Lines Matching +full:host +full:- +full:only
2 . it 1 an-trap
6 .ds B-Font [CB]
7 .ds I-Font [CI]
8 .ds R-Font [CR]
10 .ds B-Font B
11 .ds I-Font I
12 .ds R-Font R
13 .TH ntp-keygen 1ntp-keygenman "25 May 2024" "ntp (4.2.8p18)" "User Commands"
15 .\" EDIT THIS FILE WITH CAUTION (in-mem file)
17 .\" It has been AutoGen-ed May 25, 2024 at 12:04:51 AM by AutoGen 5.18.16
18 .\" From the definitions ntp-keygen-opts.def
19 .\" and the template file agman-cmd.tpl
21 \f\*[B-Font]ntp-keygen\fP
22 \- Create a NTP host key
24 \f\*[B-Font]ntp-keygen\fP
26 [\f\*[B-Font]\-flags\f[]]
27 [\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
28 [\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
40 if the OpenSSL software library has been installed, it can generate host keys,
51 All other files are in PEM-encoded printable ASCII format,
59 produces a file containing ten pseudo-random printable ASCII strings
63 hex-encoded random bit strings suitable for SHA1, AES-128-CMAC, and
88 \f\*[B-Font]\-p\f[]
90 \f\*[B-Font]\-q\f[]
92 If no password is specified, the host name returned by the Unix
94 command, normally the DNS name of the host, is used as the the default read
97 \f\*[B-Font]ntp-keygen\fP
107 \f\*[B-Font]pw\f[]
109 \f\*[B-Font]crypto\f[]
114 If not specified, the host name is used.
118 without specifying an explicit password but only on the same host.
119 If the write password used for encryption is specified as the host name,
120 these files can be read by that host with no explicit password.
124 Normally, encrypted files for each host are generated by that host and
125 used only by that host, although exceptions exist as noted later on
134 NFS-mounted networks and cannot be changed by shared clients.
139 \f\*[B-Font]keysdir\f[]
154 and include the file type, generating host and filestamp,
160 \f\*[B-Font]ntp-keygen\fP
163 \f\*[I-Font]keys\f[]
172 \f\*[I-Font]keys\f[]
178 \f\*[B-Font]ntp-keygen\fP
180 \f\*[B-Font]RSA\f[]
181 host key and matching
182 \f\*[B-Font]RSA-MD5\f[]
193 The host key is used to encrypt the cookie when required and so must be
194 \f\*[B-Font]RSA\f[]
196 By default, the host key is also the sign key used to encrypt signatures.
199 \f\*[B-Font]RSA\f[]
201 \f\*[B-Font]DSA\f[]
204 \f\*[B-Font]MD5\f[],
208 \f\*[B-Font]AES128CMAC\f[], \f\*[B-Font]MD2\f[], \f\*[B-Font]MD5\f[], \f\*[B-Font]MDC2\f[], \f\*[B-Font]SHA\f[], \f\*[B-Font]SHA1\f[]
210 \f\*[B-Font]RIPE160\f[]
215 \f\*[B-Font]RSA\f[]
217 however, only
218 \f\*[B-Font]SHA\f[]
220 \f\*[B-Font]SHA1\f[]
222 \f\*[B-Font]DSA\f[]
244 However, there should be only one
254 Installing the keys as root might not work in NFS-mounted
261 \f\*[B-Font]keysdir\f[]
270 Ordinarily, cryptographic files are generated by the host that uses them,
274 of the host generating the files, but can be changed by command line options.
277 The owner name is also used for the host and sign key files,
285 in NFS-mounted networks.
289 Normally, the files for each host are generated by that host
290 and used only by that host, although exceptions exist
296 including the host key, sign key and identification parameters,
297 are permitted root read/write-only;
303 \f\*[I-Font]hostname\f[]
305 \f\*[I-Font]filestamp\f[]
320 \f\*[I-Font]filestamp\f[].
324 \f\*[I-Font]filestamp\f[]
329 \f\*[B-Font]ntp-keygen\fP
331 \f\*[I-Font]filestamp\f[]
339 Designate one of them as the trusted host (TH) using
340 \f\*[B-Font]ntp-keygen\fP
342 \f\*[B-Font]\-T\f[]
347 ascendant host towards the TH to sign its certificate, which is then
348 provided to the immediately descendant host on request.
353 The host key is used to encrypt the cookie when required and so must be
355 By default, the host key is also the sign key used to encrypt
358 \f\*[B-Font]\-S\f[]
360 \f\*[B-Font]RSA\f[]
362 \f\*[B-Font]DSA\f[]
366 \f\*[B-Font]MD5\f[],
370 \f\*[B-Font]\-c\f[]
376 filestamps, which means the host should already be synchronized before
378 This of course creates a chicken-and-egg problem
379 when the host is started for the first time.
380 Accordingly, the host time
381 should be set by some other means, such as eyeball-and-wristwatch, at
383 After that and when the host is synchronized to a proventic source, the
384 certificate should be re-generated.
389 \*[Lq]Autokey Public-Key Authentication\*[Rq]
397 \fI_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[],
399 \f\*[I-Font]hostname\f[]
404 \f\*[I-Font]filestamp\f[]
409 \f\*[B-Font]rm\f[] \fIntpkey\&*\f[]
412 \f\*[B-Font]rm\f[] \fI\&*\f[]\f\*[I-Font]filestamp\f[]
425 \f\*[B-Font]RSA\f[]
427 \f\*[B-Font]MD5\f[]
430 \f\*[B-Font]TC\f[]
432 First, configure a NTP subnet including one or more low-stratum
440 a certificate trail ending at a trusted host.
449 On each trusted host as root, change to the keys directory.
454 \f\*[B-Font]ntp-keygen\fP
455 \f\*[B-Font]\-T\f[]
458 \f\*[B-Font]\-T\f[]
469 \f\*[B-Font]ntp-keygen\fP
471 \f\*[B-Font]\-S\f[] \f\*[I-Font]type\f[]
473 \f\*[I-Font]type\f[]
475 \f\*[B-Font]RSA\f[]
477 \f\*[B-Font]DSA\f[].
479 \f\*[B-Font]DSA\f[]\-signed
483 \f\*[B-Font]ntp-keygen\fP
485 \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[]
487 \f\*[I-Font]scheme\f[]
490 \f\*[B-Font]ntp-keygen\fP
497 from time to time, if only to extend the validity interval.
499 \f\*[B-Font]ntp-keygen\fP
502 However, if the host or sign key is changed,
513 \f\*[B-Font]TC\f[]
517 \f\*[B-Font]PC\f[], \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[]
519 \f\*[B-Font]MV\f[]
525 by a trusted host and certificate trails that end on that host.
526 The name of a trusted host is also the name of its sugroup
528 The TA is not necessarily a trusted host in this sense, but often is.
539 only as clients have key files that contain only client keys.
543 The PC scheme supports only one trusted host in the group.
544 On trusted host alice run
545 \f\*[B-Font]ntp-keygen\fP
546 \f\*[B-Font]\-P\f[]
547 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
548 to generate the host key file
549 \fIntpkey\f[]_ \f\*[B-Font]RSA\f[] \fIkey_alice.\f[] \f\*[I-Font]filestamp\f[]
551 \fIntpkey\f[]_ \f\*[B-Font]RSA-MD5\f[] \f\*[B-Font]_\f[] \fIcert_alice.\f[] \f\*[I-Font]filestamp\f[],
555 On each host
556 \f\*[I-Font]bob\f[]
558 \fIntpkey_host_\f[]\f\*[I-Font]bob\f[]
559 to the host key file and soft link
560 \fIntpkey_cert_\f[]\f\*[I-Font]bob\f[]
563 by trusted host alice.
571 \f\*[B-Font]IFF\f[]
573 \f\*[B-Font]TC\f[]
575 and certificates for all group hosts, then for every trusted host in the group,
577 \f\*[B-Font]IFF\f[]
579 On trusted host alice run
580 \f\*[B-Font]ntp-keygen\fP
581 \f\*[B-Font]\-T\f[]
582 \f\*[B-Font]\-I\f[]
583 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
585 \fIntpkey_IFFpar_alice.\f[]\f\*[I-Font]filestamp\f[],
591 If there are no hosts restricted to operate only as clients,
594 \f\*[B-Font]IFF\f[]
605 \f\*[B-Font]ntp-keygen\fP
606 \f\*[B-Font]\-e\f[]
618 \f\*[B-Font]GQ\f[]
620 \f\*[B-Font]TC\f[]
622 and certificates for all group hosts, then for every trusted host
624 \f\*[B-Font]IFF\f[]
626 On trusted host alice run
627 \f\*[B-Font]ntp-keygen\fP
628 \f\*[B-Font]\-T\f[]
629 \f\*[B-Font]\-G\f[]
630 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
632 \fIntpkey_GQpar_alice.\f[]\f\*[I-Font]filestamp\f[],
638 In addition, on each host
639 \f\*[I-Font]bob\f[]
642 \fIntpkey_gq_\f[]\f\*[I-Font]bob\f[]
645 \f\*[B-Font]GQ\f[]
647 \f\*[B-Font]GQ\f[]
654 \f\*[B-Font]MV\f[]
656 \f\*[B-Font]TC\f[]
662 \f\*[B-Font]ntp-keygen\fP
663 \f\*[B-Font]\-V\f[] \f\*[I-Font]n\f[]
664 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[],
666 \f\*[I-Font]n\f[]
669 \fIntpkeys_MVpar_trish.\f[]\f\*[I-Font]filestamp\f[]
671 \fIntpkeys_MVkey\f[]\f\*[I-Font]d\f[] \f\*[I-Font]_\f[] \fItrish.\f[] \f\*[I-Font]filestamp\f[]
673 \f\*[I-Font]d\f[]
675 \f\*[I-Font]d\f[]
677 \f\*[I-Font]n\f[]).
691 \f\*[B-Font]MV\f[]
696 .NOP \f\*[B-Font]\-b\f[] \f\*[B-Font]\-\-imbits\f[]= \f\*[I-Font]modulus\f[]
698 \f\*[I-Font]modulus\f[]
705 .NOP \f\*[B-Font]\-c\f[] \f\*[B-Font]\-\-certificate\f[]= \f\*[I-Font]scheme\f[]
708 \f\*[I-Font]scheme\f[]
710 \f\*[B-Font]RSA-MD2\f[], \f\*[B-Font]RSA-MD5\f[], \f\*[B-Font]RSA-MDC2\f[], \f\*[B-Font]RSA-SHA\f[], \f\*[B-Font]RSA-SHA1\f[], \f\*[B-Font]RSA-RIPEMD160\f[], \f\*[B-Font]DSA-SHA\f[],
712 \f\*[B-Font]DSA-SHA1\f[].
714 \f\*[B-Font]RSA\f[]
716 \f\*[B-Font]RSA\f[]
718 \f\*[B-Font]DSA\f[]
720 \f\*[B-Font]DSA\f[]
723 \f\*[B-Font]RSA-MD5\f[].
724 If compatibility with FIPS 140-2 is required, either the
725 \f\*[B-Font]DSA-SHA\f[]
727 \f\*[B-Font]DSA-SHA1\f[]
730 .NOP \f\*[B-Font]\-C\f[] \f\*[B-Font]\-\-cipher\f[]= \f\*[I-Font]cipher\f[]
732 The default without this option is three-key triple DES in CBC mode,
733 \f\*[B-Font]des-ede3-cbc\f[].
735 \f\*[B-Font]openssl\f[] \f\*[B-Font]\-h\f[]
738 .NOP \f\*[B-Font]\-d\f[] \f\*[B-Font]\-\-debug-level\f[]
740 This option displays the cryptographic data produced in eye-friendly billboards.
742 .NOP \f\*[B-Font]\-D\f[] \f\*[B-Font]\-\-set-debug-level\f[]= \f\*[I-Font]level\f[]
744 \f\*[I-Font]level\f[].
745 This option displays the cryptographic data produced in eye-friendly billboards.
747 .NOP \f\*[B-Font]\-e\f[] \f\*[B-Font]\-\-id-key\f[]
749 \f\*[B-Font]IFF\f[]
751 \f\*[B-Font]GQ\f[]
753 \f\*[I-Font]IFFkey\f[] \f\*[I-Font]or\f[] \f\*[I-Font]GQkey\f[]
759 .NOP \f\*[B-Font]\-G\f[] \f\*[B-Font]\-\-gq-params\f[]
761 \f\*[B-Font]GQ\f[]
762 parameters and key file for the Guillou-Quisquater (GQ) identity scheme.
764 \f\*[B-Font]\-I\f[]
766 \f\*[B-Font]\-V\f[]
769 .NOP \f\*[B-Font]\-H\f[] \f\*[B-Font]\-\-host-key\f[]
771 \f\*[B-Font]RSA\f[]
772 public/private host key file.
774 .NOP \f\*[B-Font]\-I\f[] \f\*[B-Font]\-\-iffkey\f[]
776 \f\*[B-Font]IFF\f[]
779 \f\*[B-Font]\-G\f[]
784 .NOP \f\*[B-Font]\-i\f[] \f\*[B-Font]\-\-ident\f[]= \f\*[I-Font]group\f[]
786 \f\*[I-Font]group\f[].
788 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[],
790 \f\*[B-Font]MV\f[]
792 In that role, the default is the host name if no group is provided.
794 \f\*[B-Font]\-i\f[]
796 \f\*[B-Font]\-s\f[]
800 \f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[]
802 \f\*[B-Font]crypto\f[] \f\*[B-Font]ident\f[]
804 \f\*[B-Font]server\f[] \f\*[B-Font]ident\f[]
807 .NOP \f\*[B-Font]\-l\f[] \f\*[B-Font]\-\-lifetime\f[]= \f\*[I-Font]days\f[]
809 \f\*[I-Font]days\f[].
812 .NOP \f\*[B-Font]\-m\f[] \f\*[B-Font]\-\-modulus\f[]= \f\*[I-Font]bits\f[]
814 \f\*[I-Font]bits\f[].
819 .NOP \f\*[B-Font]\-M\f[] \f\*[B-Font]\-\-md5key\f[]
821 \f\*[B-Font]MD5\f[]
823 \f\*[B-Font]SHA\f[]
826 \f\*[B-Font]MD5\f[]
828 \f\*[B-Font]SHA\f[]
833 .NOP \f\*[B-Font]\-p\f[] \f\*[B-Font]\-\-password\f[]= \f\*[I-Font]passwd\f[]
835 \f\*[I-Font]passwd\f[].
836 These include the host, sign and identify key files.
838 \f\*[B-Font]hostname\f[]
841 .NOP \f\*[B-Font]\-P\f[] \f\*[B-Font]\-\-pvt-cert\f[]
843 \f\*[B-Font]PC\f[]
848 .NOP \f\*[B-Font]\-q\f[] \f\*[B-Font]\-\-export-passwd\f[]= \f\*[I-Font]passwd\f[]
850 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[] \f\*[B-Font]and\f[] \f\*[B-Font]MV\f[]
854 \f\*[I-Font]passwd\f[].
856 \f\*[B-Font]\-p\f[]
858 \f\*[B-Font]\-q\f[]
861 \f\*[B-Font]hostname\f[]
864 .NOP \f\*[B-Font]\-s\f[] \f\*[B-Font]\-\-subject-key\f[]= [host] [@@ \f\*[I-Font]group\f[]]
865 Specify the Autokey host name, where
866 \f\*[I-Font]host\f[]
867 is the optional host name and
868 \f\*[I-Font]group\f[]
870 The host name, and if provided, group name are used in
871 \f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[]
874 \f\*[B-Font]\-s\f[] \f\*[B-Font]\-@@\f[] \f\*[I-Font]group\f[]
875 is allowed, and results in leaving the host name unchanged, as with
876 \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[].
877 The group name, or if no group is provided, the host name are also used in the
879 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[],
881 \f\*[B-Font]MV\f[]
884 \f\*[I-Font]host\f[]
885 is not specified, the default host name is the string returned by the Unix
886 \f\*[B-Font]hostname\f[]
889 .NOP \f\*[B-Font]\-S\f[] \f\*[B-Font]\-\-sign-key\f[]= [\f\*[B-Font]RSA\f[] | \f\*[B-Font]DSA\f[]]
891 By default, the sign key is the host key and has the same type.
892 If compatibility with FIPS 140-2 is required, the sign key type must be
893 \f\*[B-Font]DSA\f[].
895 .NOP \f\*[B-Font]\-T\f[] \f\*[B-Font]\-\-trusted-cert\f[]
897 By default, the program generates a non-trusted certificate.
899 .NOP \f\*[B-Font]\-V\f[] \f\*[B-Font]\-\-mv-params\f[] \f\*[I-Font]nkeys\f[]
901 \f\*[I-Font]nkeys\f[]
902 encrypted server keys and parameters for the Mu-Varadharajan (MV)
905 \f\*[B-Font]\-I\f[]
907 \f\*[B-Font]\-G\f[]
914 the internal pseudo-random number generator used
918 \f\*[B-Font]ntp-keygen\fP
929 can be used to do this and some systems have built-in entropy sources.
940 \f\*[B-Font]ntp-keygen\fP
944 \f\*[B-Font]randfile\f[]
946 \f\*[B-Font]crypto\f[]
949 \f\*[B-Font]ntp-keygen\fP
963 \f\*[B-Font]ntp-keygen\fP
975 The first line contains the file name, including the generated host name
977 \fIntpkey_\f[]\f\*[I-Font]key\f[] \f\*[I-Font]_\f[] \f\*[I-Font]name\f[]. \f\*[I-Font]filestamp\f[],
979 \f\*[I-Font]key\f[]
981 \f\*[I-Font]name\f[]
982 is the host or group name and
983 \f\*[I-Font]filestamp\f[]
986 \f\*[I-Font]key\f[]
989 \f\*[I-Font]key\f[]
990 names in generated link names include only lower case characters.
998 \f\*[B-Font]ntp-keygen\fP
1006 rules, then encrypted if necessary, and finally written in PEM-encoded
1029 9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
1041 .in -4
1045 .in -4
1053 \f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
1054 .in -4
1056 \f\*[I-Font]keyno\f[]
1057 is a positive integer in the range 1-65535;
1058 \f\*[I-Font]type\f[]
1061 \f\*[B-Font]MD5\f[]
1065 however, if compatibility with FIPS 140-2 is required,
1067 \f\*[B-Font]SHA\f[]
1069 \f\*[B-Font]SHA1\f[];
1070 \f\*[I-Font]key\f[]
1083 An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which
1100 \f\*[B-Font]ntp-keygen\fP
1102 \fIntpkey_MD5key_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[].
1104 it should be visible only to root and distributed by secure means
1109 \f\*[B-Font]ntp-keygen\fP
1122 .NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]imbits\f[], \f\*[B-Font]\-\-imbits\f[]=\f\*[I-Font]imbits\f[]
1126 \f\*[I-Font]imbits\f[]
1133 .in -4
1137 .NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[], \f\*[B-Font]\-\-certificate\f[]=\f\*[I-Font]scheme\f[]
1141 RSA-MD2, RSA-MD5, RSA-MDC2, RSA-SHA, RSA-SHA1, RSA-RIPEMD160,
1142 DSA-SHA, or DSA-SHA1.
1147 this option is RSA-MD5.
1149 .NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]cipher\f[], \f\*[B-Font]\-\-cipher\f[]=\f\*[I-Font]cipher\f[]
1153 private keys. The default is three-key triple DES in CBC mode,
1154 equivalent to "\fB-C des-ede3-cbc\fP". The openssl tool lists ciphers
1155 available in "\fBopenssl \-h\fP" output.
1157 .NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
1162 .NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
1168 .NOP \f\*[B-Font]\-e\f[], \f\*[B-Font]\-\-id\-key\f[]
1175 .NOP \f\*[B-Font]\-G\f[], \f\*[B-Font]\-\-gq\-params\f[]
1181 .NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-host\-key\f[]
1182 generate RSA host key.
1184 Generate new host keys, obsoleting any that may exist.
1186 .NOP \f\*[B-Font]\-I\f[], \f\*[B-Font]\-\-iffkey\f[]
1192 .NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[], \f\*[B-Font]\-\-ident\f[]=\f\*[I-Font]group\f[]
1197 that role, the default is the host name if this option is not
1198 provided. The group name, if specified using \fB-i/--ident\fP or
1199 using \fB-s/--subject-name\fP following an '\fB@@\fP' character,
1200 is also a part of the self-signed host certificate subject and
1205 .NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]lifetime\f[], \f\*[B-Font]\-\-lifetime\f[]=\f\*[I-Font]lifetime\f[]
1211 .NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]modulus\f[], \f\*[B-Font]\-\-modulus\f[]=\f\*[I-Font]modulus\f[]
1215 \f\*[I-Font]modulus\f[]
1222 .in -4
1226 .NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-md5key\f[]
1231 .NOP \f\*[B-Font]\-P\f[], \f\*[B-Font]\-\-pvt\-cert\f[]
1237 .NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-password\f[]=\f\*[I-Font]passwd\f[]
1241 DES-CBC algorithm and the specified password. The same password
1246 .NOP \f\*[B-Font]\-q\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-export\-passwd\f[]=\f\*[I-Font]passwd\f[]
1250 encrypted with the DES-CBC algorithm and the specified password.
1253 --id-key (-e) for unencrypted exports.
1255 .NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]host@group\f[], \f\*[B-Font]\-\-subject\-name\f[]=\f\*[I-Font]host@group\f[]
1256 set host and optionally group name.
1258 Set the Autokey host name, and optionally, group name specified
1259 following an '\fB@@\fP' character. The host name is used in the file
1260 name of generated host and signing certificates, without the
1261 group name. The host name, and if provided, group name are used
1262 in \fBhost@@group\fP form for the host certificate subject and issuer
1263 fields. Specifying '\fB-s @@group\fP' is allowed, and results in
1264 leaving the host name unchanged while appending \fB@@group\fP to the
1265 subject and issuer fields, as with \fB-i group\fP. The group name, or
1266 if not provided, the host name are also used in the file names
1269 .NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]sign\f[], \f\*[B-Font]\-\-sign\-key\f[]=\f\*[I-Font]sign\f[]
1273 that may exist. By default, the program uses the host key as the
1276 .NOP \f\*[B-Font]\-T\f[], \f\*[B-Font]\-\-trusted\-cert\f[]
1280 a non-trusted certificate.
1282 .NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-params\f[]=\f\*[I-Font]num\f[]
1286 Generate parameters and keys for the Mu-Varadharajan (MV)
1289 .NOP \f\*[B-Font]\-v\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-keys\f[]=\f\*[I-Font]num\f[]
1295 .NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
1298 .NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
1301 .NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
1306 .NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
1308 The \fIno-load-opts\fP form will disable the loading
1309 of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
1312 .NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
1322 \fBNTP_KEYGEN_<option-name>\fP or \fBNTP_KEYGEN\fP
1349 it to autogen-users@lists.sourceforge.net. Thank you.
1354 Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved.
1371 This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP