file name to extract the 275330106Sdelphij.Ar filestamp . 276280849ScyIf a link is not present, 277280849Scy.Xr ntpd 8 278330106Sdelphijextracts the 279330106Sdelphij.Ar filestamp 280330106Sdelphijfrom the file itself. 281280849ScyThis allows clients to verify that the file and generation times 282280849Scyare always current. 283280849ScyThe 284280849Scy.Nm 285330106Sdelphijprogram uses the same 286330106Sdelphij.Ar filestamp 287330106Sdelphijextension for all files generated 288280849Scyat one time, so each generation is distinct and can be readily 289280849Scyrecognized in monitoring data. 290330106Sdelphij.Pp 291330106SdelphijRun the command on as many hosts as necessary. 292330106SdelphijDesignate one of them as the trusted host (TH) using 293280849Scy.Nm 294330106Sdelphijwith the 295330106Sdelphij.Fl T 296330106Sdelphijoption and configure it to synchronize from reliable Internet servers. 297330106SdelphijThen configure the other hosts to synchronize to the TH directly or 298330106Sdelphijindirectly. 299330106SdelphijA certificate trail is created when Autokey asks the immediately 300330106Sdelphijascendant host towards the TH to sign its certificate, which is then 301330106Sdelphijprovided to the immediately descendant host on request. 302330106SdelphijAll group hosts should have acyclic certificate trails ending on the TH. 303280849Scy.Pp 304330106SdelphijThe host key is used to encrypt the cookie when required and so must be 305330106SdelphijRSA type. 306330106SdelphijBy default, the host key is also the sign key used to encrypt 307330106Sdelphijsignatures. 308330106SdelphijA different sign key can be assigned using the 309330106Sdelphij.Fl S 310330106Sdelphijoption and this can be either 311330106Sdelphij.Cm RSA 312330106Sdelphijor 313330106Sdelphij.Cm DSA 314330106Sdelphijtype. 315330106SdelphijBy default, the signature 316330106Sdelphijmessage digest type is 317330106Sdelphij.Cm MD5 , 318330106Sdelphijbut any combination of sign key type and 319330106Sdelphijmessage digest type supported by the OpenSSL library can be specified 320330106Sdelphijusing the 321330106Sdelphij.Fl c 322330106Sdelphijoption. 323280849Scy.Pp 324330106SdelphijThe rules say cryptographic media should be generated with proventic 325330106Sdelphijfilestamps, which means the host should already be synchronized before 326330106Sdelphijthis program is run. 327330106SdelphijThis of course creates a chicken\-and\-egg problem 328330106Sdelphijwhen the host is started for the first time. 329330106SdelphijAccordingly, the host time 330330106Sdelphijshould be set by some other means, such as eyeball\-and\-wristwatch, at 331330106Sdelphijleast so that the certificate lifetime is within the current year. 332330106SdelphijAfter that and when the host is synchronized to a proventic source, the 333330106Sdelphijcertificate should be re\-generated. 334280849Scy.Pp 335330106SdelphijAdditional information on trusted groups and identity schemes is on the 336330106Sdelphij.Dq Autokey Public\-Key Authentication 337330106Sdelphijpage. 338280849Scy.Pp 339330106SdelphijFile names begin with the prefix 340330106Sdelphij.Pa ntpkey Ns _ 341330106Sdelphijand end with the suffix 342330106Sdelphij.Pa _ Ns Ar hostname . Ar filestamp , 343330106Sdelphijwhere 344330106Sdelphij.Ar hostname 345330106Sdelphijis the owner name, usually the string returned 346330106Sdelphijby the Unix 347330106Sdelphij.Xr hostname 1 348330106Sdelphijcommand, and 349330106Sdelphij.Ar filestamp 350330106Sdelphijis the NTP seconds when the file was generated, in decimal digits. 351330106SdelphijThis both guarantees uniqueness and simplifies maintenance 352330106Sdelphijprocedures, since all files can be quickly removed 353330106Sdelphijby a 354330106Sdelphij.Ic rm Pa ntpkey\&* 355330106Sdelphijcommand or all files generated 356330106Sdelphijat a specific time can be removed by a 357330106Sdelphij.Ic rm Pa \&* Ns Ar filestamp 358280849Scycommand. 359330106SdelphijTo further reduce the risk of misconfiguration, 360330106Sdelphijthe first two lines of a file contain the file name 361330106Sdelphijand generation date and time as comments. 362330106Sdelphij.Ss Trusted Hosts and Groups 363158688SpavEach cryptographic configuration involves selection of a signature scheme 364158688Spavand identification scheme, called a cryptotype, 365158688Spavas explained in the 366158688Spav.Sx Authentication Options 367158688Spavsection of 368158688Spav.Xr ntp.conf 5 . 369330106SdelphijThe default cryptotype uses 370330106Sdelphij.Cm RSA 371330106Sdelphijencryption, 372330106Sdelphij.Cm MD5 373330106Sdelphijmessage digest 374330106Sdelphijand 375330106Sdelphij.Cm TC 376330106Sdelphijidentification. 377280849ScyFirst, configure a NTP subnet including one or more low\-stratum 378158688Spavtrusted hosts from which all other hosts derive synchronization 379162893Srudirectly or indirectly. 380162893SruTrusted hosts have trusted certificates; 381158688Spavall other hosts have nontrusted certificates. 382158688SpavThese hosts will automatically and dynamically build authoritative 383158688Spavcertificate trails to one or more trusted hosts. 384158688SpavA trusted group is the set of all hosts that have, directly or indirectly, 385158688Spava certificate trail ending at a trusted host. 386158688SpavThe trail is defined by static configuration file entries 387158688Spavor dynamic means described on the 388158688Spav.Sx Automatic NTP Configuration Options 389158688Spavsection of 390158688Spav.Xr ntp.conf 5 . 391158688Spav.Pp 392158688SpavOn each trusted host as root, change to the keys directory. 393158688SpavTo insure a fresh fileset, remove all 394330106Sdelphij.Pa ntpkey 395158688Spavfiles. 396158688SpavThen run 397158688Spav.Nm 398158688Spav.Fl T 399158688Spavto generate keys and a trusted certificate. 400158688SpavOn all other hosts do the same, but leave off the 401158688Spav.Fl T 402158688Spavflag to generate keys and nontrusted certificates. 403158688SpavWhen complete, start the NTP daemons beginning at the lowest stratum 404158688Spavand working up the tree. 405158688SpavIt may take some time for Autokey to instantiate the certificate trails 406158688Spavthroughout the subnet, but setting up the environment is completely automatic. 407158688Spav.Pp 408158688SpavIf it is necessary to use a different sign key or different digest/signature 409158688Spavscheme than the default, run 410158688Spav.Nm 411158688Spavwith the 412158688Spav.Fl S Ar type 413158688Spavoption, where 414158688Spav.Ar type 415158688Spavis either 416158688Spav.Cm RSA 417158688Spavor 418158688Spav.Cm DSA . 419330106SdelphijThe most frequent need to do this is when a 420330106Sdelphij.Cm DSA Ns \-signed 421330106Sdelphijcertificate is used. 422158688SpavIf it is necessary to use a different certificate scheme than the default, 423158688Spavrun 424158688Spav.Nm 425158688Spavwith the 426158688Spav.Fl c Ar scheme 427158688Spavoption and selected 428158688Spav.Ar scheme 429158688Spavas needed. 430330106SdelphijIf 431158688Spav.Nm 432158688Spavis run again without these options, it generates a new certificate 433330106Sdelphijusing the same scheme and sign key, and soft link. 434158688Spav.Pp 435158688SpavAfter setting up the environment it is advisable to update certificates 436158688Spavfrom time to time, if only to extend the validity interval. 437158688SpavSimply run 438158688Spav.Nm 439158688Spavwith the same flags as before to generate new certificates 440330106Sdelphijusing existing keys, and soft links. 441158688SpavHowever, if the host or sign key is changed, 442158688Spav.Xr ntpd 8 443158688Spavshould be restarted. 444158688SpavWhen 445158688Spav.Xr ntpd 8 446158688Spavis restarted, it loads any new files and restarts the protocol. 447158688SpavOther dependent hosts will continue as usual until signatures are refreshed, 448158688Spavat which time the protocol is restarted. 449158688Spav.Ss Identity Schemes 450158688SpavAs mentioned on the Autonomous Authentication page, 451330106Sdelphijthe default 452330106Sdelphij.Cm TC 453330106Sdelphijidentity scheme is vulnerable to a middleman attack. 454158688SpavHowever, there are more secure identity schemes available, 455330106Sdelphijincluding 456330106Sdelphij.Cm PC , IFF , GQ 457330106Sdelphijand 458330106Sdelphij.Cm MV 459330106Sdelphijschemes described below. 460158688SpavThese schemes are based on a TA, one or more trusted hosts 461158688Spavand some number of nontrusted hosts. 462158688SpavTrusted hosts prove identity using values provided by the TA, 463158688Spavwhile the remaining hosts prove identity using values provided 464158688Spavby a trusted host and certificate trails that end on that host. 465158688SpavThe name of a trusted host is also the name of its sugroup 466158688Spavand also the subject and issuer name on its trusted certificate. 467158688SpavThe TA is not necessarily a trusted host in this sense, but often is. 468158688Spav.Pp 469158688SpavIn some schemes there are separate keys for servers and clients. 470158688SpavA server can also be a client of another server, 471158688Spavbut a client can never be a server for another client. 472158688SpavIn general, trusted hosts and nontrusted hosts that operate 473158688Spavas both server and client have parameter files that contain 474162893Sruboth server and client keys. 475162893SruHosts that operate 476158688Spavonly as clients have key files that contain only client keys. 477158688Spav.Pp 478158688SpavThe PC scheme supports only one trusted host in the group. 479158688SpavOn trusted host alice run 480158688Spav.Nm 481158688Spav.Fl P 482158688Spav.Fl p Ar password 483158688Spavto generate the host key file 484330106Sdelphij.Pa ntpkey Ns _ Cm RSA Pa key_alice. Ar filestamp 485158688Spavand trusted private certificate file 486330106Sdelphij.Pa ntpkey Ns _ Cm RSA\-MD5 _ Pa cert_alice. Ar filestamp , 487330106Sdelphijand soft links. 488158688SpavCopy both files to all group hosts; 489158688Spavthey replace the files which would be generated in other schemes. 490330106SdelphijOn each host 491330106Sdelphij.Ar bob 492330106Sdelphijinstall a soft link from the generic name 493158688Spav.Pa ntpkey_host_ Ns Ar bob 494158688Spavto the host key file and soft link 495158688Spav.Pa ntpkey_cert_ Ns Ar bob 496158688Spavto the private certificate file. 497158688SpavNote the generic links are on bob, but point to files generated 498162893Sruby trusted host alice. 499162893SruIn this scheme it is not possible to refresh 500158688Spaveither the keys or certificates without copying them 501330106Sdelphijto all other hosts in the group, and recreating the soft links. 502158688Spav.Pp 503330106SdelphijFor the 504330106Sdelphij.Cm IFF 505330106Sdelphijscheme proceed as in the 506330106Sdelphij.Cm TC 507330106Sdelphijscheme to generate keys 508158688Spavand certificates for all group hosts, then for every trusted host in the group, 509330106Sdelphijgenerate the 510330106Sdelphij.Cm IFF 511330106Sdelphijparameter file. 512158688SpavOn trusted host alice run 513158688Spav.Nm 514158688Spav.Fl T 515158688Spav.Fl I 516158688Spav.Fl p Ar password 517158688Spavto produce her parameter file 518330106Sdelphij.Pa ntpkey_IFFpar_alice. Ns Ar filestamp , 519158688Spavwhich includes both server and client keys. 520158688SpavCopy this file to all group hosts that operate as both servers 521158688Spavand clients and install a soft link from the generic 522330106Sdelphij.Pa ntpkey_iff_alice 523158688Spavto this file. 524158688SpavIf there are no hosts restricted to operate only as clients, 525162893Sruthere is nothing further to do. 526330106SdelphijAs the 527330106Sdelphij.Cm IFF 528330106Sdelphijscheme is independent 529158688Spavof keys and certificates, these files can be refreshed as needed. 530158688Spav.Pp 531158688SpavIf a rogue client has the parameter file, it could masquerade 532158688Spavas a legitimate server and present a middleman threat. 533158688SpavTo eliminate this threat, the client keys can be extracted 534158688Spavfrom the parameter file and distributed to all restricted clients. 535158688SpavAfter generating the parameter file, on alice run 536158688Spav.Nm 537158688Spav.Fl e 538330106Sdelphijand pipe the output to a file or email program. 539330106SdelphijCopy or email this file to all restricted clients. 540158688SpavOn these clients install a soft link from the generic 541330106Sdelphij.Pa ntpkey_iff_alice 542162893Sruto this file. 543162893SruTo further protect the integrity of the keys, 544158688Spaveach file can be encrypted with a secret password. 545158688Spav.Pp 546330106SdelphijFor the 547330106Sdelphij.Cm GQ 548330106Sdelphijscheme proceed as in the 549330106Sdelphij.Cm TC 550330106Sdelphijscheme to generate keys 551158688Spavand certificates for all group hosts, then for every trusted host 552330106Sdelphijin the group, generate the 553330106Sdelphij.Cm IFF 554330106Sdelphijparameter file. 555158688SpavOn trusted host alice run 556158688Spav.Nm 557158688Spav.Fl T 558158688Spav.Fl G 559158688Spav.Fl p Ar password 560158688Spavto produce her parameter file 561330106Sdelphij.Pa ntpkey_GQpar_alice. Ns Ar filestamp , 562158688Spavwhich includes both server and client keys. 563158688SpavCopy this file to all group hosts and install a soft link 564158688Spavfrom the generic 565330106Sdelphij.Pa ntpkey_gq_alice 566158688Spavto this file. 567330106SdelphijIn addition, on each host 568330106Sdelphij.Ar bob 569330106Sdelphijinstall a soft link 570158688Spavfrom generic 571158688Spav.Pa ntpkey_gq_ Ns Ar bob 572158688Spavto this file. 573330106SdelphijAs the 574330106Sdelphij.Cm GQ 575330106Sdelphijscheme updates the 576330106Sdelphij.Cm GQ 577330106Sdelphijparameters file and certificate 578158688Spavat the same time, keys and certificates can be regenerated as needed. 579158688Spav.Pp 580330106SdelphijFor the 581330106Sdelphij.Cm MV 582330106Sdelphijscheme, proceed as in the 583330106Sdelphij.Cm TC 584330106Sdelphijscheme to generate keys 585158688Spavand certificates for all group hosts. 586158688SpavFor illustration assume trish is the TA, alice one of several trusted hosts 587162893Sruand bob one of her clients. 588162893SruOn TA trish run 589158688Spav.Nm 590158688Spav.Fl V Ar n 591158688Spav.Fl p Ar password , 592158688Spavwhere 593158688Spav.Ar n 594158688Spavis the number of revokable keys (typically 5) to produce 595158688Spavthe parameter file 596330106Sdelphij.Pa ntpkeys_MVpar_trish. Ns Ar filestamp 597158688Spavand client key files 598330106Sdelphij.Pa ntpkeys_MVkey Ns Ar d _ Pa trish. Ar filestamp 599158688Spavwhere 600158688Spav.Ar d 601158688Spavis the key number (0 \&< 602158688Spav.Ar d 603158688Spav\&< 604158688Spav.Ar n ) . 605158688SpavCopy the parameter file to alice and install a soft link 606158688Spavfrom the generic 607330106Sdelphij.Pa ntpkey_mv_alice 608158688Spavto this file. 609158688SpavCopy one of the client key files to alice for later distribution 610158688Spavto her clients. 611330106SdelphijIt does not matter which client key file goes to alice, 612158688Spavsince they all work the same way. 613330106SdelphijAlice copies the client key file to all of her clients. 614158688SpavOn client bob install a soft link from generic 615330106Sdelphij.Pa ntpkey_mvkey_bob 616158688Spavto the client key file. 617330106SdelphijAs the 618330106Sdelphij.Cm MV 619330106Sdelphijscheme is independent of keys and certificates, 620158688Spavthese files can be refreshed as needed. 621158688Spav.Ss Command Line Options 622158688Spav.Bl -tag -width indent 623330106Sdelphij.It Fl b Fl \-imbits Ns = Ar modulus 624330106SdelphijSet the number of bits in the identity modulus for generating identity keys to 625330106Sdelphij.Ar modulus 626330106Sdelphijbits. 627330106SdelphijThe number of bits in the identity modulus defaults to 256, but can be set to 628330106Sdelphijvalues from 256 to 2048 (32 to 256 octets). 629330106SdelphijUse the larger moduli with caution, as this can consume considerable computing 630330106Sdelphijresources and increases the size of authenticated packets. 631330106Sdelphij.It Fl c Fl \-certificate Ns = Ar scheme 632330106SdelphijSelect certificate signature encryption/message digest scheme. 633162893SruThe 634162893Sru.Ar scheme 635162893Srucan be one of the following: 636330106Sdelphij.Cm RSA\-MD2 , RSA\-MD5 , RSA\-MDC2 , RSA\-SHA , RSA\-SHA1 , RSA\-RIPEMD160 , DSA\-SHA , 637162893Sruor 638280849Scy.Cm DSA\-SHA1 . 639330106SdelphijNote that 640330106Sdelphij.Cm RSA 641330106Sdelphijschemes must be used with an 642330106Sdelphij.Cm RSA 643330106Sdelphijsign key and 644330106Sdelphij.Cm DSA 645330106Sdelphijschemes must be used with a 646330106Sdelphij.Cm DSA 647330106Sdelphijsign key. 648158688SpavThe default without this option is 649280849Scy.Cm RSA\-MD5 . 650330106SdelphijIf compatibility with FIPS 140\-2 is required, either the 651330106Sdelphij.Cm DSA\-SHA 652330106Sdelphijor 653330106Sdelphij.Cm DSA\-SHA1 654330106Sdelphijscheme must be used. 655330106Sdelphij.It Fl C Fl \-cipher Ns = Ar cipher 656330106SdelphijSelect the OpenSSL cipher to encrypt the files containing private keys. 657330106SdelphijThe default without this option is three\-key triple DES in CBC mode, 658330106Sdelphij.Cm des\-ede3\-cbc . 659330106SdelphijThe 660330106Sdelphij.Ic openssl Fl h 661330106Sdelphijcommand provided with OpenSSL displays available ciphers. 662330106Sdelphij.It Fl d Fl \-debug\-level 663330106SdelphijIncrease debugging verbosity level. 664280849ScyThis option displays the cryptographic data produced in eye\-friendly billboards. 665330106Sdelphij.It Fl D Fl \-set\-debug\-level Ns = Ar level 666330106SdelphijSet the debugging verbosity to 667330106Sdelphij.Ar level . 668330106SdelphijThis option displays the cryptographic data produced in eye\-friendly billboards. 669330106Sdelphij.It Fl e Fl \-id\-key 670330106SdelphijWrite the 671330106Sdelphij.Cm IFF 672330106Sdelphijor 673330106Sdelphij.Cm GQ 674330106Sdelphijpublic parameters from the 675330106Sdelphij.Ar IFFkey or GQkey 676330106Sdelphijclient keys file previously specified 677330106Sdelphijas unencrypted data to the standard output stream 678330106Sdelphij.Pa stdout . 679330106SdelphijThis is intended for automatic key distribution by email. 680330106Sdelphij.It Fl G Fl \-gq\-params 681330106SdelphijGenerate a new encrypted 682330106Sdelphij.Cm GQ 683330106Sdelphijparameters and key file for the Guillou\-Quisquater (GQ) identity scheme. 684330106SdelphijThis option is mutually exclusive with the 685330106Sdelphij.Fl I 686330106Sdelphijand 687330106Sdelphij.Fl V 688330106Sdelphijoptions. 689330106Sdelphij.It Fl H Fl \-host\-key 690330106SdelphijGenerate a new encrypted 691330106Sdelphij.Cm RSA 692330106Sdelphijpublic/private host key file. 693330106Sdelphij.It Fl I Fl \-iffkey 694330106SdelphijGenerate a new encrypted 695330106Sdelphij.Cm IFF 696330106Sdelphijkey file for the Schnorr (IFF) identity scheme. 697330106SdelphijThis option is mutually exclusive with the 698330106Sdelphij.Fl G 699330106Sdelphijand 700330106SdelphijFl V 701330106Sdelphijoptions. 702330106Sdelphij.It Fl i Fl \-ident Ns = Ar group 703330106SdelphijSet the optional Autokey group name to 704330106Sdelphij.Ar group . 705330106SdelphijThis is used in the identity scheme parameter file names of 706330106Sdelphij.Cm IFF , GQ , 707330106Sdelphijand 708330106Sdelphij.Cm MV 709330106Sdelphijclient parameters files. 710330106SdelphijIn that role, the default is the host name if no group is provided. 711330106SdelphijThe group name, if specified using 712330106Sdelphij.Fl i 713330106Sdelphijor 714330106Sdelphij.Fl s 715330106Sdelphijfollowing an 716330106Sdelphij.Ql @ 717330106Sdelphijcharacter, is also used in certificate subject and issuer names in the form 718330106Sdelphij.Ar host @ group 719330106Sdelphijand should match the group specified via 720330106Sdelphij.Ic crypto Cm ident 721330106Sdelphijor 722330106Sdelphij.Ic server Cm ident 723330106Sdelphijin the ntpd configuration file. 724330106Sdelphij.It Fl l Fl \-lifetime Ns = Ar days 725330106SdelphijSet the lifetime for certificate expiration to 726330106Sdelphij.Ar days . 727330106SdelphijThe default lifetime is one year (365 days). 728330106Sdelphij.It Fl m Fl \-modulus Ns = Ar bits 729330106SdelphijSet the number of bits in the prime modulus for generating files to 730330106Sdelphij.Ar bits . 731330106SdelphijThe modulus defaults to 512, but can be set from 256 to 2048 (32 to 256 octets). 732330106SdelphijUse the larger moduli with caution, as this can consume considerable computing 733330106Sdelphijresources and increases the size of authenticated packets. 734330106Sdelphij.It Fl M Fl \-md5key 735330106SdelphijGenerate a new symmetric keys file containing 10 736330106Sdelphij.Cm MD5 737330106Sdelphijkeys, and if OpenSSL is available, 10 738330106Sdelphij.Cm SHA 739330106Sdelphijkeys. 740330106SdelphijAn 741330106Sdelphij.Cm MD5 742330106Sdelphijkey is a string of 20 random printable ASCII characters, while a 743330106Sdelphij.Cm SHA 744330106Sdelphijkey is a string of 40 random hex digits. 745330106SdelphijThe file can be edited using a text editor to change the key type or key content. 746330106SdelphijThis option is mutually exclusive with all other options. 747330106Sdelphij.It Fl p Fl \-password Ns = Ar passwd 748330106SdelphijSet the password for reading and writing encrypted files to 749330106Sdelphij.Ar passwd . 750330106SdelphijThese include the host, sign and identify key files. 751330106SdelphijBy default, the password is the string returned by the Unix 752330106Sdelphij.Ic hostname 753330106Sdelphijcommand. 754330106Sdelphij.It Fl P Fl \-pvt\-cert 755330106SdelphijGenerate a new private certificate used by the 756330106Sdelphij.Cm PC 757330106Sdelphijidentity scheme. 758158688SpavBy default, the program generates public certificates. 759330106SdelphijNote: the PC identity scheme is not recommended for new installations. 760330106Sdelphij.It Fl q Fl \-export\-passwd Ns = Ar passwd 761330106SdelphijSet the password for writing encrypted 762330106Sdelphij.Cm IFF , GQ and MV 763330106Sdelphijidentity files redirected to 764330106Sdelphij.Pa stdout 765330106Sdelphijto 766330106Sdelphij.Ar passwd . 767330106SdelphijIn effect, these files are decrypted with the 768330106Sdelphij.Fl p 769330106Sdelphijpassword, then encrypted with the 770330106Sdelphij.Fl q 771330106Sdelphijpassword. 772330106SdelphijBy default, the password is the string returned by the Unix 773330106Sdelphij.Ic hostname 774330106Sdelphijcommand. 775330106Sdelphij.It Fl s Fl \-subject\-key Ns = Ar Oo host Oc Op @ Ar group 776330106SdelphijSpecify the Autokey host name, where 777330106Sdelphij.Ar host 778330106Sdelphijis the optional host name and 779330106Sdelphij.Ar group 780330106Sdelphijis the optional group name. 781330106SdelphijThe host name, and if provided, group name are used in 782330106Sdelphij.Ar host @ group 783330106Sdelphijform as certificate subject and issuer. 784330106SdelphijSpecifying 785330106Sdelphij.Fl s @ Ar group 786330106Sdelphijis allowed, and results in leaving the host name unchanged, as with 787330106Sdelphij.Fl i Ar group . 788330106SdelphijThe group name, or if no group is provided, the host name are also used in the 789330106Sdelphijfile names of 790330106Sdelphij.Cm IFF , GQ , 791330106Sdelphijand 792330106Sdelphij.Cm MV 793330106Sdelphijidentity scheme client parameter files. 794330106SdelphijIf 795330106Sdelphij.Ar host 796330106Sdelphijis not specified, the default host name is the string returned by the Unix 797330106Sdelphij.Ic hostname 798330106Sdelphijcommand. 799330106Sdelphij.It Fl S Fl \-sign\-key Ns = Op Cm RSA | DSA 800330106SdelphijGenerate a new encrypted public/private sign key file of the specified type. 801330106SdelphijBy default, the sign key is the host key and has the same type. 802330106SdelphijIf compatibility with FIPS 140\-2 is required, the sign key type must be 803330106Sdelphij.Cm DSA . 804330106Sdelphij.It Fl T Fl \-trusted\-cert 805158688SpavGenerate a trusted certificate. 806280849ScyBy default, the program generates a non\-trusted certificate. 807330106Sdelphij.It Fl V Fl \-mv\-params Ar nkeys 808330106SdelphijGenerate 809330106Sdelphij.Ar nkeys 810330106Sdelphijencrypted server keys and parameters for the Mu\-Varadharajan (MV) 811330106Sdelphijidentity scheme. 812330106SdelphijThis option is mutually exclusive with the 813330106Sdelphij.Fl I 814330106Sdelphijand 815330106Sdelphij.Fl G 816330106Sdelphijoptions. 817330106SdelphijNote: support for this option should be considered a work in progress. 818158688Spav.El 819158688Spav.Ss Random Seed File 820158688SpavAll cryptographically sound key generation schemes must have means 821158688Spavto randomize the entropy seed used to initialize 822280849Scythe internal pseudo\-random number generator used 823158688Spavby the library routines. 824158688SpavThe OpenSSL library uses a designated random seed file for this purpose. 825158688SpavThe file must be available when starting the NTP daemon and 826158688Spav.Nm 827162893Sruprogram. 828162893SruIf a site supports OpenSSL or its companion OpenSSH, 829158688Spavit is very likely that means to do this are already available. 830158688Spav.Pp 831158688SpavIt is important to understand that entropy must be evolved 832158688Spavfor each generation, for otherwise the random number sequence 833158688Spavwould be predictable. 834158688SpavVarious means dependent on external events, such as keystroke intervals, 835280849Scycan be used to do this and some systems have built\-in entropy sources. 836158688SpavSuitable means are described in the OpenSSL software documentation, 837158688Spavbut are outside the scope of this page. 838158688Spav.Pp 839158688SpavThe entropy seed used by the OpenSSL library is contained in a file, 840158688Spavusually called 841330106Sdelphij.Pa .rnd , 842158688Spavwhich must be available when starting the NTP daemon 843158688Spavor the 844158688Spav.Nm 845162893Sruprogram. 846162893SruThe NTP daemon will first look for the file 847158688Spavusing the path specified by the 848330106Sdelphij.Cm randfile 849158688Spavsubcommand of the 850158688Spav.Ic crypto 851158688Spavconfiguration command. 852158688SpavIf not specified in this way, or when starting the 853158688Spav.Nm 854158688Spavprogram, 855158688Spavthe OpenSSL library will look for the file using the path specified 856158688Spavby the 857158688Spav.Ev RANDFILE 858158688Spavenvironment variable in the user home directory, 859158688Spavwhether root or some other user. 860158688SpavIf the 861158688Spav.Ev RANDFILE 862158688Spavenvironment variable is not present, 863158688Spavthe library will look for the 864330106Sdelphij.Pa .rnd 865158688Spavfile in the user home directory. 866330106SdelphijSince both the 867330106Sdelphij.Nm 868330106Sdelphijprogram and 869330106Sdelphij.Xr ntpd 8 870330106Sdelphijdaemon must run as root, the logical place to put this file is in 871330106Sdelphij.Pa /.rnd 872330106Sdelphijor 873330106Sdelphij.Pa /root/.rnd . 874158688SpavIf the file is not available or cannot be written, 875158688Spavthe daemon exits with a message to the system log and the program 876158688Spavexits with a suitable error message. 877158688Spav.Ss Cryptographic Data Files 878330106SdelphijAll file formats begin with two nonencrypted lines. 879330106SdelphijThe first line contains the file name, including the generated host name 880330106Sdelphijand filestamp, in the format 881330106Sdelphij.Pa ntpkey_ Ns Ar key _ Ar name . Ar filestamp , 882330106Sdelphijwhere 883330106Sdelphij.Ar key 884330106Sdelphijis the key or parameter type, 885330106Sdelphij.Ar name 886330106Sdelphijis the host or group name and 887330106Sdelphij.Ar filestamp 888330106Sdelphijis the filestamp (NTP seconds) when the file was created. 889330106SdelphijBy convention, 890330106Sdelphij.Ar key 891330106Sdelphijnames in generated file names include both upper and lower case 892330106Sdelphijcharacters, while 893330106Sdelphij.Ar key 894330106Sdelphijnames in generated link names include only lower case characters. 895330106SdelphijThe filestamp is not used in generated link names. 896330106SdelphijThe second line contains the datestamp in conventional Unix 897330106Sdelphij.Pa date 898330106Sdelphijformat. 899330106SdelphijLines beginning with 900330106Sdelphij.Ql # 901330106Sdelphijare considered comments and ignored by the 902158688Spav.Nm 903158688Spavprogram and 904158688Spav.Xr ntpd 8 905158688Spavdaemon. 906158688Spav.Pp 907330106SdelphijThe remainder of the file contains cryptographic data, encoded first using ASN.1 908330106Sdelphijrules, then encrypted if necessary, and finally written in PEM\-encoded 909330106Sdelphijprintable ASCII text, preceded and followed by MIME content identifier lines. 910330106Sdelphij.Pp 911330106SdelphijThe format of the symmetric keys file, ordinarily named 912330106Sdelphij.Pa ntp.keys , 913330106Sdelphijis somewhat different than the other files in the interest of backward compatibility. 914330106SdelphijOrdinarily, the file is generated by this program, but it can be constructed 915330106Sdelphijand edited using an ordinary text editor. 916330106Sdelphij.Bd -literal -unfilled -offset center 917330106Sdelphij# ntpkey_MD5key_bk.ntp.org.3595864945 918330106Sdelphij# Thu Dec 12 19:22:25 2013 919330106Sdelphij1 MD5 L";Nw<\`.I<f4U0)247"i # MD5 key 920330106Sdelphij2 MD5 &>l0%XXK9O'51VwV<xq~ # MD5 key 921330106Sdelphij3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key 922330106Sdelphij4 MD5 Yue:tL[+vR)M\`n~bY,'? # MD5 key 923330106Sdelphij5 MD5 B;fx'Kgr/&4ZTbL6=RxA # MD5 key 924330106Sdelphij6 MD5 4eYwa\`o}3i@@V@..R9!l # MD5 key 925330106Sdelphij7 MD5 \`A.([h+;wTQ|xfi%Sn_! # MD5 key 926330106Sdelphij8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key 927330106Sdelphij9 MD5 3\-5vcn*6l29DS?Xdsg)* # MD5 key 928330106Sdelphij10 MD5 2late4Me # MD5 key 929330106Sdelphij11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key 930330106Sdelphij12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key 931330106Sdelphij13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key 932330106Sdelphij14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key 933330106Sdelphij15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key 934330106Sdelphij16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key 935330106Sdelphij17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key 936330106Sdelphij18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key 937330106Sdelphij19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key 938330106Sdelphij20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key 939330106Sdelphij.Ed 940330106Sdelphij.D1 Figure 1. Typical Symmetric Key File 941330106Sdelphij.Pp 942330106SdelphijFigure 1 shows a typical symmetric keys file used by the reference 943330106Sdelphijimplementation. 944330106SdelphijFollowing the header the keys are entered one per line in the format 945330106Sdelphij.D1 Ar keyno Ar type Ar key 946158688Spavwhere 947158688Spav.Ar keyno 948338530Sdelphijis a positive integer in the range 1\-65535; 949158688Spav.Ar type 950330106Sdelphijis the key type for the message digest algorithm, which in the absence of the 951330106SdelphijOpenSSL library must be 952330106Sdelphij.Cm MD5 953330106Sdelphijto designate the MD5 message digest algorithm; 954330106Sdelphijif the OpenSSL library is installed, the key type can be any 955330106Sdelphijmessage digest algorithm supported by that library; 956330106Sdelphijhowever, if compatibility with FIPS 140\-2 is required, 957330106Sdelphijthe key type must be either 958330106Sdelphij.Cm SHA 959330106Sdelphijor 960330106Sdelphij.Cm SHA1 ; 961158688Spav.Ar key 962158688Spavis the key itself, 963330106Sdelphijwhich is a printable ASCII string 20 characters or less in length: 964330106Sdelphijeach character is chosen from the 93 printable characters 965330106Sdelphijin the range 0x21 through 0x7e ( 966330106Sdelphij.Ql ! 967330106Sdelphijthrough 968330106Sdelphij.Ql ~ 969330106Sdelphij\&) excluding space and the 970158688Spav.Ql # 971330106Sdelphijcharacter, and terminated by whitespace or a 972330106Sdelphij.Ql # 973158688Spavcharacter. 974330106SdelphijAn OpenSSL key consists of a hex\-encoded ASCII string of 40 characters, which 975330106Sdelphijis truncated as necessary. 976158688Spav.Pp 977158688SpavNote that the keys used by the 978158688Spav.Xr ntpq 8 979158688Spavand 980158688Spav.Xr ntpdc 8 981158688Spavprograms 982158688Spavare checked against passwords requested by the programs 983158688Spavand entered by hand, so it is generally appropriate to specify these keys 984158688Spavin human readable ASCII format. 985158688Spav.Pp 986158688SpavThe 987158688Spav.Nm 988330106Sdelphijprogram generates a symmetric keys file 989330106Sdelphij.Pa ntpkey_MD5key_ Ns Ar hostname Ns . Ns Ar filestamp . 990158688SpavSince the file contains private shared keys, 991158688Spavit should be visible only to root and distributed by secure means 992158688Spavto other subnet hosts. 993158688SpavThe NTP daemon loads the file 994158688Spav.Pa ntp.keys , 995158688Spavso 996158688Spav.Nm 997158688Spavinstalls a soft link from this name to the generated file. 998158688SpavSubsequently, similar soft links must be installed by manual 999158688Spavor automated means on the other subnet hosts. 1000158688SpavWhile this file is not used with the Autokey Version 2 protocol, 1001158688Spavit is needed to authenticate some remote configuration commands 1002158688Spavused by the 1003158688Spav.Xr ntpq 8 1004158688Spavand 1005158688Spav.Xr ntpdc 8 1006158688Spavutilities. 1007280849Scy.Sh "OPTIONS" 1008280849Scy.Bl -tag 1009280849Scy.It Fl b Ar imbits , Fl \-imbits Ns = Ns Ar imbits 1010280849Scyidentity modulus bits. 1011280849ScyThis option takes an integer number as its argument. 1012280849ScyThe value of 1013280849Scy.Ar imbits 1014280849Scyis constrained to being: 1015280849Scy.in +4 1016280849Scy.nf 1017280849Scy.na 1018280849Scyin the range 256 through 2048 1019280849Scy.fi 1020280849Scy.in -4 1021280849Scy.sp 1022280849ScyThe number of bits in the identity modulus. The default is 256. 1023280849Scy.It Fl c Ar scheme , Fl \-certificate Ns = Ns Ar scheme 1024280849Scycertificate scheme. 1025280849Scy.sp 1026280849Scyscheme is one of 1027330106SdelphijRSA\-MD2, RSA\-MD5, RSA\-MDC2, RSA\-SHA, RSA\-SHA1, RSA\-RIPEMD160, 1028280849ScyDSA\-SHA, or DSA\-SHA1. 1029280849Scy.sp 1030330106SdelphijSelect the certificate signature encryption/message digest scheme. 1031280849ScyNote that RSA schemes must be used with a RSA sign key and DSA 1032280849Scyschemes must be used with a DSA sign key. The default without 1033280849Scythis option is RSA\-MD5. 1034280849Scy.It Fl C Ar cipher , Fl \-cipher Ns = Ns Ar cipher 1035280849Scyprivatekey cipher. 1036280849Scy.sp 1037280849ScySelect the cipher which is used to encrypt the files containing 1038280849Scyprivate keys. The default is three\-key triple DES in CBC mode, 1039330106Sdelphijequivalent to "\fB\-C des\-ede3\-cbc\fP". The openssl tool lists ciphers 1040280849Scyavailable in "\fBopenssl \-h\fP" output. 1041280849Scy.It Fl d , Fl \-debug\-level 1042280849ScyIncrease debug verbosity level. 1043280849ScyThis option may appear an unlimited number of times. 1044280849Scy.sp 1045280849Scy.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number 1046280849ScySet the debug verbosity level. 1047280849ScyThis option may appear an unlimited number of times. 1048280849ScyThis option takes an integer number as its argument. 1049280849Scy.sp 1050280849Scy.It Fl e , Fl \-id\-key 1051280849ScyWrite IFF or GQ identity keys. 1052280849Scy.sp 1053330106SdelphijWrite the public parameters from the IFF or GQ client keys to 1054330106Sdelphijthe standard output. 1055330106SdelphijThis is intended for automatic key distribution by email. 1056280849Scy.It Fl G , Fl \-gq\-params 1057280849ScyGenerate GQ parameters and keys. 1058280849Scy.sp 1059280849ScyGenerate parameters and keys for the GQ identification scheme, 1060280849Scyobsoleting any that may exist. 1061280849Scy.It Fl H , Fl \-host\-key 1062280849Scygenerate RSA host key. 1063280849Scy.sp 1064280849ScyGenerate new host keys, obsoleting any that may exist. 1065280849Scy.It Fl I , Fl \-iffkey 1066280849Scygenerate IFF parameters. 1067280849Scy.sp 1068280849ScyGenerate parameters for the IFF identification scheme, obsoleting 1069280849Scyany that may exist. 1070280849Scy.It Fl i Ar group , Fl \-ident Ns = Ns Ar group 1071280849Scyset Autokey group name. 1072280849Scy.sp 1073280849ScySet the optional Autokey group name to name. This is used in 1074280849Scythe file name of IFF, GQ, and MV client parameters files. In 1075280849Scythat role, the default is the host name if this option is not 1076280849Scyprovided. The group name, if specified using \fB\-i/\-\-ident\fP or 1077280849Scyusing \fB\-s/\-\-subject\-name\fP following an '\fB@\fP' character, 1078330106Sdelphijis also a part of the self\-signed host certificate subject and 1079280849Scyissuer names in the form \fBhost@group\fP and should match the 1080330106Sdelphij\'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in the 1081330106Sdelphij\fBntpd\fP configuration file. 1082280849Scy.It Fl l Ar lifetime , Fl \-lifetime Ns = Ns Ar lifetime 1083280849Scyset certificate lifetime. 1084280849ScyThis option takes an integer number as its argument. 1085280849Scy.sp 1086280849ScySet the certificate expiration to lifetime days from now. 1087280849Scy.It Fl m Ar modulus , Fl \-modulus Ns = Ns Ar modulus 1088330106Sdelphijprime modulus. 1089280849ScyThis option takes an integer number as its argument. 1090280849ScyThe value of 1091280849Scy.Ar modulus 1092280849Scyis constrained to being: 1093280849Scy.in +4 1094280849Scy.nf 1095280849Scy.na 1096280849Scyin the range 256 through 2048 1097280849Scy.fi 1098280849Scy.in -4 1099280849Scy.sp 1100280849ScyThe number of bits in the prime modulus. The default is 512. 1101330106Sdelphij.It Fl M , Fl \-md5key 1102330106Sdelphijgenerate symmetric keys. 1103330106Sdelphij.sp 1104330106SdelphijGenerate symmetric keys, obsoleting any that may exist. 1105280849Scy.It Fl P , Fl \-pvt\-cert 1106280849Scygenerate PC private certificate. 1107280849Scy.sp 1108280849ScyGenerate a private certificate. By default, the program generates 1109280849Scypublic certificates. 1110280849Scy.It Fl p Ar passwd , Fl \-password Ns = Ns Ar passwd 1111280849Scylocal private password. 1112280849Scy.sp 1113280849ScyLocal files containing private data are encrypted with the 1114280849ScyDES\-CBC algorithm and the specified password. The same password 1115280849Scymust be specified to the local ntpd via the "crypto pw password" 1116280849Scyconfiguration command. The default password is the local 1117280849Scyhostname. 1118280849Scy.It Fl q Ar passwd , Fl \-export\-passwd Ns = Ns Ar passwd 1119280849Scyexport IFF or GQ group keys with password. 1120280849Scy.sp 1121280849ScyExport IFF or GQ identity group keys to the standard output, 1122280849Scyencrypted with the DES\-CBC algorithm and the specified password. 1123280849ScyThe same password must be specified to the remote ntpd via the 1124280849Scy"crypto pw password" configuration command. See also the option 1125280849Scy-\-id\-key (\-e) for unencrypted exports. 1126280849Scy.It Fl s Ar host@group , Fl \-subject\-name Ns = Ns Ar host@group 1127280849Scyset host and optionally group name. 1128280849Scy.sp 1129280849ScySet the Autokey host name, and optionally, group name specified 1130280849Scyfollowing an '\fB@\fP' character. The host name is used in the file 1131280849Scyname of generated host and signing certificates, without the 1132280849Scygroup name. The host name, and if provided, group name are used 1133330106Sdelphijin \fBhost@group\fP form for the host certificate subject and issuer 1134280849Scyfields. Specifying '\fB\-s @group\fP' is allowed, and results in 1135280849Scyleaving the host name unchanged while appending \fB@group\fP to the 1136280849Scysubject and issuer fields, as with \fB\-i group\fP. The group name, or 1137280849Scyif not provided, the host name are also used in the file names 1138280849Scyof IFF, GQ, and MV client parameter files. 1139330106Sdelphij.It Fl S Ar sign , Fl \-sign\-key Ns = Ns Ar sign 1140330106Sdelphijgenerate sign key (RSA or DSA). 1141330106Sdelphij.sp 1142330106SdelphijGenerate a new sign key of the designated type, obsoleting any 1143330106Sdelphijthat may exist. By default, the program uses the host key as the 1144330106Sdelphijsign key. 1145280849Scy.It Fl T , Fl \-trusted\-cert 1146280849Scytrusted certificate (TC scheme). 1147280849Scy.sp 1148280849ScyGenerate a trusted certificate. By default, the program generates 1149280849Scya non\-trusted certificate. 1150280849Scy.It Fl V Ar num , Fl \-mv\-params Ns = Ns Ar num 1151280849Scygenerate <num> MV parameters. 1152280849ScyThis option takes an integer number as its argument. 1153280849Scy.sp 1154280849ScyGenerate parameters and keys for the Mu\-Varadharajan (MV) 1155280849Scyidentification scheme. 1156280849Scy.It Fl v Ar num , Fl \-mv\-keys Ns = Ns Ar num 1157280849Scyupdate <num> MV keys. 1158280849ScyThis option takes an integer number as its argument. 1159280849Scy.sp 1160280849ScyThis option has not been fully documented. 1161280849Scy.It Fl \&? , Fl \-help 1162280849ScyDisplay usage information and exit. 1163280849Scy.It Fl \&! , Fl \-more\-help 1164280849ScyPass the extended usage information through a pager. 1165280849Scy.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc 1166280849ScySave the option state to \fIcfgfile\fP. The default is the \fIlast\fP 1167280849Scyconfiguration file listed in the \fBOPTION PRESETS\fP section, below. 1168280849ScyThe command will exit after updating the config file. 1169280849Scy.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts 1170280849ScyLoad options from \fIcfgfile\fP. 1171280849ScyThe \fIno\-load\-opts\fP form will disable the loading 1172280849Scyof earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early, 1173280849Scyout of order. 1174280849Scy.It Fl \-version Op Brq Ar v|c|n 1175280849ScyOutput version of program and exit. The default mode is `v', a simple 1176280849Scyversion. The `c' mode will print copyright information and `n' will 1177280849Scyprint the full copyright notice. 1178280849Scy.El 1179280849Scy.Sh "OPTION PRESETS" 1180280849ScyAny option that is not marked as \fInot presettable\fP may be preset 1181280849Scyby loading values from configuration ("RC" or ".INI") file(s) and values from 1182280849Scyenvironment variables named: 1183280849Scy.nf 1184280849Scy \fBNTP_KEYGEN_<option\-name>\fP or \fBNTP_KEYGEN\fP 1185280849Scy.fi 1186280849Scy.ad 1187280849ScyThe environmental presets take precedence (are processed later than) 1188280849Scythe configuration files. 1189280849ScyThe \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP". 1190280849ScyIf any of these are directories, then the file \fI.ntprc\fP 1191280849Scyis searched for within those directories. 1192280849Scy.Sh USAGE 1193280849Scy.Sh "ENVIRONMENT" 1194280849ScySee \fBOPTION PRESETS\fP for configuration environment variables. 1195280849Scy.Sh "FILES" 1196280849ScySee \fBOPTION PRESETS\fP for configuration files. 1197280849Scy.Sh "EXIT STATUS" 1198280849ScyOne of the following exit values will be returned: 1199280849Scy.Bl -tag 1200280849Scy.It 0 " (EXIT_SUCCESS)" 1201280849ScySuccessful program execution. 1202280849Scy.It 1 " (EXIT_FAILURE)" 1203280849ScyThe operation failed or the command syntax was not valid. 1204280849Scy.It 66 " (EX_NOINPUT)" 1205280849ScyA specified configuration file could not be loaded. 1206280849Scy.It 70 " (EX_SOFTWARE)" 1207280849Scylibopts had an internal operational error. Please report 1208280849Scyit to autogen\-users@lists.sourceforge.net. Thank you. 1209280849Scy.El 1210280849Scy.Sh "AUTHORS" 1211280849ScyThe University of Delaware and Network Time Foundation 1212280849Scy.Sh "COPYRIGHT" 1213316068SdelphijCopyright (C) 1992\-2017 The University of Delaware and Network Time Foundation all rights reserved. 1214280849ScyThis program is released under the terms of the NTP license, <http://ntp.org/license>. 1215280849Scy.Sh BUGS 1216330106SdelphijIt can take quite a while to generate some cryptographic values. 1217280849Scy.Pp 1218280849ScyPlease report bugs to http://bugs.ntp.org . 1219280849Scy.Pp 1220280849ScyPlease send bug reports to: http://bugs.ntp.org, bugs@ntp.org 1221280849Scy.Sh NOTES 1222280849ScyPortions of this document came from FreeBSD. 1223280849Scy.Pp 1224280849ScyThis manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP 1225280849Scyoption definitions. 1226