keygen.html - OpenGrok cross reference for /freebsd/contrib/ntp/html/keygen.html

Lines Matching +full:mu +full:- +full:side +full:- +full:b
1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
4     <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
6     <title>ntp-keygen - generate public and private keys</title>
10     <h3><tt>ntp-keygen</tt> - generate public and private keys</h3>
14       <!-- #BeginDate format:En2m -->24-Jul-2018  07:27<!-- #EndDate -->
31 …<p id="intro"><tt>ntp-keygen [ -deGHIMPT ] [ -b <i>modulus</i> ] [ -c [ RSA-MD2 | RSA-MD5 | RSA-SHA
32 	| RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ]
33 	[ -C <i>cipher</i> ] [-i <i>group</i> ] [ -l <em>days</em>]
34 	[ -m <i>modulus</i> ]  [ -p <i>passwd1</i> ] [ -q <i>passwd2</i> ] 
35 	[ -S [ RSA | DSA ] ] [ -s <i>host</i> ] [ -V <i>nkeys</i> ]</tt></p>
43       compatible with NTPv3.  All other files are in PEM-encoded printable ASCII
47       containing ten pseudo-random printable ASCII strings suitable for the MD5
49       library is installed, it produces an additional ten hex-encoded random bit
50       strings suitable for the SHA1, AES-128 CMAC, and other message digest
64       password.  The <tt>-p</tt> option specifies the password for local
65       encrypted files and the <tt>-q</tt> option the password for encrypted
81       in NFS-mounted networks and cannot be changed by shared clients.  The
97       the <tt>ntp-keygen</tt> command without arguments to generate a
98       default RSA host key and matching RSA-MD5 certificate with expiration
103       as the trusted host (TH) using <tt>ntp-keygen</tt> with
104       the <tt>-T</tt> option and configure it to synchronize from reliable
114       the <tt>-S</tt> option and this can be either RSA or DSA type.  By
117       library can be specified using the <tt>-c</tt> option.</p>
120       this program is run.  This of course creates a chicken-and-egg problem
123       eyeball-and-wristwatch, at least so that the certificate lifetime is
125       to a proventic source, the certificate should be re-generated.</p>
127       the <a href="autokey.html">Autokey Public-Key Authentication</a>
131       <dt><tt>-b <i>modulus</i></tt></dt>
137 …<dt><tt>-c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA…
141 	option is <tt>RSA-MD5</tt>.  If compatibility with FIPS 140-2 is
142 	required, either the <tt>DSA-SHA</tt> or <tt>DSA-SHA1</tt> scheme
144       <dt><tt>-C <i>cipher</i></tt></dt>
145       <dd>Select the OpenSSL cipher to use for password-protected keys.
146 	The <tt>openssl -h</tt> command provided with OpenSSL displays
148 	is <tt>des-ede3-cbc</tt>.</dd>
149       <dt><tt>-d</tt></dt>
151 	produced for eye-friendly billboards.</dd>
152       <dt><tt>-e</tt></dt>
156       <dt><tt>-G</tt></dt>
157       <dd>Generate a new encrypted GQ key file for the Guillou-Quisquater
159        the <tt>-I</tt> and <tt>-V</tt> options.</dd>
160       <dt><tt>-H</tt></dt>
162       <dt><tt>-i <i>group</i></tt></dt>
166 	name, if specified using <tt>-i</tt> or using <tt>-s</tt> following
171       <dt><tt>-I</tt></dt>
174 	the <tt>-G</tt> and <tt>-V</tt> options.</dd>
175       <dt><tt>-l <i>days</i></tt></dt>
178       <dt><tt>-m <i>modulus</i></tt></dt>
184       <dt><tt>-M</tt></dt>
190       <dt><tt>-P</tt></dt>
194       <dt><tt>-p <i>passwd</i></tt></dt>
199       <dt><tt>-q <i>passwd</i></tt></dt>
202 	effect, these files are decrypted with the <tt>-p</tt> password,
203 	then encrypted with the <tt>-q</tt> password.  By default, the
206       <dt><tt>-S [ RSA | DSA ]</tt></dt>
209 	the same type.  If compatibly with FIPS 140-2 is required, the sign
211       <dt><tt>-s <i>host</i>[@<i>group</i>]</tt></dt>
216 	issuer.  Specifying <tt>-s @<i>group</i></tt> is allowed, and
218 	with <tt>-i <i>group</i></tt>.  The group name, or if no group is
223       <dt><tt>-T</tt></dt>
226       <dt><tt>-V <i>nkeys</i></tt></dt>
228 	Mu-Varadharajan (MV) identity scheme.  This option is mutually
229 	exclusive with the <tt>-I</tt> and <tt>-G</tt> options.  Note:
236       pseudo-random number generator used by the OpenSSL library routines.
240       must be available when starting the <tt>ntp-keygen</tt> program
246       in the user home directory.  Since both the <tt>ntp-keygen</tt>
275       using ASN.1 rules, then encrypted using the DES-CBC algorithm with
276       given password and finally written in PEM-encoded printable ASCII text
284       <caption style="caption-side: bottom;">
287       <tr><td style="border: 1px solid black; border-spacing: 0;">
296 	    5  MD5 B;fxlKgr/&amp;4ZTbL6=RxA  # MD5 key
300 	    9  MD5 3-5vcn*6l29DS?Xdsg)*  # MD5 key
322       by that library.  However, if compatibility with FIPS 140-2 is
328       OpenSSL key consists of a hex-encoded ASCII string of 40 characters,
338     <p>The <tt>ntp-keygen</tt> program generates a MD5 symmetric keys
342       loads the file <tt>ntp.keys</tt>, so <tt>ntp-keygen</tt> installs a