Lines Matching +full:a +full:- +full:f
2 . it 1 an-trap
6 .ds B-Font [CB]
7 .ds I-Font [CI]
8 .ds R-Font [CR]
10 .ds B-Font B
11 .ds I-Font I
12 .ds R-Font R
13 .TH ntp-keygen 1ntp-keygenman "25 May 2024" "ntp (4.2.8p18)" "User Commands"
15 .\" EDIT THIS FILE WITH CAUTION (in-mem file)
17 .\" It has been AutoGen-ed May 25, 2024 at 12:04:51 AM by AutoGen 5.18.16
18 .\" From the definitions ntp-keygen-opts.def
19 .\" and the template file agman-cmd.tpl
21 \f\*[B-Font]ntp-keygen\fP
22 \- Create a NTP host key
24 \f\*[B-Font]ntp-keygen\fP
26 [\f\*[B-Font]\-flags\f[]]
27 [\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
28 [\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
49 The message digest symmetric keys file is generated in a format
51 All other files are in PEM-encoded printable ASCII format,
59 produces a file containing ten pseudo-random printable ASCII strings
63 hex-encoded random bit strings suitable for SHA1, AES-128-CMAC, and
69 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
71 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
86 Some files used by this program are encrypted using a private password.
88 \f\*[B-Font]\-p\f[]
90 \f\*[B-Font]\-q\f[]
93 \fChostname\f[]\fR(1)\f[]
97 \f\*[B-Font]ntp-keygen\fP
107 \f\*[B-Font]pw\f[]
109 \f\*[B-Font]crypto\f[]
110 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
117 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
128 \fIntp.keys\f[],
130 \fI/etc\f[].
132 \fI/usr/local/etc\f[],
133 which is normally in a shared filesystem in
134 NFS-mounted networks and cannot be changed by shared clients.
137 \fI/etc\f[]
139 \f\*[B-Font]keysdir\f[]
140 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
147 \fIstderr\f[]
149 \fIstdout\f[]
153 \fIntpkey\&*\f[]
156 \fICryptographic Data Files\f[]
160 \f\*[B-Font]ntp-keygen\fP
163 \f\*[I-Font]keys\f[]
165 \fI/usr/local/etc\f[],
172 \f\*[I-Font]keys\f[]
174 \fI/usr/local/etc\f[].
176 \fIntpkey\&*\f[]
178 \f\*[B-Font]ntp-keygen\fP
179 command without arguments to generate a default
180 \f\*[B-Font]RSA\f[]
182 \f\*[B-Font]RSA-MD5\f[]
188 existing keys and parameters and generates a new certificate file with
194 \f\*[B-Font]RSA\f[]
197 When necessary, a different sign key can be specified and this can be
199 \f\*[B-Font]RSA\f[]
201 \f\*[B-Font]DSA\f[]
204 \f\*[B-Font]MD5\f[],
208 \f\*[B-Font]AES128CMAC\f[], \f\*[B-Font]MD2\f[], \f\*[B-Font]MD5\f[], \f\*[B-Font]MDC2\f[], \f\*[B-Font]SHA\f[], \f\*[B-Font]SHA1\f[]
210 \f\*[B-Font]RIPE160\f[]
215 \f\*[B-Font]RSA\f[]
218 \f\*[B-Font]SHA\f[]
220 \f\*[B-Font]SHA1\f[]
222 \f\*[B-Font]DSA\f[]
238 \fCsu\f[]\fR(1)\f[]
242 \fI.rnd\f[]
245 \fI.rnd\f[],
250 \fI.rnd\f[].
254 Installing the keys as root might not work in NFS-mounted
259 \fI/etc\f[]
261 \f\*[B-Font]keysdir\f[]
262 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
271 but it is possible for a trusted agent (TA) to generate these files
283 \fI/usr/local/etc\f[],
284 which is normally in a shared filesystem
285 in NFS-mounted networks.
297 are permitted root read/write-only;
303 \f\*[I-Font]hostname\f[]
305 \f\*[I-Font]filestamp\f[]
312 when installing a file and to install a soft link
317 If a link is present,
318 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
320 \f\*[I-Font]filestamp\f[].
321 If a link is not present,
322 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
324 \f\*[I-Font]filestamp\f[]
329 \f\*[B-Font]ntp-keygen\fP
331 \f\*[I-Font]filestamp\f[]
340 \f\*[B-Font]ntp-keygen\fP
342 \f\*[B-Font]\-T\f[]
346 A certificate trail is created when Autokey asks the immediately
357 A different sign key can be assigned using the
358 \f\*[B-Font]\-S\f[]
360 \f\*[B-Font]RSA\f[]
362 \f\*[B-Font]DSA\f[]
366 \f\*[B-Font]MD5\f[],
370 \f\*[B-Font]\-c\f[]
378 This of course creates a chicken-and-egg problem
381 should be set by some other means, such as eyeball-and-wristwatch, at
383 After that and when the host is synchronized to a proventic source, the
384 certificate should be re-generated.
389 \*[Lq]Autokey Public-Key Authentication\*[Rq]
395 \fIntpkey\f[]_
397 \fI_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[],
399 \f\*[I-Font]hostname\f[]
402 \fChostname\f[]\fR(1)\f[]
404 \f\*[I-Font]filestamp\f[]
408 by a
409 \f\*[B-Font]rm\f[] \fIntpkey\&*\f[]
411 at a specific time can be removed by a
412 \f\*[B-Font]rm\f[] \fI\&*\f[]\f\*[I-Font]filestamp\f[]
415 the first two lines of a file contain the file name
418 Each cryptographic configuration involves selection of a signature scheme
419 and identification scheme, called a cryptotype,
421 \fIAuthentication\f[] \fIOptions\f[]
423 \fCntp.conf\f[]\fR(5)\f[].
425 \f\*[B-Font]RSA\f[]
427 \f\*[B-Font]MD5\f[]
430 \f\*[B-Font]TC\f[]
432 First, configure a NTP subnet including one or more low-stratum
439 A trusted group is the set of all hosts that have, directly or indirectly,
440 a certificate trail ending at a trusted host.
443 \fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
445 \fCntp.conf\f[]\fR(5)\f[].
450 To insure a fresh fileset, remove all
451 \fIntpkey\f[]
454 \f\*[B-Font]ntp-keygen\fP
455 \f\*[B-Font]\-T\f[]
456 to generate keys and a trusted certificate.
458 \f\*[B-Font]\-T\f[]
467 If it is necessary to use a different sign key or different digest/signature
469 \f\*[B-Font]ntp-keygen\fP
471 \f\*[B-Font]\-S\f[] \f\*[I-Font]type\f[]
473 \f\*[I-Font]type\f[]
475 \f\*[B-Font]RSA\f[]
477 \f\*[B-Font]DSA\f[].
478 The most frequent need to do this is when a
479 \f\*[B-Font]DSA\f[]\-signed
481 If it is necessary to use a different certificate scheme than the default,
483 \f\*[B-Font]ntp-keygen\fP
485 \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[]
487 \f\*[I-Font]scheme\f[]
490 \f\*[B-Font]ntp-keygen\fP
491 is run again without these options, it generates a new certificate
499 \f\*[B-Font]ntp-keygen\fP
503 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
506 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
513 \f\*[B-Font]TC\f[]
514 identity scheme is vulnerable to a middleman attack.
517 \f\*[B-Font]PC\f[], \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[]
519 \f\*[B-Font]MV\f[]
521 These schemes are based on a TA, one or more trusted hosts
525 by a trusted host and certificate trails that end on that host.
526 The name of a trusted host is also the name of its sugroup
528 The TA is not necessarily a trusted host in this sense, but often is.
533 A server can also be a client of another server,
534 but a client can never be a server for another client.
545 \f\*[B-Font]ntp-keygen\fP
546 \f\*[B-Font]\-P\f[]
547 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
549 \fIntpkey\f[]_ \f\*[B-Font]RSA\f[] \fIkey_alice.\f[] \f\*[I-Font]filestamp\f[]
551 \fIntpkey\f[]_ \f\*[B-Font]RSA-MD5\f[] \f\*[B-Font]_\f[] \fIcert_alice.\f[] \f\*[I-Font]filestamp\f[],
556 \f\*[I-Font]bob\f[]
557 install a soft link from the generic name
558 \fIntpkey_host_\f[]\f\*[I-Font]bob\f[]
560 \fIntpkey_cert_\f[]\f\*[I-Font]bob\f[]
571 \f\*[B-Font]IFF\f[]
573 \f\*[B-Font]TC\f[]
577 \f\*[B-Font]IFF\f[]
580 \f\*[B-Font]ntp-keygen\fP
581 \f\*[B-Font]\-T\f[]
582 \f\*[B-Font]\-I\f[]
583 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
585 \fIntpkey_IFFpar_alice.\f[]\f\*[I-Font]filestamp\f[],
588 and clients and install a soft link from the generic
589 \fIntpkey_iff_alice\f[]
594 \f\*[B-Font]IFF\f[]
600 If a rogue client has the parameter file, it could masquerade
601 as a legitimate server and present a middleman threat.
605 \f\*[B-Font]ntp-keygen\fP
606 \f\*[B-Font]\-e\f[]
607 and pipe the output to a file or email program.
609 On these clients install a soft link from the generic
610 \fIntpkey_iff_alice\f[]
613 each file can be encrypted with a secret password.
618 \f\*[B-Font]GQ\f[]
620 \f\*[B-Font]TC\f[]
624 \f\*[B-Font]IFF\f[]
627 \f\*[B-Font]ntp-keygen\fP
628 \f\*[B-Font]\-T\f[]
629 \f\*[B-Font]\-G\f[]
630 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
632 \fIntpkey_GQpar_alice.\f[]\f\*[I-Font]filestamp\f[],
634 Copy this file to all group hosts and install a soft link
636 \fIntpkey_gq_alice\f[]
639 \f\*[I-Font]bob\f[]
640 install a soft link
642 \fIntpkey_gq_\f[]\f\*[I-Font]bob\f[]
645 \f\*[B-Font]GQ\f[]
647 \f\*[B-Font]GQ\f[]
654 \f\*[B-Font]MV\f[]
656 \f\*[B-Font]TC\f[]
662 \f\*[B-Font]ntp-keygen\fP
663 \f\*[B-Font]\-V\f[] \f\*[I-Font]n\f[]
664 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[],
666 \f\*[I-Font]n\f[]
669 \fIntpkeys_MVpar_trish.\f[]\f\*[I-Font]filestamp\f[]
671 \fIntpkeys_MVkey\f[]\f\*[I-Font]d\f[] \f\*[I-Font]_\f[] \fItrish.\f[] \f\*[I-Font]filestamp\f[]
673 \f\*[I-Font]d\f[]
675 \f\*[I-Font]d\f[]
677 \f\*[I-Font]n\f[]).
678 Copy the parameter file to alice and install a soft link
680 \fIntpkey_mv_alice\f[]
687 On client bob install a soft link from generic
688 \fIntpkey_mvkey_bob\f[]
691 \f\*[B-Font]MV\f[]
696 .NOP \f\*[B-Font]\-b\f[] \f\*[B-Font]\-\-imbits\f[]= \f\*[I-Font]modulus\f[]
698 \f\*[I-Font]modulus\f[]
705 .NOP \f\*[B-Font]\-c\f[] \f\*[B-Font]\-\-certificate\f[]= \f\*[I-Font]scheme\f[]
708 \f\*[I-Font]scheme\f[]
710 \f\*[B-Font]RSA-MD2\f[], \f\*[B-Font]RSA-MD5\f[], \f\*[B-Font]RSA-MDC2\f[], \f\*[B-Font]RSA-SHA\f[], \f\*[B-Font]RSA-SHA1\f[], \f\*[B-Font]RSA-RIPEMD160\f[], \f\*[B-Font]DSA-SHA\f[],
712 \f\*[B-Font]DSA-SHA1\f[].
714 \f\*[B-Font]RSA\f[]
716 \f\*[B-Font]RSA\f[]
718 \f\*[B-Font]DSA\f[]
719 schemes must be used with a
720 \f\*[B-Font]DSA\f[]
723 \f\*[B-Font]RSA-MD5\f[].
724 If compatibility with FIPS 140-2 is required, either the
725 \f\*[B-Font]DSA-SHA\f[]
727 \f\*[B-Font]DSA-SHA1\f[]
730 .NOP \f\*[B-Font]\-C\f[] \f\*[B-Font]\-\-cipher\f[]= \f\*[I-Font]cipher\f[]
732 The default without this option is three-key triple DES in CBC mode,
733 \f\*[B-Font]des-ede3-cbc\f[].
735 \f\*[B-Font]openssl\f[] \f\*[B-Font]\-h\f[]
738 .NOP \f\*[B-Font]\-d\f[] \f\*[B-Font]\-\-debug-level\f[]
740 This option displays the cryptographic data produced in eye-friendly billboards.
742 .NOP \f\*[B-Font]\-D\f[] \f\*[B-Font]\-\-set-debug-level\f[]= \f\*[I-Font]level\f[]
744 \f\*[I-Font]level\f[].
745 This option displays the cryptographic data produced in eye-friendly billboards.
747 .NOP \f\*[B-Font]\-e\f[] \f\*[B-Font]\-\-id-key\f[]
749 \f\*[B-Font]IFF\f[]
751 \f\*[B-Font]GQ\f[]
753 \f\*[I-Font]IFFkey\f[] \f\*[I-Font]or\f[] \f\*[I-Font]GQkey\f[]
756 \fIstdout\f[].
759 .NOP \f\*[B-Font]\-G\f[] \f\*[B-Font]\-\-gq-params\f[]
760 Generate a new encrypted
761 \f\*[B-Font]GQ\f[]
762 parameters and key file for the Guillou-Quisquater (GQ) identity scheme.
764 \f\*[B-Font]\-I\f[]
766 \f\*[B-Font]\-V\f[]
769 .NOP \f\*[B-Font]\-H\f[] \f\*[B-Font]\-\-host-key\f[]
770 Generate a new encrypted
771 \f\*[B-Font]RSA\f[]
774 .NOP \f\*[B-Font]\-I\f[] \f\*[B-Font]\-\-iffkey\f[]
775 Generate a new encrypted
776 \f\*[B-Font]IFF\f[]
779 \f\*[B-Font]\-G\f[]
784 .NOP \f\*[B-Font]\-i\f[] \f\*[B-Font]\-\-ident\f[]= \f\*[I-Font]group\f[]
786 \f\*[I-Font]group\f[].
788 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[],
790 \f\*[B-Font]MV\f[]
794 \f\*[B-Font]\-i\f[]
796 \f\*[B-Font]\-s\f[]
800 \f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[]
802 \f\*[B-Font]crypto\f[] \f\*[B-Font]ident\f[]
804 \f\*[B-Font]server\f[] \f\*[B-Font]ident\f[]
807 .NOP \f\*[B-Font]\-l\f[] \f\*[B-Font]\-\-lifetime\f[]= \f\*[I-Font]days\f[]
809 \f\*[I-Font]days\f[].
812 .NOP \f\*[B-Font]\-m\f[] \f\*[B-Font]\-\-modulus\f[]= \f\*[I-Font]bits\f[]
814 \f\*[I-Font]bits\f[].
819 .NOP \f\*[B-Font]\-M\f[] \f\*[B-Font]\-\-md5key\f[]
820 Generate a new symmetric keys file containing 10
821 \f\*[B-Font]MD5\f[]
823 \f\*[B-Font]SHA\f[]
826 \f\*[B-Font]MD5\f[]
827 key is a string of 20 random printable ASCII characters, while a
828 \f\*[B-Font]SHA\f[]
829 key is a string of 40 random hex digits.
830 The file can be edited using a text editor to change the key type or key content.
833 .NOP \f\*[B-Font]\-p\f[] \f\*[B-Font]\-\-password\f[]= \f\*[I-Font]passwd\f[]
835 \f\*[I-Font]passwd\f[].
838 \f\*[B-Font]hostname\f[]
841 .NOP \f\*[B-Font]\-P\f[] \f\*[B-Font]\-\-pvt-cert\f[]
842 Generate a new private certificate used by the
843 \f\*[B-Font]PC\f[]
848 .NOP \f\*[B-Font]\-q\f[] \f\*[B-Font]\-\-export-passwd\f[]= \f\*[I-Font]passwd\f[]
850 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[] \f\*[B-Font]and\f[] \f\*[B-Font]MV\f[]
852 \fIstdout\f[]
854 \f\*[I-Font]passwd\f[].
856 \f\*[B-Font]\-p\f[]
858 \f\*[B-Font]\-q\f[]
861 \f\*[B-Font]hostname\f[]
864 .NOP \f\*[B-Font]\-s\f[] \f\*[B-Font]\-\-subject-key\f[]= [host] [@@ \f\*[I-Font]group\f[]]
866 \f\*[I-Font]host\f[]
868 \f\*[I-Font]group\f[]
871 \f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[]
874 \f\*[B-Font]\-s\f[] \f\*[B-Font]\-@@\f[] \f\*[I-Font]group\f[]
876 \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[].
879 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[],
881 \f\*[B-Font]MV\f[]
884 \f\*[I-Font]host\f[]
886 \f\*[B-Font]hostname\f[]
889 .NOP \f\*[B-Font]\-S\f[] \f\*[B-Font]\-\-sign-key\f[]= [\f\*[B-Font]RSA\f[] | \f\*[B-Font]DSA\f[]]
890 Generate a new encrypted public/private sign key file of the specified type.
892 If compatibility with FIPS 140-2 is required, the sign key type must be
893 \f\*[B-Font]DSA\f[].
895 .NOP \f\*[B-Font]\-T\f[] \f\*[B-Font]\-\-trusted-cert\f[]
896 Generate a trusted certificate.
897 By default, the program generates a non-trusted certificate.
899 .NOP \f\*[B-Font]\-V\f[] \f\*[B-Font]\-\-mv-params\f[] \f\*[I-Font]nkeys\f[]
901 \f\*[I-Font]nkeys\f[]
902 encrypted server keys and parameters for the Mu-Varadharajan (MV)
905 \f\*[B-Font]\-I\f[]
907 \f\*[B-Font]\-G\f[]
909 Note: support for this option should be considered a work in progress.
914 the internal pseudo-random number generator used
916 The OpenSSL library uses a designated random seed file for this purpose.
918 \f\*[B-Font]ntp-keygen\fP
920 If a site supports OpenSSL or its companion OpenSSH,
929 can be used to do this and some systems have built-in entropy sources.
935 The entropy seed used by the OpenSSL library is contained in a file,
937 \fI.rnd\f[],
940 \f\*[B-Font]ntp-keygen\fP
944 \f\*[B-Font]randfile\f[]
946 \f\*[B-Font]crypto\f[]
949 \f\*[B-Font]ntp-keygen\fP
960 \fI.rnd\f[]
963 \f\*[B-Font]ntp-keygen\fP
965 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
967 \fI/.rnd\f[]
969 \fI/root/.rnd\f[].
971 the daemon exits with a message to the system log and the program
972 exits with a suitable error message.
977 \fIntpkey_\f[]\f\*[I-Font]key\f[] \f\*[I-Font]_\f[] \f\*[I-Font]name\f[]. \f\*[I-Font]filestamp\f[],
979 \f\*[I-Font]key\f[]
981 \f\*[I-Font]name\f[]
983 \f\*[I-Font]filestamp\f[]
986 \f\*[I-Font]key\f[]
989 \f\*[I-Font]key\f[]
993 \fIdate\f[]
998 \f\*[B-Font]ntp-keygen\fP
1000 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
1006 rules, then encrypted if necessary, and finally written in PEM-encoded
1012 \fIntp.keys\f[],
1027 7 MD5 \`A.([h+;wTQ|xfi%Sn_! # MD5 key
1028 8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
1029 9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
1041 .in -4
1045 .in -4
1049 Figure 1 shows a typical symmetric keys file used by the reference
1053 \f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
1054 .in -4
1056 \f\*[I-Font]keyno\f[]
1057 is a positive integer in the range 1-65535;
1058 \f\*[I-Font]type\f[]
1061 \f\*[B-Font]MD5\f[]
1065 however, if compatibility with FIPS 140-2 is required,
1067 \f\*[B-Font]SHA\f[]
1069 \f\*[B-Font]SHA1\f[];
1070 \f\*[I-Font]key\f[]
1072 which is a printable ASCII string 20 characters or less in length:
1080 character, and terminated by whitespace or a
1083 An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which
1089 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1091 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1100 \f\*[B-Font]ntp-keygen\fP
1101 program generates a symmetric keys file
1102 \fIntpkey_MD5key_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[].
1107 \fIntp.keys\f[],
1109 \f\*[B-Font]ntp-keygen\fP
1110 installs a soft link from this name to the generated file.
1116 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1118 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1122 .NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]imbits\f[], \f\*[B-Font]\-\-imbits\f[]=\f\*[I-Font]imbits\f[]
1126 \f\*[I-Font]imbits\f[]
1133 .in -4
1137 .NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[], \f\*[B-Font]\-\-certificate\f[]=\f\*[I-Font]scheme\f[]
1141 RSA-MD2, RSA-MD5, RSA-MDC2, RSA-SHA, RSA-SHA1, RSA-RIPEMD160,
1142 DSA-SHA, or DSA-SHA1.
1145 Note that RSA schemes must be used with a RSA sign key and DSA
1146 schemes must be used with a DSA sign key. The default without
1147 this option is RSA-MD5.
1149 .NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]cipher\f[], \f\*[B-Font]\-\-cipher\f[]=\f\*[I-Font]cipher\f[]
1153 private keys. The default is three-key triple DES in CBC mode,
1154 equivalent to "\fB-C des-ede3-cbc\fP". The openssl tool lists ciphers
1155 available in "\fBopenssl \-h\fP" output.
1157 .NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
1162 .NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
1168 .NOP \f\*[B-Font]\-e\f[], \f\*[B-Font]\-\-id\-key\f[]
1175 .NOP \f\*[B-Font]\-G\f[], \f\*[B-Font]\-\-gq\-params\f[]
1181 .NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-host\-key\f[]
1186 .NOP \f\*[B-Font]\-I\f[], \f\*[B-Font]\-\-iffkey\f[]
1192 .NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[], \f\*[B-Font]\-\-ident\f[]=\f\*[I-Font]group\f[]
1198 provided. The group name, if specified using \fB-i/--ident\fP or
1199 using \fB-s/--subject-name\fP following an '\fB@@\fP' character,
1200 is also a part of the self-signed host certificate subject and
1205 .NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]lifetime\f[], \f\*[B-Font]\-\-lifetime\f[]=\f\*[I-Font]lifetime\f[]
1211 .NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]modulus\f[], \f\*[B-Font]\-\-modulus\f[]=\f\*[I-Font]modulus\f[]
1215 \f\*[I-Font]modulus\f[]
1222 .in -4
1226 .NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-md5key\f[]
1231 .NOP \f\*[B-Font]\-P\f[], \f\*[B-Font]\-\-pvt\-cert\f[]
1234 Generate a private certificate. By default, the program generates
1237 .NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-password\f[]=\f\*[I-Font]passwd\f[]
1241 DES-CBC algorithm and the specified password. The same password
1246 .NOP \f\*[B-Font]\-q\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-export\-passwd\f[]=\f\*[I-Font]passwd\f[]
1250 encrypted with the DES-CBC algorithm and the specified password.
1253 --id-key (-e) for unencrypted exports.
1255 .NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]host@group\f[], \f\*[B-Font]\-\-subject\-name\f[]=\f\*[I-Font]host@group\f[]
1263 fields. Specifying '\fB-s @@group\fP' is allowed, and results in
1265 subject and issuer fields, as with \fB-i group\fP. The group name, or
1269 .NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]sign\f[], \f\*[B-Font]\-\-sign\-key\f[]=\f\*[I-Font]sign\f[]
1272 Generate a new sign key of the designated type, obsoleting any
1276 .NOP \f\*[B-Font]\-T\f[], \f\*[B-Font]\-\-trusted\-cert\f[]
1279 Generate a trusted certificate. By default, the program generates
1280 a non-trusted certificate.
1282 .NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-params\f[]=\f\*[I-Font]num\f[]
1286 Generate parameters and keys for the Mu-Varadharajan (MV)
1289 .NOP \f\*[B-Font]\-v\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-keys\f[]=\f\*[I-Font]num\f[]
1295 .NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
1298 .NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
1299 Pass the extended usage information through a pager.
1301 .NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
1306 .NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
1308 The \fIno-load-opts\fP form will disable the loading
1309 of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
1312 .NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
1313 Output version of program and exit. The default mode is `v', a simple
1322 \fBNTP_KEYGEN_<option-name>\fP or \fBNTP_KEYGEN\fP
1345 A specified configuration file could not be loaded.
1349 it to autogen-users@lists.sourceforge.net. Thank you.
1354 Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved.
1357 It can take quite a while to generate some cryptographic values.
1371 This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP