Lines Matching +full:keys +full:- +full:per +full:- +full:group
2 . it 1 an-trap
6 .ds B-Font [CB]
7 .ds I-Font [CI]
8 .ds R-Font [CR]
10 .ds B-Font B
11 .ds I-Font I
12 .ds R-Font R
13 .TH ntp-keygen 1ntp-keygenman "25 May 2024" "ntp (4.2.8p18)" "User Commands"
15 .\" EDIT THIS FILE WITH CAUTION (in-mem file)
17 .\" It has been AutoGen-ed May 25, 2024 at 12:04:51 AM by AutoGen 5.18.16
18 .\" From the definitions ntp-keygen-opts.def
19 .\" and the template file agman-cmd.tpl
21 \f\*[B-Font]ntp-keygen\fP
22 \- Create a NTP host key
24 \f\*[B-Font]ntp-keygen\fP
26 [\f\*[B-Font]\-flags\f[]]
27 [\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
28 [\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
39 It can generate message digest keys used in symmetric key cryptography and,
40 if the OpenSSL software library has been installed, it can generate host keys,
41 signing keys, certificates, and identity keys and parameters used in Autokey
49 The message digest symmetric keys file is generated in a format
51 All other files are in PEM-encoded printable ASCII format,
58 When used to generate message digest symmetric keys, the program
59 produces a file containing ten pseudo-random printable ASCII strings
63 hex-encoded random bit strings suitable for SHA1, AES-128-CMAC, and
65 The message digest symmetric keys file must be distributed and stored
67 Besides the keys used for ordinary NTP associations, additional keys
81 However, the identity keys are probably not compatible with anything
88 \f\*[B-Font]\-p\f[]
90 \f\*[B-Font]\-q\f[]
97 \f\*[B-Font]ntp-keygen\fP
107 \f\*[B-Font]pw\f[]
109 \f\*[B-Font]crypto\f[]
127 The symmetric keys file, normally called
128 \fIntp.keys\f[],
134 NFS-mounted networks and cannot be changed by shared clients.
139 \f\*[B-Font]keysdir\f[]
160 \f\*[B-Font]ntp-keygen\fP
163 \f\*[I-Font]keys\f[]
172 \f\*[I-Font]keys\f[]
178 \f\*[B-Font]ntp-keygen\fP
180 \f\*[B-Font]RSA\f[]
182 \f\*[B-Font]RSA-MD5\f[]
188 existing keys and parameters and generates a new certificate file with
194 \f\*[B-Font]RSA\f[]
199 \f\*[B-Font]RSA\f[]
201 \f\*[B-Font]DSA\f[]
204 \f\*[B-Font]MD5\f[],
208 \f\*[B-Font]AES128CMAC\f[], \f\*[B-Font]MD2\f[], \f\*[B-Font]MD5\f[], \f\*[B-Font]MDC2\f[], \f\*[B-Font]SHA\f[], \f\*[B-Font]SHA1\f[]
210 \f\*[B-Font]RIPE160\f[]
215 \f\*[B-Font]RSA\f[]
216 sign keys;
218 \f\*[B-Font]SHA\f[]
220 \f\*[B-Font]SHA1\f[]
222 \f\*[B-Font]DSA\f[]
223 sign keys.
254 Installing the keys as root might not work in NFS-mounted
256 to the shared keys directory, even as root.
261 \f\*[B-Font]keysdir\f[]
264 There is no need for one client to read the keys and certificates
282 All files are installed by default in the keys directory
285 in NFS-mounted networks.
286 The actual location of the keys directory
297 are permitted root read/write-only;
303 \f\*[I-Font]hostname\f[]
305 \f\*[I-Font]filestamp\f[]
320 \f\*[I-Font]filestamp\f[].
324 \f\*[I-Font]filestamp\f[]
329 \f\*[B-Font]ntp-keygen\fP
331 \f\*[I-Font]filestamp\f[]
340 \f\*[B-Font]ntp-keygen\fP
342 \f\*[B-Font]\-T\f[]
349 All group hosts should have acyclic certificate trails ending on the TH.
358 \f\*[B-Font]\-S\f[]
360 \f\*[B-Font]RSA\f[]
362 \f\*[B-Font]DSA\f[]
366 \f\*[B-Font]MD5\f[],
370 \f\*[B-Font]\-c\f[]
378 This of course creates a chicken-and-egg problem
381 should be set by some other means, such as eyeball-and-wristwatch, at
384 certificate should be re-generated.
389 \*[Lq]Autokey Public-Key Authentication\*[Rq]
397 \fI_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[],
399 \f\*[I-Font]hostname\f[]
404 \f\*[I-Font]filestamp\f[]
409 \f\*[B-Font]rm\f[] \fIntpkey\&*\f[]
412 \f\*[B-Font]rm\f[] \fI\&*\f[]\f\*[I-Font]filestamp\f[]
425 \f\*[B-Font]RSA\f[]
427 \f\*[B-Font]MD5\f[]
430 \f\*[B-Font]TC\f[]
432 First, configure a NTP subnet including one or more low-stratum
439 A trusted group is the set of all hosts that have, directly or indirectly,
449 On each trusted host as root, change to the keys directory.
454 \f\*[B-Font]ntp-keygen\fP
455 \f\*[B-Font]\-T\f[]
456 to generate keys and a trusted certificate.
458 \f\*[B-Font]\-T\f[]
459 flag to generate keys and nontrusted certificates.
469 \f\*[B-Font]ntp-keygen\fP
471 \f\*[B-Font]\-S\f[] \f\*[I-Font]type\f[]
473 \f\*[I-Font]type\f[]
475 \f\*[B-Font]RSA\f[]
477 \f\*[B-Font]DSA\f[].
479 \f\*[B-Font]DSA\f[]\-signed
483 \f\*[B-Font]ntp-keygen\fP
485 \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[]
487 \f\*[I-Font]scheme\f[]
490 \f\*[B-Font]ntp-keygen\fP
499 \f\*[B-Font]ntp-keygen\fP
501 using existing keys, and soft links.
513 \f\*[B-Font]TC\f[]
517 \f\*[B-Font]PC\f[], \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[]
519 \f\*[B-Font]MV\f[]
532 In some schemes there are separate keys for servers and clients.
537 both server and client keys.
539 only as clients have key files that contain only client keys.
543 The PC scheme supports only one trusted host in the group.
545 \f\*[B-Font]ntp-keygen\fP
546 \f\*[B-Font]\-P\f[]
547 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
549 \fIntpkey\f[]_ \f\*[B-Font]RSA\f[] \fIkey_alice.\f[] \f\*[I-Font]filestamp\f[]
551 \fIntpkey\f[]_ \f\*[B-Font]RSA-MD5\f[] \f\*[B-Font]_\f[] \fIcert_alice.\f[] \f\*[I-Font]filestamp\f[],
553 Copy both files to all group hosts;
556 \f\*[I-Font]bob\f[]
558 \fIntpkey_host_\f[]\f\*[I-Font]bob\f[]
560 \fIntpkey_cert_\f[]\f\*[I-Font]bob\f[]
565 either the keys or certificates without copying them
566 to all other hosts in the group, and recreating the soft links.
571 \f\*[B-Font]IFF\f[]
573 \f\*[B-Font]TC\f[]
574 scheme to generate keys
575 and certificates for all group hosts, then for every trusted host in the group,
577 \f\*[B-Font]IFF\f[]
580 \f\*[B-Font]ntp-keygen\fP
581 \f\*[B-Font]\-T\f[]
582 \f\*[B-Font]\-I\f[]
583 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
585 \fIntpkey_IFFpar_alice.\f[]\f\*[I-Font]filestamp\f[],
586 which includes both server and client keys.
587 Copy this file to all group hosts that operate as both servers
594 \f\*[B-Font]IFF\f[]
596 of keys and certificates, these files can be refreshed as needed.
602 To eliminate this threat, the client keys can be extracted
605 \f\*[B-Font]ntp-keygen\fP
606 \f\*[B-Font]\-e\f[]
612 To further protect the integrity of the keys,
618 \f\*[B-Font]GQ\f[]
620 \f\*[B-Font]TC\f[]
621 scheme to generate keys
622 and certificates for all group hosts, then for every trusted host
623 in the group, generate the
624 \f\*[B-Font]IFF\f[]
627 \f\*[B-Font]ntp-keygen\fP
628 \f\*[B-Font]\-T\f[]
629 \f\*[B-Font]\-G\f[]
630 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
632 \fIntpkey_GQpar_alice.\f[]\f\*[I-Font]filestamp\f[],
633 which includes both server and client keys.
634 Copy this file to all group hosts and install a soft link
639 \f\*[I-Font]bob\f[]
642 \fIntpkey_gq_\f[]\f\*[I-Font]bob\f[]
645 \f\*[B-Font]GQ\f[]
647 \f\*[B-Font]GQ\f[]
649 at the same time, keys and certificates can be regenerated as needed.
654 \f\*[B-Font]MV\f[]
656 \f\*[B-Font]TC\f[]
657 scheme to generate keys
658 and certificates for all group hosts.
662 \f\*[B-Font]ntp-keygen\fP
663 \f\*[B-Font]\-V\f[] \f\*[I-Font]n\f[]
664 \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[],
666 \f\*[I-Font]n\f[]
667 is the number of revokable keys (typically 5) to produce
669 \fIntpkeys_MVpar_trish.\f[]\f\*[I-Font]filestamp\f[]
671 \fIntpkeys_MVkey\f[]\f\*[I-Font]d\f[] \f\*[I-Font]_\f[] \fItrish.\f[] \f\*[I-Font]filestamp\f[]
673 \f\*[I-Font]d\f[]
675 \f\*[I-Font]d\f[]
677 \f\*[I-Font]n\f[]).
691 \f\*[B-Font]MV\f[]
692 scheme is independent of keys and certificates,
696 .NOP \f\*[B-Font]\-b\f[] \f\*[B-Font]\-\-imbits\f[]= \f\*[I-Font]modulus\f[]
697 Set the number of bits in the identity modulus for generating identity keys to
698 \f\*[I-Font]modulus\f[]
705 .NOP \f\*[B-Font]\-c\f[] \f\*[B-Font]\-\-certificate\f[]= \f\*[I-Font]scheme\f[]
708 \f\*[I-Font]scheme\f[]
710 \f\*[B-Font]RSA-MD2\f[], \f\*[B-Font]RSA-MD5\f[], \f\*[B-Font]RSA-MDC2\f[], \f\*[B-Font]RSA-SHA\f[], \f\*[B-Font]RSA-SHA1\f[], \f\*[B-Font]RSA-RIPEMD160\f[], \f\*[B-Font]DSA-SHA\f[],
712 \f\*[B-Font]DSA-SHA1\f[].
714 \f\*[B-Font]RSA\f[]
716 \f\*[B-Font]RSA\f[]
718 \f\*[B-Font]DSA\f[]
720 \f\*[B-Font]DSA\f[]
723 \f\*[B-Font]RSA-MD5\f[].
724 If compatibility with FIPS 140-2 is required, either the
725 \f\*[B-Font]DSA-SHA\f[]
727 \f\*[B-Font]DSA-SHA1\f[]
730 .NOP \f\*[B-Font]\-C\f[] \f\*[B-Font]\-\-cipher\f[]= \f\*[I-Font]cipher\f[]
731 Select the OpenSSL cipher to encrypt the files containing private keys.
732 The default without this option is three-key triple DES in CBC mode,
733 \f\*[B-Font]des-ede3-cbc\f[].
735 \f\*[B-Font]openssl\f[] \f\*[B-Font]\-h\f[]
738 .NOP \f\*[B-Font]\-d\f[] \f\*[B-Font]\-\-debug-level\f[]
740 This option displays the cryptographic data produced in eye-friendly billboards.
742 .NOP \f\*[B-Font]\-D\f[] \f\*[B-Font]\-\-set-debug-level\f[]= \f\*[I-Font]level\f[]
744 \f\*[I-Font]level\f[].
745 This option displays the cryptographic data produced in eye-friendly billboards.
747 .NOP \f\*[B-Font]\-e\f[] \f\*[B-Font]\-\-id-key\f[]
749 \f\*[B-Font]IFF\f[]
751 \f\*[B-Font]GQ\f[]
753 \f\*[I-Font]IFFkey\f[] \f\*[I-Font]or\f[] \f\*[I-Font]GQkey\f[]
754 client keys file previously specified
759 .NOP \f\*[B-Font]\-G\f[] \f\*[B-Font]\-\-gq-params\f[]
761 \f\*[B-Font]GQ\f[]
762 parameters and key file for the Guillou-Quisquater (GQ) identity scheme.
764 \f\*[B-Font]\-I\f[]
766 \f\*[B-Font]\-V\f[]
769 .NOP \f\*[B-Font]\-H\f[] \f\*[B-Font]\-\-host-key\f[]
771 \f\*[B-Font]RSA\f[]
774 .NOP \f\*[B-Font]\-I\f[] \f\*[B-Font]\-\-iffkey\f[]
776 \f\*[B-Font]IFF\f[]
779 \f\*[B-Font]\-G\f[]
784 .NOP \f\*[B-Font]\-i\f[] \f\*[B-Font]\-\-ident\f[]= \f\*[I-Font]group\f[]
785 Set the optional Autokey group name to
786 \f\*[I-Font]group\f[].
788 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[],
790 \f\*[B-Font]MV\f[]
792 In that role, the default is the host name if no group is provided.
793 The group name, if specified using
794 \f\*[B-Font]\-i\f[]
796 \f\*[B-Font]\-s\f[]
800 \f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[]
801 and should match the group specified via
802 \f\*[B-Font]crypto\f[] \f\*[B-Font]ident\f[]
804 \f\*[B-Font]server\f[] \f\*[B-Font]ident\f[]
807 .NOP \f\*[B-Font]\-l\f[] \f\*[B-Font]\-\-lifetime\f[]= \f\*[I-Font]days\f[]
809 \f\*[I-Font]days\f[].
812 .NOP \f\*[B-Font]\-m\f[] \f\*[B-Font]\-\-modulus\f[]= \f\*[I-Font]bits\f[]
814 \f\*[I-Font]bits\f[].
819 .NOP \f\*[B-Font]\-M\f[] \f\*[B-Font]\-\-md5key\f[]
820 Generate a new symmetric keys file containing 10
821 \f\*[B-Font]MD5\f[]
822 keys, and if OpenSSL is available, 10
823 \f\*[B-Font]SHA\f[]
824 keys.
826 \f\*[B-Font]MD5\f[]
828 \f\*[B-Font]SHA\f[]
833 .NOP \f\*[B-Font]\-p\f[] \f\*[B-Font]\-\-password\f[]= \f\*[I-Font]passwd\f[]
835 \f\*[I-Font]passwd\f[].
838 \f\*[B-Font]hostname\f[]
841 .NOP \f\*[B-Font]\-P\f[] \f\*[B-Font]\-\-pvt-cert\f[]
843 \f\*[B-Font]PC\f[]
848 .NOP \f\*[B-Font]\-q\f[] \f\*[B-Font]\-\-export-passwd\f[]= \f\*[I-Font]passwd\f[]
850 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[] \f\*[B-Font]and\f[] \f\*[B-Font]MV\f[]
854 \f\*[I-Font]passwd\f[].
856 \f\*[B-Font]\-p\f[]
858 \f\*[B-Font]\-q\f[]
861 \f\*[B-Font]hostname\f[]
864 .NOP \f\*[B-Font]\-s\f[] \f\*[B-Font]\-\-subject-key\f[]= [host] [@@ \f\*[I-Font]group\f[]]
866 \f\*[I-Font]host\f[]
868 \f\*[I-Font]group\f[]
869 is the optional group name.
870 The host name, and if provided, group name are used in
871 \f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[]
874 \f\*[B-Font]\-s\f[] \f\*[B-Font]\-@@\f[] \f\*[I-Font]group\f[]
876 \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[].
877 The group name, or if no group is provided, the host name are also used in the
879 \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[],
881 \f\*[B-Font]MV\f[]
884 \f\*[I-Font]host\f[]
886 \f\*[B-Font]hostname\f[]
889 .NOP \f\*[B-Font]\-S\f[] \f\*[B-Font]\-\-sign-key\f[]= [\f\*[B-Font]RSA\f[] | \f\*[B-Font]DSA\f[]]
892 If compatibility with FIPS 140-2 is required, the sign key type must be
893 \f\*[B-Font]DSA\f[].
895 .NOP \f\*[B-Font]\-T\f[] \f\*[B-Font]\-\-trusted-cert\f[]
897 By default, the program generates a non-trusted certificate.
899 .NOP \f\*[B-Font]\-V\f[] \f\*[B-Font]\-\-mv-params\f[] \f\*[I-Font]nkeys\f[]
901 \f\*[I-Font]nkeys\f[]
902 encrypted server keys and parameters for the Mu-Varadharajan (MV)
905 \f\*[B-Font]\-I\f[]
907 \f\*[B-Font]\-G\f[]
914 the internal pseudo-random number generator used
918 \f\*[B-Font]ntp-keygen\fP
929 can be used to do this and some systems have built-in entropy sources.
940 \f\*[B-Font]ntp-keygen\fP
944 \f\*[B-Font]randfile\f[]
946 \f\*[B-Font]crypto\f[]
949 \f\*[B-Font]ntp-keygen\fP
963 \f\*[B-Font]ntp-keygen\fP
977 \fIntpkey_\f[]\f\*[I-Font]key\f[] \f\*[I-Font]_\f[] \f\*[I-Font]name\f[]. \f\*[I-Font]filestamp\f[],
979 \f\*[I-Font]key\f[]
981 \f\*[I-Font]name\f[]
982 is the host or group name and
983 \f\*[I-Font]filestamp\f[]
986 \f\*[I-Font]key\f[]
989 \f\*[I-Font]key\f[]
998 \f\*[B-Font]ntp-keygen\fP
1006 rules, then encrypted if necessary, and finally written in PEM-encoded
1011 The format of the symmetric keys file, ordinarily named
1012 \fIntp.keys\f[],
1029 9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
1041 .in -4
1045 .in -4
1049 Figure 1 shows a typical symmetric keys file used by the reference
1051 Following the header the keys are entered one per line in the format
1053 \f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
1054 .in -4
1056 \f\*[I-Font]keyno\f[]
1057 is a positive integer in the range 1-65535;
1058 \f\*[I-Font]type\f[]
1061 \f\*[B-Font]MD5\f[]
1065 however, if compatibility with FIPS 140-2 is required,
1067 \f\*[B-Font]SHA\f[]
1069 \f\*[B-Font]SHA1\f[];
1070 \f\*[I-Font]key\f[]
1083 An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which
1088 Note that the keys used by the
1094 and entered by hand, so it is generally appropriate to specify these keys
1100 \f\*[B-Font]ntp-keygen\fP
1101 program generates a symmetric keys file
1102 \fIntpkey_MD5key_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[].
1103 Since the file contains private shared keys,
1107 \fIntp.keys\f[],
1109 \f\*[B-Font]ntp-keygen\fP
1122 .NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]imbits\f[], \f\*[B-Font]\-\-imbits\f[]=\f\*[I-Font]imbits\f[]
1126 \f\*[I-Font]imbits\f[]
1133 .in -4
1137 .NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[], \f\*[B-Font]\-\-certificate\f[]=\f\*[I-Font]scheme\f[]
1141 RSA-MD2, RSA-MD5, RSA-MDC2, RSA-SHA, RSA-SHA1, RSA-RIPEMD160,
1142 DSA-SHA, or DSA-SHA1.
1147 this option is RSA-MD5.
1149 .NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]cipher\f[], \f\*[B-Font]\-\-cipher\f[]=\f\*[I-Font]cipher\f[]
1153 private keys. The default is three-key triple DES in CBC mode,
1154 equivalent to "\fB-C des-ede3-cbc\fP". The openssl tool lists ciphers
1155 available in "\fBopenssl \-h\fP" output.
1157 .NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
1162 .NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
1168 .NOP \f\*[B-Font]\-e\f[], \f\*[B-Font]\-\-id\-key\f[]
1169 Write IFF or GQ identity keys.
1171 Write the public parameters from the IFF or GQ client keys to
1175 .NOP \f\*[B-Font]\-G\f[], \f\*[B-Font]\-\-gq\-params\f[]
1176 Generate GQ parameters and keys.
1178 Generate parameters and keys for the GQ identification scheme,
1181 .NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-host\-key\f[]
1184 Generate new host keys, obsoleting any that may exist.
1186 .NOP \f\*[B-Font]\-I\f[], \f\*[B-Font]\-\-iffkey\f[]
1192 .NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[], \f\*[B-Font]\-\-ident\f[]=\f\*[I-Font]group\f[]
1193 set Autokey group name.
1195 Set the optional Autokey group name to name. This is used in
1198 provided. The group name, if specified using \fB-i/--ident\fP or
1199 using \fB-s/--subject-name\fP following an '\fB@@\fP' character,
1200 is also a part of the self-signed host certificate subject and
1201 issuer names in the form \fBhost@@group\fP and should match the
1205 .NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]lifetime\f[], \f\*[B-Font]\-\-lifetime\f[]=\f\*[I-Font]lifetime\f[]
1211 .NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]modulus\f[], \f\*[B-Font]\-\-modulus\f[]=\f\*[I-Font]modulus\f[]
1215 \f\*[I-Font]modulus\f[]
1222 .in -4
1226 .NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-md5key\f[]
1227 generate symmetric keys.
1229 Generate symmetric keys, obsoleting any that may exist.
1231 .NOP \f\*[B-Font]\-P\f[], \f\*[B-Font]\-\-pvt\-cert\f[]
1237 .NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-password\f[]=\f\*[I-Font]passwd\f[]
1241 DES-CBC algorithm and the specified password. The same password
1246 .NOP \f\*[B-Font]\-q\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-export\-passwd\f[]=\f\*[I-Font]passwd\f[]
1247 export IFF or GQ group keys with password.
1249 Export IFF or GQ identity group keys to the standard output,
1250 encrypted with the DES-CBC algorithm and the specified password.
1253 --id-key (-e) for unencrypted exports.
1255 .NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]host@group\f[], \f\*[B-Font]\-\-subject\-name\f[]=\f\*[I-Font]host@group\f[]
1256 set host and optionally group name.
1258 Set the Autokey host name, and optionally, group name specified
1261 group name. The host name, and if provided, group name are used
1262 in \fBhost@@group\fP form for the host certificate subject and issuer
1263 fields. Specifying '\fB-s @@group\fP' is allowed, and results in
1264 leaving the host name unchanged while appending \fB@@group\fP to the
1265 subject and issuer fields, as with \fB-i group\fP. The group name, or
1269 .NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]sign\f[], \f\*[B-Font]\-\-sign\-key\f[]=\f\*[I-Font]sign\f[]
1276 .NOP \f\*[B-Font]\-T\f[], \f\*[B-Font]\-\-trusted\-cert\f[]
1280 a non-trusted certificate.
1282 .NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-params\f[]=\f\*[I-Font]num\f[]
1286 Generate parameters and keys for the Mu-Varadharajan (MV)
1289 .NOP \f\*[B-Font]\-v\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-keys\f[]=\f\*[I-Font]num\f[]
1290 update <num> MV keys.
1295 .NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
1298 .NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
1301 .NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
1306 .NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
1308 The \fIno-load-opts\fP form will disable the loading
1309 of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
1312 .NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
1322 \fBNTP_KEYGEN_<option-name>\fP or \fBNTP_KEYGEN\fP
1349 it to autogen-users@lists.sourceforge.net. Thank you.
1354 Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved.
1371 This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP