1/* -*- Mode: Text -*- */
2
3autogen definitions options;
4
5#include copyright.def
6#include homerc.def
7#include autogen-version.def
8
9prog-name      = "ntp-keygen";
10prog-title     = "Create a NTP host key";
11package        = ntp;
12
13test-main;
14
15include        = '#include <stdlib.h>';
16#include       version.def
17
18flag = {
19    value     = c;
20    name      = certificate;
21    arg-type  = string;
22    arg-name  = scheme;
23    ifdef     = OPENSSL;
24    descrip   = "certificate scheme";
25    doc = <<-  _EndOfDoc_
26	scheme is one of
27	RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160,
28	DSA-SHA, or DSA-SHA1.
29
30	Select the certificate message digest/signature encryption scheme.
31	Note that RSA schemes must be used with a RSA sign key and DSA
32	schemes must be used with a DSA sign key.  The default without
33	this option is RSA-MD5.
34	_EndOfDoc_;
35};
36
37#include       debug-opt.def
38
39flag = {
40    value     = e;
41    name      = id-key;
42    ifdef     = OPENSSL;
43    descrip   = "Write IFF or GQ identity keys";
44    doc = <<-  _EndOfDoc_
45	Write the IFF or GQ client keys to the standard output.  This is
46	intended for automatic key distribution by mail.
47	_EndOfDoc_;
48};
49
50flag = {
51    value     = G;
52    name      = gq-params;
53    ifdef     = OPENSSL;
54    descrip   = "Generate GQ parameters and keys";
55    doc = <<-  _EndOfDoc_
56	Generate parameters and keys for the GQ identification scheme,
57	obsoleting any that may exist.
58	_EndOfDoc_;
59};
60
61flag = {
62    value     = H;
63    name      = host-key;
64    ifdef     = OPENSSL;
65    descrip   = "generate RSA host key";
66    doc = <<-  _EndOfDoc_
67	Generate new host keys, obsoleting any that may exist.
68	_EndOfDoc_;
69};
70
71flag = {
72    value     = I;
73    name      = iffkey;
74    ifdef     = OPENSSL;
75    descrip   = "generate IFF parameters";
76    doc = <<-  _EndOfDoc_
77	Generate parameters for the IFF identification scheme, obsoleting
78	any that may exist.
79	_EndOfDoc_;
80};
81
82flag = {
83    value     = i;
84    name      = issuer-name;
85    ifdef     = OPENSSL;
86    arg-type  = string;
87    arg-name  = issuer-name;
88    descrip   = "set issuer name";
89    doc = <<-  _EndOfDoc_
90	Set the suject name to name.  This is used as the subject field
91	in certificates and in the file name for host and sign keys.
92	_EndOfDoc_;
93};
94
95flag = {
96    value     = M;
97    name      = md5key;
98    descrip   = "generate MD5 keys";
99    doc = <<-  _EndOfDoc_
100	Generate MD5 keys, obsoleting any that may exist.
101	_EndOfDoc_;
102};
103
104flag = {
105    value     = m;
106    name      = modulus;
107    arg-type  = number;
108    arg-name  = modulus;
109    arg-range = '256->2048';
110    ifdef     = OPENSSL;
111    descrip   = "modulus";
112    doc = <<-  _EndOfDoc_
113	The number of bits in the prime modulus.  The default is 512.
114	_EndOfDoc_;
115};
116
117flag = {
118    value     = P;
119    name      = pvt-cert;
120    ifdef     = OPENSSL;
121    descrip   = "generate PC private certificate";
122    doc = <<-  _EndOfDoc_
123	Generate a private certificate.  By default, the program generates
124	public certificates.
125	_EndOfDoc_;
126};
127
128flag = {
129    value     = p;
130    name      = pvt-passwd;
131    ifdef     = OPENSSL;
132    arg-type  = string;
133    arg-name  = passwd;
134    descrip   = "output private password";
135    doc = <<-  _EndOfDoc_
136	Encrypt generated files containing private data with the specified
137	password and the DES-CBC algorithm.
138	_EndOfDoc_;
139};
140
141flag = {
142    value     = q;
143    name      = get-pvt-passwd;
144    ifdef     = OPENSSL;
145    arg-type  = string;
146    arg-name  = passwd;
147    descrip   = "input private password";
148    doc = <<-  _EndOfDoc_
149	Set the password for reading files to the specified password.
150	_EndOfDoc_;
151};
152
153flag = {
154    value     = S;
155    name      = sign-key;
156    arg-type  = string;
157    arg-name  = sign;
158    ifdef     = OPENSSL;
159    descrip   = "generate sign key (RSA or DSA)";
160    doc = <<-  _EndOfDoc_
161	Generate a new sign key of the designated type, obsoleting any
162	that may exist.  By default, the program uses the host key as the
163	sign key.
164	_EndOfDoc_;
165};
166
167flag = {
168    value     = s;
169    name      = subject-name;
170    arg-type  = string;
171    arg-name  = host;
172    ifdef     = OPENSSL;
173    descrip   = "set subject name";
174    doc = <<-  _EndOfDoc_
175	Set the issuer name to name.  This is used for the issuer field
176	in certificates and in the file name for identity files.
177		_EndOfDoc_;
178};
179
180flag = {
181    value     = T;
182    name      = trusted-cert;
183    ifdef     = OPENSSL;
184    descrip   = "trusted certificate (TC scheme)";
185    doc = <<-  _EndOfDoc_
186	Generate a trusted certificate.  By default, the program generates
187	a non-trusted certificate.
188	_EndOfDoc_;
189};
190
191flag = {
192    value     = V;
193    name      = mv-params;
194    arg-type  = number;
195    arg-name  = num;
196    ifdef     = OPENSSL;
197    descrip   = "generate <num> MV parameters";
198    doc = <<-  _EndOfDoc_
199	Generate parameters and keys for the Mu-Varadharajan (MV)
200	identification scheme.
201	_EndOfDoc_;
202};
203
204flag = {
205    value     = v;
206    name      = mv-keys;
207    arg-type  = number;
208    arg-name  = num;
209    ifdef     = OPENSSL;
210    descrip   = "update <num> MV keys";
211};
212
213detail = <<-  _EODetail_
214	If there is no new host key, look for an existing one.
215	If one is not found, create it.
216	_EODetail_;
217