Lines Matching +full:key +full:- +full:up
1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
3 <!-- Created by GNU Texinfo 6.6, http://www.gnu.org/software/texinfo/ -->
5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
6 <title>Ntp-keygen User’s Manual</title>
8 <meta name="description" content="Ntp-keygen User’s Manual">
9 <meta name="keywords" content="Ntp-keygen User’s Manual">
10 <meta name="resource-type" content="document">
14 <link href="dir.html#Top" rel="up" title="(dir)">
16 <!--
17 a.summary-letter {text-decoration: none}
18 blockquote.indentedblock {margin-right: 0em}
19 div.display {margin-left: 3.2em}
20 div.example {margin-left: 3.2em}
21 div.lisp {margin-left: 3.2em}
22 kbd {font-style: oblique}
23 pre.display {font-family: inherit}
24 pre.format {font-family: inherit}
25 pre.menu-comment {font-family: serif}
26 pre.menu-preformatted {font-family: serif}
27 span.nolinebreak {white-space: nowrap}
28 span.roman {font-family: initial; font-weight: normal}
29 span.sansserif {font-family: sans-serif; font-weight: normal}
30 ul.no-bullet {list-style: none}
31 -->
38 <h1 class="settitle" align="center">Ntp-keygen User’s Manual</h1>
45 <h2 class="shortcontents-heading">Short Table of Contents</h2>
48 <ul class="no-bullet">
49 <li><a id="stoc-Description-1" href="#toc-Description-1">1 Description</a></li>
57 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-Invocation" accesskey="2">ntp-keygen Invocation</a></td><td> </td><td align="left" valign="top">Invoking ntp-keygen
59 <tr><td align="left" valign="top">• <a href="#Running-the-Program" accesskey="3">Running the Program</a></td><td> </td><td align="left" valign="top">
61 <tr><td align="left" valign="top">• <a href="#Random-Seed-File" accesskey="4">Random Seed File</a></td><td> </td><td align="left" valign="top">
63 <tr><td align="left" valign="top">• <a href="#Cryptographic-Data-Files" accesskey="5">Cryptographic Data Files</a></td><td> </td><td align="left" valign="top">
69 Next: <a href="#Description" accesskey="n" rel="next">Description</a>, Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href="dir.html#Top" accesskey="u" rel="up">(dir)</a> </p>
71 <span id="NTP-Key-Generation-Program-User-Manual"></span><h1 class="top">NTP Key Generation Program User Manual</h1>
73 <p>This document describes the use of the NTP Project’s <code>ntp-keygen</code>
76 It can generate message digest keys used in symmetric key cryptography and,
80 public key cryptography.
83 All other files are in PEM-encoded
87 <p>This document applies to version 4.2.8p18 of <code>ntp-keygen</code>.
97 Next: <a href="#Running-the-Program" accesskey="n" rel="next">Running the Program</a>, Previous: <a href="#Top" accesskey="p" rel="prev">Top</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> </p>
99 <span id="Description-1"></span><h2 class="chapter">1 Description</h2>
103 keys used in symmetric key cryptography and, if the OpenSSL software
106 public key cryptography. The message digest keys file is generated in a
107 format compatible with NTPv3. All other files are in PEM-encoded
112 containing ten pseudo-random printable ASCII strings suitable for the
115 OpenSSL library is installed, it produces an additional ten hex-encoded
125 applications and other Public Key Infrastructure (PKI) resources.
133 The <code>-p</code> option specifies the password for local encrypted files and the
134 <code>-q</code> option the password for encrypted files sent to remote sites.
153 NFS-mounted networks and cannot be changed by shared clients.
165 as described in the <a href="#Cryptographic-Data-Files">Cryptographic Data Files</a> section below.
168 <tr><td align="left" valign="top">• <a href="#Running-the-Program" accesskey="1">Running the Program</a></td><td> </td><td align="left" valign="top">
170 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-Invocation" accesskey="2">Invoking ntp-keygen</a></td><td> </td><td align="left" valign="top">
172 <tr><td align="left" valign="top">• <a href="#Random-Seed-File" accesskey="3">Random Seed File</a></td><td> </td><td align="left" valign="top">
174 <tr><td align="left" valign="top">• <a href="#Cryptographic-Data-Files" accesskey="4">Cryptographic Data Files</a></td><td> </td><td align="left" valign="top">
179 <span id="Running-the-Program"></span><div class="header">
181 Next: <a href="#Random-Seed-File" accesskey="n" rel="next">Random Seed File</a>, Previous: <a href="#Description" accesskey="p" rel="prev">Description</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> </p>
183 <span id="Running-the-Program-1"></span><h3 class="section">1.1 Running the Program</h3>
189 removed, use the <code>ntp-keygen</code> command without arguments to generate a
190 default RSA host key and matching RSA-MD5 certificate with expiration
197 Designate one of them as the trusted host (TH) using <code>ntp-keygen</code>
198 with the <code>-T</code> option and configure
206 <p>The host key is used to encrypt the cookie when required and so must be
208 By default, the host key is also the sign key used to encrypt signatures.
209 A different sign key can be assigned using the <code>-S</code> option
212 message digest type is MD5, but any combination of sign key type and
214 using the <code>-c</code> option.
219 This of course creates a chicken-and-egg problem
222 should be set by some other means, such as eyeball-and-wristwatch, at
225 certificate should be re-generated.
228 Autokey Public-Key Authentication page.
231 <span id="ntp_002dkeygen-Invocation"></span><div class="header">
233 Next: <a href="#Random-Seed-File" accesskey="n" rel="next">Random Seed File</a>, Previous: <a href="#Running-the-Program" accesskey="p" rel="prev">Running the Program</a>, Up: <a href="#Description" accesskey="u" rel="up">Description</a> </p>
235 <span id="Invoking-ntp_002dkeygen"></span><h3 class="section">1.2 Invoking ntp-keygen</h3>
236 <span id="index-ntp_002dkeygen"></span>
237 <span id="index-Create-a-NTP-host-key"></span>
243 It can generate message digest keys used in symmetric key cryptography and,
246 public key cryptography.
253 All other files are in PEM-encoded printable ASCII format,
259 produces a file containing ten pseudo-random printable ASCII strings
263 hex-encoded random bit strings suitable for SHA1, AES-128-CMAC, and
275 applications and other Public Key Infrastructure (PKI) resources.
284 <code>-p</code>
286 <code>-q</code>
293 <code>ntp-keygen</code>
326 NFS-mounted networks and cannot be changed by shared clients.
346 <a href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
350 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-usage" accesskey="1">ntp-keygen help/usage (<samp>--help</samp>)</a></td><td> </td><td align="left" valign="top">
352 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-imbits" accesskey="2">imbits option (-b)</a></td><td> </td><td align="left" valign="top">
354 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-certificate" accesskey="3">certificate option (-c)</a></td><td> </td><td align="left" valign="top">
356 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-cipher" accesskey="4">cipher option (-C)</a></td><td> </td><td align="left" valign="top">
358 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-id_002dkey" accesskey="5">id-key option (-e)</a></td><td> </td><td align="left" valign="top">
360 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-gq_002dparams" accesskey="6">gq-params option (-G)</a></td><td> </td><td align="left" valign="top">
362 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-host_002dkey" accesskey="7">host-key option (-H)</a></td><td> </td><td align="left" valign="top">
364 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-iffkey" accesskey="8">iffkey option (-I)</a></td><td> </td><td align="left" valign="top">
366 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-ident" accesskey="9">ident option (-i)</a></td><td> </td><td align="left" valign="top">
368 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-lifetime">lifetime option (-l)</a></td><td> </td><td align="left" valign="top">
370 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-modulus">modulus option (-m)</a></td><td> </td><td align="left" valign="top">
372 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-md5key">md5key option (-M)</a></td><td> </td><td align="left" valign="top">
374 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-pvt_002dcert">pvt-cert option (-P)</a></td><td> </td><td align="left" valign="top">
376 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-password">password option (-p)</a></td><td> </td><td align="left" valign="top">
378 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-export_002dpasswd">export-passwd option (-q)</a></td><td> </td><td align="left" valign="top">
380 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-subject_002dname">subject-name option (-s)</a></td><td> </td><td align="left" valign="top">
382 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-sign_002dkey">sign-key option (-S)</a></td><td> </td><td align="left" valign="top">
384 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-trusted_002dcert">trusted-cert option (-T)</a></td><td> </td><td align="left" valign="top">
386 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-mv_002dparams">mv-params option (-V)</a></td><td> </td><td align="left" valign="top">
388 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-mv_002dkeys">mv-keys option (-v)</a></td><td> </td><td align="left" valign="top">
390 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-config">presetting/configuring ntp-keygen</a></td><td> </td><td align="left" valign="top">
392 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a></td><td> </td><td align="left" valign="top">
394 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a></td><td> </td><td align="left" valign="top">
396 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a></td><td> </td><td align="left" valign="top">
398 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a></td><td> </td><td align="left" valign="top">
402 <span id="Running-the-Program-2"></span><h4 class="subsection">1.2.1 Running the Program</h4>
404 <code>ntp-keygen</code>
420 <code>ntp-keygen</code>
423 host key and matching
424 <code>RSA-MD5</code>
433 <p>The host key is used to encrypt the cookie when required and so must be
436 By default, the host key is also the sign key used to encrypt signatures.
437 When necessary, a different sign key can be specified and this can be
446 of sign key type and message digest type supported by the OpenSSL library
453 with the sign key.
465 <p>Private/public key files and certificates are compatible with
488 <p>Installing the keys as root might not work in NFS-mounted
509 The owner name is also used for the host and sign key files,
515 in NFS-mounted networks.
524 including the host key, sign key and identification parameters,
525 are permitted root read/write-only;
555 <code>ntp-keygen</code>
564 <code>ntp-keygen</code>
566 <code>-T</code>
575 <p>The host key is used to encrypt the cookie when required and so must be
577 By default, the host key is also the sign key used to encrypt
579 A different sign key can be assigned using the
580 <code>-S</code>
589 but any combination of sign key type and
592 <code>-c</code>
598 This of course creates a chicken-and-egg problem
601 should be set by some other means, such as eyeball-and-wristwatch, at
604 certificate should be re-generated.
607 “Autokey Public-Key Authentication”
634 <span id="Trusted-Hosts-and-Groups"></span><h4 class="subsubsection">1.2.1.1 Trusted Hosts and Groups</h4>
649 First, configure a NTP subnet including one or more low-stratum
669 <code>ntp-keygen</code>
670 <code>-T</code>
673 <code>-T</code>
676 and working up the tree.
678 throughout the subnet, but setting up the environment is completely automatic.
680 <p>If it is necessary to use a different sign key or different digest/signature
682 <code>ntp-keygen</code>
684 <code>-S</code> <kbd>type</kbd>
692 <code>DSA</code>-signed
696 <code>ntp-keygen</code>
698 <code>-c</code> <kbd>scheme</kbd>
703 <code>ntp-keygen</code>
705 using the same scheme and sign key, and soft link.
707 <p>After setting up the environment it is advisable to update certificates
710 <code>ntp-keygen</code>
713 However, if the host or sign key is changed,
722 <span id="Identity-Schemes"></span><h4 class="subsubsection">1.2.1.2 Identity Schemes</h4>
749 only as clients have key files that contain only client keys.
753 <code>ntp-keygen</code>
754 <code>-P</code>
755 <code>-p</code> <kbd>password</kbd>
756 to generate the host key file
759 <samp>ntpkey</samp>_ <code>RSA-MD5</code> <code>_</code> <samp>cert_alice.</samp> <kbd>filestamp</kbd>,
767 to the host key file and soft link
786 <code>ntp-keygen</code>
787 <code>-T</code>
788 <code>-I</code>
789 <code>-p</code> <kbd>password</kbd>
809 <code>ntp-keygen</code>
810 <code>-e</code>
829 <code>ntp-keygen</code>
830 <code>-T</code>
831 <code>-G</code>
832 <code>-p</code> <kbd>password</kbd>
862 <code>ntp-keygen</code>
863 <code>-V</code> <kbd>n</kbd>
864 <code>-p</code> <kbd>password</kbd>,
870 and client key files
874 is the key number (0 <
882 Copy one of the client key files to alice for later distribution
884 It does not matter which client key file goes to alice,
886 Alice copies the client key file to all of her clients.
889 to the client key file.
895 <span id="Command-Line-Options"></span><h4 class="subsubsection">1.2.1.3 Command Line Options</h4>
897 <dt><code>-b</code> <code>--imbits</code>= <kbd>modulus</kbd></dt>
906 <dt><code>-c</code> <code>--certificate</code>= <kbd>scheme</kbd></dt>
911 <code>RSA-MD2</code>, <code>RSA-MD5</code>, <code>RSA-MDC2</code>, <code>RSA-SHA</code>, <code>RSA-SHA1</code>, <code>RSA-RIPEMD160</code>, <code>DSA-SHA</code>,
913 <code>DSA-SHA1</code>.
918 sign key and
922 sign key.
924 <code>RSA-MD5</code>.
925 If compatibility with FIPS 140-2 is required, either the
926 <code>DSA-SHA</code>
928 <code>DSA-SHA1</code>
931 <dt><code>-C</code> <code>--cipher</code>= <kbd>cipher</kbd></dt>
933 The default without this option is three-key triple DES in CBC mode,
934 <code>des-ede3-cbc</code>.
936 <code>openssl</code> <code>-h</code>
939 <dt><code>-d</code> <code>--debug-level</code></dt>
941 This option displays the cryptographic data produced in eye-friendly billboards.
943 <dt><code>-D</code> <code>--set-debug-level</code>= <kbd>level</kbd></dt>
946 This option displays the cryptographic data produced in eye-friendly billboards.
948 <dt><code>-e</code> <code>--id-key</code></dt>
958 This is intended for automatic key distribution by email.
960 <dt><code>-G</code> <code>--gq-params</code></dt>
963 parameters and key file for the Guillou-Quisquater (GQ) identity scheme.
965 <code>-I</code>
967 <code>-V</code>
970 <dt><code>-H</code> <code>--host-key</code></dt>
973 public/private host key file.
975 <dt><code>-I</code> <code>--iffkey</code></dt>
978 key file for the Schnorr (IFF) identity scheme.
980 <code>-G</code>
985 <dt><code>-i</code> <code>--ident</code>= <kbd>group</kbd></dt>
995 <code>-i</code>
997 <code>-s</code>
1008 <dt><code>-l</code> <code>--lifetime</code>= <kbd>days</kbd></dt>
1013 <dt><code>-m</code> <code>--modulus</code>= <kbd>bits</kbd></dt>
1020 <dt><code>-M</code> <code>--md5key</code></dt>
1028 key is a string of 20 random printable ASCII characters, while a
1030 key is a string of 40 random hex digits.
1031 The file can be edited using a text editor to change the key type or key content.
1034 <dt><code>-p</code> <code>--password</code>= <kbd>passwd</kbd></dt>
1037 These include the host, sign and identify key files.
1042 <dt><code>-P</code> <code>--pvt-cert</code></dt>
1049 <dt><code>-q</code> <code>--export-passwd</code>= <kbd>passwd</kbd></dt>
1057 <code>-p</code>
1059 <code>-q</code>
1065 <dt><code>-s</code> <code>--subject-key</code>= <code>[host]</code> <code>[@ <kbd>group</kbd>]</code></dt>
1075 <code>-s</code> <code>-@</code> <kbd>group</kbd>
1077 <code>-i</code> <kbd>group</kbd>.
1090 <dt><code>-S</code> <code>--sign-key</code>= <code>[<code>RSA</code> | <code>DSA</code>]</code></dt>
1091 <dd><p>Generate a new encrypted public/private sign key file of the specified type.
1092 By default, the sign key is the host key and has the same type.
1093 If compatibility with FIPS 140-2 is required, the sign key type must be
1096 <dt><code>-T</code> <code>--trusted-cert</code></dt>
1098 By default, the program generates a non-trusted certificate.
1100 <dt><code>-V</code> <code>--mv-params</code> <kbd>nkeys</kbd></dt>
1103 encrypted server keys and parameters for the Mu-Varadharajan (MV)
1106 <code>-I</code>
1108 <code>-G</code>
1114 <span id="Random-Seed-File-1"></span><h4 class="subsubsection">1.2.1.4 Random Seed File</h4>
1115 <p>All cryptographically sound key generation schemes must have means
1117 the internal pseudo-random number generator used
1121 <code>ntp-keygen</code>
1130 can be used to do this and some systems have built-in entropy sources.
1139 <code>ntp-keygen</code>
1148 <code>ntp-keygen</code>
1162 <code>ntp-keygen</code>
1173 <span id="Cryptographic-Data-Files-1"></span><h4 class="subsubsection">1.2.1.5 Cryptographic Data Files</h4>
1177 <samp>ntpkey_</samp><kbd>key</kbd> <kbd>_</kbd> <kbd>name</kbd>. <kbd>filestamp</kbd>,
1179 <kbd>key</kbd>
1180 is the key or parameter type,
1186 <kbd>key</kbd>
1189 <kbd>key</kbd>
1198 <code>ntp-keygen</code>
1204 rules, then encrypted if necessary, and finally written in PEM-encoded
1215 1 MD5 L";Nw<\`.I<f4U0)247"i # MD5 key
1216 2 MD5 &>l0%XXK9O'51VwV<xq~ # MD5 key
1217 3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
1218 4 MD5 Yue:tL[+vR)M\`n~bY,'? # MD5 key
1219 5 MD5 B;fx'Kgr/&4ZTbL6=RxA # MD5 key
1220 6 MD5 4eYwa\`o@}3i@@@@V@@..R9!l # MD5 key
1221 7 MD5 \`A.([h+;wTQ|xfi%Sn_! # MD5 key
1222 8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
1223 9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
1224 10 MD5 2late4Me # MD5 key
1225 11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
1226 12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
1227 13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
1228 14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
1229 15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
1230 16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
1231 17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
1232 18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
1233 19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
1234 20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
1236 <pre class="example">Figure 1. Typical Symmetric Key File
1243 <pre class="example"><kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd>
1247 is a positive integer in the range 1-65535;
1249 is the key type for the message digest algorithm, which in the absence of the
1253 if the OpenSSL library is installed, the key type can be any
1255 however, if compatibility with FIPS 140-2 is required,
1256 the key type must be either
1260 <kbd>key</kbd>
1261 is the key itself,
1273 An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which
1286 <code>ntp-keygen</code>
1295 <code>ntp-keygen</code>
1308 using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp-keygen</code> program.
1312 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-usage" accesskey="1">ntp-keygen usage</a></td><td> </td><td align="left" valign="top">ntp-keygen help/usage (<samp>--help</samp>)
1314 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-imbits" accesskey="2">ntp-keygen imbits</a></td><td> </td><td align="left" valign="top">imbits option (-b)
1316 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-certificate" accesskey="3">ntp-keygen certificate</a></td><td> </td><td align="left" valign="top">certificate option (-c)
1318 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-cipher" accesskey="4">ntp-keygen cipher</a></td><td> </td><td align="left" valign="top">cipher option (-C)
1320 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-id_002dkey" accesskey="5">ntp-keygen id-key</a></td><td> </td><td align="left" valign="top">id-key option (-e)
1322 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-gq_002dparams" accesskey="6">ntp-keygen gq-params</a></td><td> </td><td align="left" valign="top">gq-params option (-G)
1324 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-host_002dkey" accesskey="7">ntp-keygen host-key</a></td><td> </td><td align="left" valign="top">host-key option (-H)
1326 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-iffkey" accesskey="8">ntp-keygen iffkey</a></td><td> </td><td align="left" valign="top">iffkey option (-I)
1328 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-ident" accesskey="9">ntp-keygen ident</a></td><td> </td><td align="left" valign="top">ident option (-i)
1330 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a></td><td> </td><td align="left" valign="top">lifetime option (-l)
1332 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a></td><td> </td><td align="left" valign="top">modulus option (-m)
1334 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a></td><td> </td><td align="left" valign="top">md5key option (-M)
1336 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a></td><td> </td><td align="left" valign="top">pvt-cert option (-P)
1338 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-password">ntp-keygen password</a></td><td> </td><td align="left" valign="top">password option (-p)
1340 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-export_002dpasswd">ntp-keygen export-passwd</a></td><td> </td><td align="left" valign="top">export-passwd option (-q)
1342 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a></td><td> </td><td align="left" valign="top">subject-name option (-s)
1344 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a></td><td> </td><td align="left" valign="top">sign-key option (-S)
1346 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a></td><td> </td><td align="left" valign="top">trusted-cert option (-T)
1348 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a></td><td> </td><td align="left" valign="top">mv-params option (-V)
1350 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a></td><td> </td><td align="left" valign="top">mv-keys option (-v)
1352 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-config">ntp-keygen config</a></td><td> </td><td align="left" valign="top">presetting/configuring ntp-keygen
1354 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a></td><td> </td><td align="left" valign="top">exit status
1356 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a></td><td> </td><td align="left" valign="top">Usage
1358 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a></td><td> </td><td align="left" valign="top">Notes
1360 <tr><td align="left" valign="top">• <a href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a></td><td> </td><td align="left" valign="top">Bugs
1365 <span id="ntp_002dkeygen-usage"></span><div class="header">
1367 Next: <a href="#ntp_002dkeygen-imbits" accesskey="n" rel="next">ntp-keygen imbits</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1369 <span id="ntp_002dkeygen-help_002fusage-_0028_002d_002dhelp_0029"></span><h4 class="subsection">1.2.2 ntp-keygen help/usage (<samp>--help</samp>)</h4>
1370 <span id="index-ntp_002dkeygen-help"></span>
1372 <p>This is the automatically generated usage text for ntp-keygen.
1375 (<samp>--help</samp>) or the <code>more-help</code> option (<samp>--more-help</samp>). <code>more-help</code> will print
1377 <code>more-help</code> is disabled on platforms without a working
1383 <pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p18
1384 Usage: ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
1385 Flg Arg Option-Name Description
1386 -b Num imbits identity modulus bits
1387 - it must be in the range:
1389 -c Str certificate certificate scheme
1390 -C Str cipher privatekey cipher
1391 -d no debug-level Increase debug verbosity level
1392 - may appear multiple times
1393 -D Num set-debug-level Set the debug verbosity level
1394 - may appear multiple times
1395 -e no id-key Write IFF or GQ identity keys
1396 -G no gq-params Generate GQ parameters and keys
1397 -H no host-key generate RSA host key
1398 -I no iffkey generate IFF parameters
1399 -i Str ident set Autokey group name
1400 -l Num lifetime set certificate lifetime
1401 -m Num modulus prime modulus
1402 - it must be in the range:
1404 -M no md5key generate symmetric keys
1405 -P no pvt-cert generate PC private certificate
1406 -p Str password local private password
1407 -q Str export-passwd export IFF or GQ group keys with password
1408 -s Str subject-name set host and optionally group name
1409 -S Str sign-key generate sign key (RSA or DSA)
1410 -T no trusted-cert trusted certificate (TC scheme)
1411 -V Num mv-params generate <num> MV parameters
1412 -v Num mv-keys update <num> MV keys
1414 -? no help display extended usage information and exit
1415 -! no more-help extended usage information passed thru pager
1416 -> opt save-opts save the option state to a config file
1417 -< Str load-opts load options from a config file
1418 - disabled as '--no-load-opts'
1419 - may appear multiple times
1426 - reading file $HOME/.ntprc
1427 - reading file ./.ntprc
1428 - examining environment variables named NTP_KEYGEN_*
1434 <span id="ntp_002dkeygen-imbits"></span><div class="header">
1436 Next: <a href="#ntp_002dkeygen-certificate" accesskey="n" rel="next">ntp-keygen certificate</a>, Previous: <a href="#ntp_002dkeygen-usage" accesskey="p" rel="prev">ntp-keygen usage</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1438 <span id="imbits-option-_0028_002db_0029"></span><h4 class="subsection">1.2.3 imbits option (-b)</h4>
1439 <span id="index-ntp_002dkeygen_002dimbits"></span>
1451 <span id="ntp_002dkeygen-certificate"></span><div class="header">
1453 Next: <a href="#ntp_002dkeygen-cipher" accesskey="n" rel="next">ntp-keygen cipher</a>, Previous: <a href="#ntp_002dkeygen-imbits" accesskey="p" rel="prev">ntp-keygen imbits</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1455 <span id="certificate-option-_0028_002dc_0029"></span><h4 class="subsection">1.2.4 certificate option (-c)</h4>
1456 <span id="index-ntp_002dkeygen_002dcertificate"></span>
1467 RSA-MD2, RSA-MD5, RSA-MDC2, RSA-SHA, RSA-SHA1, RSA-RIPEMD160,
1468 DSA-SHA, or DSA-SHA1.
1471 Note that RSA schemes must be used with a RSA sign key and DSA
1472 schemes must be used with a DSA sign key. The default without
1473 this option is RSA-MD5.
1475 <span id="ntp_002dkeygen-cipher"></span><div class="header">
1477 Next: <a href="#ntp_002dkeygen-id_002dkey" accesskey="n" rel="next">ntp-keygen id-key</a>, Previous: <a href="#ntp_002dkeygen-certificate" accesskey="p" rel="prev">ntp-keygen certificate</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1479 <span id="cipher-option-_0028_002dC_0029"></span><h4 class="subsection">1.2.5 cipher option (-C)</h4>
1480 <span id="index-ntp_002dkeygen_002dcipher"></span>
1491 private keys. The default is three-key triple DES in CBC mode,
1492 equivalent to "<code>-C des-ede3-cbc</code>". The openssl tool lists ciphers
1493 available in "<code>openssl -h</code>" output.
1495 <span id="ntp_002dkeygen-id_002dkey"></span><div class="header">
1497 Next: <a href="#ntp_002dkeygen-gq_002dparams" accesskey="n" rel="next">ntp-keygen gq-params</a>, Previous: <a href="#ntp_002dkeygen-cipher" accesskey="p" rel="prev">ntp-keygen cipher</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1499 <span id="id_002dkey-option-_0028_002de_0029"></span><h4 class="subsection">1.2.6 id-key option (-e)</h4>
1500 <span id="index-ntp_002dkeygen_002did_002dkey"></span>
1511 This is intended for automatic key distribution by email.
1513 <span id="ntp_002dkeygen-gq_002dparams"></span><div class="header">
1515 Next: <a href="#ntp_002dkeygen-host_002dkey" accesskey="n" rel="next">ntp-keygen host-key</a>, Previous: <a href="#ntp_002dkeygen-id_002dkey" accesskey="p" rel="prev">ntp-keygen id-key</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1517 <span id="gq_002dparams-option-_0028_002dG_0029"></span><h4 class="subsection">1.2.7 gq-params option (-G)</h4>
1518 <span id="index-ntp_002dkeygen_002dgq_002dparams"></span>
1530 <span id="ntp_002dkeygen-host_002dkey"></span><div class="header">
1532 Next: <a href="#ntp_002dkeygen-iffkey" accesskey="n" rel="next">ntp-keygen iffkey</a>, Previous: <a href="#ntp_002dkeygen-gq_002dparams" accesskey="p" rel="prev">ntp-keygen gq-params</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1534 <span id="host_002dkey-option-_0028_002dH_0029"></span><h4 class="subsection">1.2.8 host-key option (-H)</h4>
1535 <span id="index-ntp_002dkeygen_002dhost_002dkey"></span>
1537 <p>This is the “generate rsa host key” option.
1546 <span id="ntp_002dkeygen-iffkey"></span><div class="header">
1548 Next: <a href="#ntp_002dkeygen-ident" accesskey="n" rel="next">ntp-keygen ident</a>, Previous: <a href="#ntp_002dkeygen-host_002dkey" accesskey="p" rel="prev">ntp-keygen host-key</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1550 <span id="iffkey-option-_0028_002dI_0029"></span><h4 class="subsection">1.2.9 iffkey option (-I)</h4>
1551 <span id="index-ntp_002dkeygen_002diffkey"></span>
1563 <span id="ntp_002dkeygen-ident"></span><div class="header">
1565 Next: <a href="#ntp_002dkeygen-lifetime" accesskey="n" rel="next">ntp-keygen lifetime</a>, Previous: <a href="#ntp_002dkeygen-iffkey" accesskey="p" rel="prev">ntp-keygen iffkey</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1567 <span id="ident-option-_0028_002di_0029"></span><h4 class="subsection">1.2.10 ident option (-i)</h4>
1568 <span id="index-ntp_002dkeygen_002dident"></span>
1581 provided. The group name, if specified using <code>-i/--ident</code> or
1582 using <code>-s/--subject-name</code> following an ’<code>@</code>’ character,
1583 is also a part of the self-signed host certificate subject and
1588 <span id="ntp_002dkeygen-lifetime"></span><div class="header">
1590 Next: <a href="#ntp_002dkeygen-modulus" accesskey="n" rel="next">ntp-keygen modulus</a>, Previous: <a href="#ntp_002dkeygen-ident" accesskey="p" rel="prev">ntp-keygen ident</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1592 <span id="lifetime-option-_0028_002dl_0029"></span><h4 class="subsection">1.2.11 lifetime option (-l)</h4>
1593 <span id="index-ntp_002dkeygen_002dlifetime"></span>
1605 <span id="ntp_002dkeygen-modulus"></span><div class="header">
1607 Next: <a href="#ntp_002dkeygen-md5key" accesskey="n" rel="next">ntp-keygen md5key</a>, Previous: <a href="#ntp_002dkeygen-lifetime" accesskey="p" rel="prev">ntp-keygen lifetime</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1609 <span id="modulus-option-_0028_002dm_0029"></span><h4 class="subsection">1.2.12 modulus option (-m)</h4>
1610 <span id="index-ntp_002dkeygen_002dmodulus"></span>
1622 <span id="ntp_002dkeygen-md5key"></span><div class="header">
1624 Next: <a href="#ntp_002dkeygen-pvt_002dcert" accesskey="n" rel="next">ntp-keygen pvt-cert</a>, Previous: <a href="#ntp_002dkeygen-modulus" accesskey="p" rel="prev">ntp-keygen modulus</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1626 <span id="md5key-option-_0028_002dM_0029"></span><h4 class="subsection">1.2.13 md5key option (-M)</h4>
1627 <span id="index-ntp_002dkeygen_002dmd5key"></span>
1632 <span id="ntp_002dkeygen-pvt_002dcert"></span><div class="header">
1634 Next: <a href="#ntp_002dkeygen-password" accesskey="n" rel="next">ntp-keygen password</a>, Previous: <a href="#ntp_002dkeygen-md5key" accesskey="p" rel="prev">ntp-keygen md5key</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1636 <span id="pvt_002dcert-option-_0028_002dP_0029"></span><h4 class="subsection">1.2.14 pvt-cert option (-P)</h4>
1637 <span id="index-ntp_002dkeygen_002dpvt_002dcert"></span>
1649 <span id="ntp_002dkeygen-password"></span><div class="header">
1651 Next: <a href="#ntp_002dkeygen-export_002dpasswd" accesskey="n" rel="next">ntp-keygen export-passwd</a>, Previous: <a href="#ntp_002dkeygen-pvt_002dcert" accesskey="p" rel="prev">ntp-keygen pvt-cert</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1653 <span id="password-option-_0028_002dp_0029"></span><h4 class="subsection">1.2.15 password option (-p)</h4>
1654 <span id="index-ntp_002dkeygen_002dpassword"></span>
1665 DES-CBC algorithm and the specified password. The same password
1670 <span id="ntp_002dkeygen-export_002dpasswd"></span><div class="header">
1672 Next: <a href="#ntp_002dkeygen-subject_002dname" accesskey="n" rel="next">ntp-keygen subject-name</a>, Previous: <a href="#ntp_002dkeygen-password" accesskey="p" rel="prev">ntp-keygen password</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1674 <span id="export_002dpasswd-option-_0028_002dq_0029"></span><h4 class="subsection">1.2.16 export-passwd option (-q)</h4>
1675 <span id="index-ntp_002dkeygen_002dexport_002dpasswd"></span>
1686 encrypted with the DES-CBC algorithm and the specified password.
1689 –id-key (-e) for unencrypted exports.
1691 <span id="ntp_002dkeygen-subject_002dname"></span><div class="header">
1693 Next: <a href="#ntp_002dkeygen-sign_002dkey" accesskey="n" rel="next">ntp-keygen sign-key</a>, Previous: <a href="#ntp_002dkeygen-export_002dpasswd" accesskey="p" rel="prev">ntp-keygen export-passwd</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1695 <span id="subject_002dname-option-_0028_002ds_0029"></span><h4 class="subsection">1.2.17 subject-name option (-s)</h4>
1696 <span id="index-ntp_002dkeygen_002dsubject_002dname"></span>
1711 fields. Specifying ’<code>-s @group</code>’ is allowed, and results in
1713 subject and issuer fields, as with <code>-i group</code>. The group name, or
1717 <span id="ntp_002dkeygen-sign_002dkey"></span><div class="header">
1719 Next: <a href="#ntp_002dkeygen-trusted_002dcert" accesskey="n" rel="next">ntp-keygen trusted-cert</a>, Previous: <a href="#ntp_002dkeygen-subject_002dname" accesskey="p" rel="prev">ntp-keygen subject-name</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1721 <span id="sign_002dkey-option-_0028_002dS_0029"></span><h4 class="subsection">1.2.18 sign-key option (-S)</h4>
1722 <span id="index-ntp_002dkeygen_002dsign_002dkey"></span>
1724 <p>This is the “generate sign key (rsa or dsa)” option.
1732 <p>Generate a new sign key of the designated type, obsoleting any
1733 that may exist. By default, the program uses the host key as the
1734 sign key.
1736 <span id="ntp_002dkeygen-trusted_002dcert"></span><div class="header">
1738 Next: <a href="#ntp_002dkeygen-mv_002dparams" accesskey="n" rel="next">ntp-keygen mv-params</a>, Previous: <a href="#ntp_002dkeygen-sign_002dkey" accesskey="p" rel="prev">ntp-keygen sign-key</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1740 <span id="trusted_002dcert-option-_0028_002dT_0029"></span><h4 class="subsection">1.2.19 trusted-cert option (-T)</h4>
1741 <span id="index-ntp_002dkeygen_002dtrusted_002dcert"></span>
1751 a non-trusted certificate.
1753 <span id="ntp_002dkeygen-mv_002dparams"></span><div class="header">
1755 Next: <a href="#ntp_002dkeygen-mv_002dkeys" accesskey="n" rel="next">ntp-keygen mv-keys</a>, Previous: <a href="#ntp_002dkeygen-trusted_002dcert" accesskey="p" rel="prev">ntp-keygen trusted-cert</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1757 <span id="mv_002dparams-option-_0028_002dV_0029"></span><h4 class="subsection">1.2.20 mv-params option (-V)</h4>
1758 <span id="index-ntp_002dkeygen_002dmv_002dparams"></span>
1768 <p>Generate parameters and keys for the Mu-Varadharajan (MV)
1771 <span id="ntp_002dkeygen-mv_002dkeys"></span><div class="header">
1773 Next: <a href="#ntp_002dkeygen-config" accesskey="n" rel="next">ntp-keygen config</a>, Previous: <a href="#ntp_002dkeygen-mv_002dparams" accesskey="p" rel="prev">ntp-keygen mv-params</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1775 <span id="mv_002dkeys-option-_0028_002dv_0029"></span><h4 class="subsection">1.2.21 mv-keys option (-v)</h4>
1776 <span id="index-ntp_002dkeygen_002dmv_002dkeys"></span>
1790 <span id="ntp_002dkeygen-config"></span><div class="header">
1792 Next: <a href="#ntp_002dkeygen-exit-status" accesskey="n" rel="next">ntp-keygen exit status</a>, Previous: <a href="#ntp_002dkeygen-mv_002dkeys" accesskey="p" rel="prev">ntp-keygen mv-keys</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1794 <span id="presetting_002fconfiguring-ntp_002dkeygen"></span><h4 class="subsection">1.2.22 presetting/configuring ntp-keygen</h4>
1797 loading values from configuration ("rc" or "ini") files, and values from environment variables named <code>NTP-KEYGEN</code> and <code>NTP-KEYGEN_<OPTION_NAME></code>. <code><OPTION_NAME></code> must be one of
1799 The <code>NTP-KEYGEN</code> variable will be tokenized and parsed like
1810 are expanded and replaced when <samp>ntp-keygen</samp> runs.
1825 <pre class="example">[NTP-KEYGEN]
1829 <pre class="example"><?program ntp-keygen>
1836 <pre class="example"><option-name>
1837 <sub-opt>...&lt;...&gt;...</sub-opt>
1838 </option-name>
1840 <p>yielding an <code>option-name.sub-opt</code> string value of
1850 <span id="version-_0028_002d_0029"></span><h4 class="subsubheading">version (-)</h4>
1870 <span id="ntp_002dkeygen-exit-status"></span><div class="header">
1872 Next: <a href="#ntp_002dkeygen-Usage" accesskey="n" rel="next">ntp-keygen Usage</a>, Previous: <a href="#ntp_002dkeygen-config" accesskey="p" rel="prev">ntp-keygen config</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1874 <span id="ntp_002dkeygen-exit-status-1"></span><h4 class="subsection">1.2.23 ntp-keygen exit status</h4>
1889 it to autogen-users@lists.sourceforge.net. Thank you.
1893 <span id="ntp_002dkeygen-Usage"></span><div class="header">
1895 Next: <a href="#ntp_002dkeygen-Notes" accesskey="n" rel="next">ntp-keygen Notes</a>, Previous: <a href="#ntp_002dkeygen-exit-status" accesskey="p" rel="prev">ntp-keygen exit status</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1897 <span id="ntp_002dkeygen-Usage-1"></span><h4 class="subsection">1.2.24 ntp-keygen Usage</h4>
1899 <span id="ntp_002dkeygen-Notes"></span><div class="header">
1901 Next: <a href="#ntp_002dkeygen-Bugs" accesskey="n" rel="next">ntp-keygen Bugs</a>, Previous: <a href="#ntp_002dkeygen-Usage" accesskey="p" rel="prev">ntp-keygen Usage</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1903 <span id="ntp_002dkeygen-Notes-1"></span><h4 class="subsection">1.2.25 ntp-keygen Notes</h4>
1905 <span id="ntp_002dkeygen-Bugs"></span><div class="header">
1907 Previous: <a href="#ntp_002dkeygen-Notes" accesskey="p" rel="prev">ntp-keygen Notes</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> </p>
1909 <span id="ntp_002dkeygen-Bugs-1"></span><h4 class="subsection">1.2.26 ntp-keygen Bugs</h4>
1912 <span id="Random-Seed-File"></span><div class="header">
1914 Next: <a href="#Cryptographic-Data-Files" accesskey="n" rel="next">Cryptographic Data Files</a>, Previous: <a href="#Running-the-Program" accesskey="p" rel="prev">Running the Program</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> </p>
1916 <span id="Random-Seed-File-2"></span><h3 class="section">1.3 Random Seed File</h3>
1918 <p>All cryptographically sound key generation schemes must have means to
1920 pseudo-random number generator used by the OpenSSL library routines.
1925 starting the <code>ntp-keygen</code> program or <code>ntpd</code> daemon.
1933 Since both the <code>ntp-keygen</code> program and <code>ntpd</code> daemon must run
1940 <span id="Cryptographic-Data-Files"></span><div class="header">
1942 Previous: <a href="#Random-Seed-File" accesskey="p" rel="prev">Random Seed File</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> </p>
1944 <span id="Cryptographic-Data-Files-2"></span><h3 class="section">1.4 Cryptographic Data Files</h3>
1947 where <code>key</code> is the key or parameter type,
1950 By convention, key names in generated file names include both upper and
1951 lower case characters, while key names in generated link names include
1955 <p>The key name is a string defining the cryptographic key type.
1956 Key types include public/private keys host and sign, certificate cert
1957 and several challenge/response key types.
1960 server files for responses have a key subtype, as in the GQ response
1969 using ASN.1 rules, then encrypted using the DES-CBC algorithm with
1970 given password and finally written in PEM-encoded printable ASCII text
1983 1 MD5 "]!ghT%O;3)WJ,/Nc:>I # MD5 key
1984 2 MD5 lu+H^tF46BKR-6~pV_5 # MD5 key
1985 3 MD5 :lnoVsE%Yz*avh%EtNC # MD5 key
1986 4 MD5 |fdZrf0sF~;w-i^V # MD5 key
1987 5 MD5 IyAG>O"y"LmCRS!*bHC # MD5 key
1988 6 MD5 ">e\A>hT/661ri52,,H # MD5 key
1989 7 MD5 c9x=M'CfLxax9v)PV-si # MD5 key
1990 8 MD5 E|=jvFVov?Bn|Ev=&aK\ # MD5 key
1991 9 MD5 T!c4UT&`(m$+m+B6,`Q0 # MD5 key
1992 10 MD5 JVF/1=)=IFbHbJQz..Cd # MD5 key
1993 11 SHA1 6dea311109529e436c2b4fccae9bc753c16d1b48 # SHA1 key
1994 12 SHA1 7076f373d86c4848c59ff8046e49cb7d614ec394 # SHA1 key
1995 13 SHA1 5f48b1b60591eb01b7cf1d33b7774f08d20262d3 # SHA1 key
1996 14 SHA1 eed5ab9d9497319ec60cf3781d52607e76720178 # SHA1 key
1997 15 SHA1 f283562611a04c964da8126296f5f8e58c3f85de # SHA1 key
1998 16 SHA1 1930da171297dd63549af50b29449de17dcf341f # SHA1 key
1999 17 SHA1 fee892110358cd4382322b889869e750db8e8a8f # SHA1 key
2000 18 SHA1 b5520c9fadd7ad3fd8bfa061c8821b65d029bb37 # SHA1 key
2001 19 SHA1 8c74fb440ec80f453ec6aaa62b9baed0ab723b92 # SHA1 key
2002 20 SHA1 6bc05f734306a189326000970c19b3910f403795 # SHA1 key
2005 <p>Figure 1. Typical Symmetric Key File
2010 integer between 1 and 65535, inclusive, representing the key identifier
2012 Next is the key type for the message digest algorithm,
2016 If the OpenSSL library is installed, the key type can be any
2019 compatibility with FIPS 140-2 is required, the key type must be either
2021 The key type can be changed using an ASCII text editor.
2023 <p>An MD5 key consists of a printable ASCII string less than or equal to
2026 key consists of a hex-encoded ASCII string of 40 characters, which is
2035 <p>The <code>ntp-keygen</code> program generates a MD5 symmetric keys file
2040 The NTP daemon loads the file <code>ntp.keys</code>, so <code>ntp-keygen</code>