Lines Matching +full:sense +full:- +full:gain +full:- +full:div

1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
3 <!-- Created by GNU Texinfo 6.6, http://www.gnu.org/software/texinfo/ -->
5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
6 <title>Ntp-keygen User&rsquo;s Manual</title>
8 <meta name="description" content="Ntp-keygen User&rsquo;s Manual">
9 <meta name="keywords" content="Ntp-keygen User&rsquo;s Manual">
10 <meta name="resource-type" content="document">
16 <!--
17 a.summary-letter {text-decoration: none}
18 blockquote.indentedblock {margin-right: 0em}
19 div.display {margin-left: 3.2em}
20 div.example {margin-left: 3.2em}
21 div.lisp {margin-left: 3.2em}
22 kbd {font-style: oblique}
23 pre.display {font-family: inherit}
24 pre.format {font-family: inherit}
25 pre.menu-comment {font-family: serif}
26 pre.menu-preformatted {font-family: serif}
27 span.nolinebreak {white-space: nowrap}
28 span.roman {font-family: initial; font-weight: normal}
29 span.sansserif {font-family: sans-serif; font-weight: normal}
30 ul.no-bullet {list-style: none}
31 -->
38 <h1 class="settitle" align="center">Ntp-keygen User&rsquo;s Manual</h1>
45 <h2 class="shortcontents-heading">Short Table of Contents</h2>
47 <div class="shortcontents">
48 <ul class="no-bullet">
49 <li><a id="stoc-Description-1" href="#toc-Description-1">1 Description</a></li>
51 </div>
57 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-Invocation" accesskey="2">ntp-keygen Invocation</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Invoking ntp-keygen
59 <tr><td align="left" valign="top">&bull; <a href="#Running-the-Program" accesskey="3">Running the Program</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
61 <tr><td align="left" valign="top">&bull; <a href="#Random-Seed-File" accesskey="4">Random Seed File</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
63 <tr><td align="left" valign="top">&bull; <a href="#Cryptographic-Data-Files" accesskey="5">Cryptographic Data Files</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
67 <span id="Top"></span><div class="header">
70 </div>
71 <span id="NTP-Key-Generation-Program-User-Manual"></span><h1 class="top">NTP Key Generation Program User Manual</h1>
73 <p>This document describes the use of the NTP Project&rsquo;s <code>ntp-keygen</code>
83 All other files are in PEM-encoded
87 <p>This document applies to version 4.2.8p18 of <code>ntp-keygen</code>.
95 <span id="Description"></span><div class="header">
97 Next: <a href="#Running-the-Program" accesskey="n" rel="next">Running the Program</a>, Previous: <a href="#Top" accesskey="p" rel="prev">Top</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
98 </div>
99 <span id="Description-1"></span><h2 class="chapter">1 Description</h2>
107 format compatible with NTPv3. All other files are in PEM-encoded
112 containing ten pseudo-random printable ASCII strings suitable for the
115 OpenSSL library is installed, it produces an additional ten hex-encoded
133 The <code>-p</code> option specifies the password for local encrypted files and the
134 <code>-q</code> option the password for encrypted files sent to remote sites.
153 NFS-mounted networks and cannot be changed by shared clients.
165 as described in the <a href="#Cryptographic-Data-Files">Cryptographic Data Files</a> section below.
168 <tr><td align="left" valign="top">&bull; <a href="#Running-the-Program" accesskey="1">Running the Program</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
170 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-Invocation" accesskey="2">Invoking ntp-keygen</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
172 <tr><td align="left" valign="top">&bull; <a href="#Random-Seed-File" accesskey="3">Random Seed File</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
174 <tr><td align="left" valign="top">&bull; <a href="#Cryptographic-Data-Files" accesskey="4">Cryptographic Data Files</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
179 <span id="Running-the-Program"></span><div class="header">
181 Next: <a href="#Random-Seed-File" accesskey="n" rel="next">Random Seed File</a>, Previous: <a href="#Description" accesskey="p" rel="prev">Description</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
182 </div>
183 <span id="Running-the-Program-1"></span><h3 class="section">1.1 Running the Program</h3>
185 <p>To test and gain experience with Autokey concepts, log in as root and
189 removed, use the <code>ntp-keygen</code> command without arguments to generate a
190 default RSA host key and matching RSA-MD5 certificate with expiration
197 Designate one of them as the trusted host (TH) using <code>ntp-keygen</code>
198 with the <code>-T</code> option and configure
209 A different sign key can be assigned using the <code>-S</code> option
214 using the <code>-c</code> option.
219 This of course creates a chicken-and-egg problem
222 should be set by some other means, such as eyeball-and-wristwatch, at
225 certificate should be re-generated.
228 Autokey Public-Key Authentication page.
231 <span id="ntp_002dkeygen-Invocation"></span><div class="header">
233 Next: <a href="#Random-Seed-File" accesskey="n" rel="next">Random Seed File</a>, Previous: <a href="#Running-the-Program" accesskey="p" rel="prev">Running the Program</a>, Up: <a href="#Description" accesskey="u" rel="up">Description</a> &nbsp; </p>
234 </div>
235 <span id="Invoking-ntp_002dkeygen"></span><h3 class="section">1.2 Invoking ntp-keygen</h3>
236 <span id="index-ntp_002dkeygen"></span>
237 <span id="index-Create-a-NTP-host-key"></span>
253 All other files are in PEM-encoded printable ASCII format,
259 produces a file containing ten pseudo-random printable ASCII strings
263 hex-encoded random bit strings suitable for SHA1, AES-128-CMAC, and
284 <code>-p</code>
286 <code>-q</code>
293 <code>ntp-keygen</code>
326 NFS-mounted networks and cannot be changed by shared clients.
346 <a href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
350 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-usage" accesskey="1">ntp-keygen help/usage (<samp>--help</samp>)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
352 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-imbits" accesskey="2">imbits option (-b)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
354 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-certificate" accesskey="3">certificate option (-c)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
356 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-cipher" accesskey="4">cipher option (-C)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
358 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-id_002dkey" accesskey="5">id-key option (-e)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
360 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-gq_002dparams" accesskey="6">gq-params option (-G)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
362 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-host_002dkey" accesskey="7">host-key option (-H)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
364 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-iffkey" accesskey="8">iffkey option (-I)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
366 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-ident" accesskey="9">ident option (-i)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
368 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-lifetime">lifetime option (-l)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
370 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-modulus">modulus option (-m)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
372 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-md5key">md5key option (-M)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
374 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-pvt_002dcert">pvt-cert option (-P)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
376 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-password">password option (-p)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
378 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-export_002dpasswd">export-passwd option (-q)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
380 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-subject_002dname">subject-name option (-s)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
382 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-sign_002dkey">sign-key option (-S)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
384 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-trusted_002dcert">trusted-cert option (-T)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
386 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-mv_002dparams">mv-params option (-V)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
388 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-mv_002dkeys">mv-keys option (-v)</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
390 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-config">presetting/configuring ntp-keygen</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
392 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
394 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
396 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
398 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
402 <span id="Running-the-Program-2"></span><h4 class="subsection">1.2.1 Running the Program</h4>
404 <code>ntp-keygen</code>
412 <p>To test and gain experience with Autokey concepts, log in as root and
420 <code>ntp-keygen</code>
424 <code>RSA-MD5</code>
488 <p>Installing the keys as root might not work in NFS-mounted
515 in NFS-mounted networks.
525 are permitted root read/write-only;
555 <code>ntp-keygen</code>
564 <code>ntp-keygen</code>
566 <code>-T</code>
580 <code>-S</code>
592 <code>-c</code>
598 This of course creates a chicken-and-egg problem
601 should be set by some other means, such as eyeball-and-wristwatch, at
604 certificate should be re-generated.
607 &ldquo;Autokey Public-Key Authentication&rdquo;
634 <span id="Trusted-Hosts-and-Groups"></span><h4 class="subsubsection">1.2.1.1 Trusted Hosts and Groups</h4>
649 First, configure a NTP subnet including one or more low-stratum
669 <code>ntp-keygen</code>
670 <code>-T</code>
673 <code>-T</code>
682 <code>ntp-keygen</code>
684 <code>-S</code> <kbd>type</kbd>
692 <code>DSA</code>-signed
696 <code>ntp-keygen</code>
698 <code>-c</code> <kbd>scheme</kbd>
703 <code>ntp-keygen</code>
710 <code>ntp-keygen</code>
722 <span id="Identity-Schemes"></span><h4 class="subsubsection">1.2.1.2 Identity Schemes</h4>
740 The TA is not necessarily a trusted host in this sense, but often is.
753 <code>ntp-keygen</code>
754 <code>-P</code>
755 <code>-p</code> <kbd>password</kbd>
759 <samp>ntpkey</samp>_ <code>RSA-MD5</code> <code>_</code> <samp>cert_alice.</samp> <kbd>filestamp</kbd>,
786 <code>ntp-keygen</code>
787 <code>-T</code>
788 <code>-I</code>
789 <code>-p</code> <kbd>password</kbd>
809 <code>ntp-keygen</code>
810 <code>-e</code>
829 <code>ntp-keygen</code>
830 <code>-T</code>
831 <code>-G</code>
832 <code>-p</code> <kbd>password</kbd>
862 <code>ntp-keygen</code>
863 <code>-V</code> <kbd>n</kbd>
864 <code>-p</code> <kbd>password</kbd>,
895 <span id="Command-Line-Options"></span><h4 class="subsubsection">1.2.1.3 Command Line Options</h4>
897 <dt><code>-b</code> <code>--imbits</code>= <kbd>modulus</kbd></dt>
906 <dt><code>-c</code> <code>--certificate</code>= <kbd>scheme</kbd></dt>
911 <code>RSA-MD2</code>, <code>RSA-MD5</code>, <code>RSA-MDC2</code>, <code>RSA-SHA</code>, <code>RSA-SHA1</code>, <code>RSA-RIPEMD160</code>, <code>DSA-SHA</code>,
913 <code>DSA-SHA1</code>.
924 <code>RSA-MD5</code>.
925 If compatibility with FIPS 140-2 is required, either the
926 <code>DSA-SHA</code>
928 <code>DSA-SHA1</code>
931 <dt><code>-C</code> <code>--cipher</code>= <kbd>cipher</kbd></dt>
933 The default without this option is three-key triple DES in CBC mode,
934 <code>des-ede3-cbc</code>.
936 <code>openssl</code> <code>-h</code>
939 <dt><code>-d</code> <code>--debug-level</code></dt>
941 This option displays the cryptographic data produced in eye-friendly billboards.
943 <dt><code>-D</code> <code>--set-debug-level</code>= <kbd>level</kbd></dt>
946 This option displays the cryptographic data produced in eye-friendly billboards.
948 <dt><code>-e</code> <code>--id-key</code></dt>
960 <dt><code>-G</code> <code>--gq-params</code></dt>
963 parameters and key file for the Guillou-Quisquater (GQ) identity scheme.
965 <code>-I</code>
967 <code>-V</code>
970 <dt><code>-H</code> <code>--host-key</code></dt>
975 <dt><code>-I</code> <code>--iffkey</code></dt>
980 <code>-G</code>
985 <dt><code>-i</code> <code>--ident</code>= <kbd>group</kbd></dt>
995 <code>-i</code>
997 <code>-s</code>
1008 <dt><code>-l</code> <code>--lifetime</code>= <kbd>days</kbd></dt>
1013 <dt><code>-m</code> <code>--modulus</code>= <kbd>bits</kbd></dt>
1020 <dt><code>-M</code> <code>--md5key</code></dt>
1034 <dt><code>-p</code> <code>--password</code>= <kbd>passwd</kbd></dt>
1042 <dt><code>-P</code> <code>--pvt-cert</code></dt>
1049 <dt><code>-q</code> <code>--export-passwd</code>= <kbd>passwd</kbd></dt>
1057 <code>-p</code>
1059 <code>-q</code>
1065 <dt><code>-s</code> <code>--subject-key</code>= <code>[host]</code> <code>[@ <kbd>group</kbd>]</code></dt>
1075 <code>-s</code> <code>-@</code> <kbd>group</kbd>
1077 <code>-i</code> <kbd>group</kbd>.
1090 <dt><code>-S</code> <code>--sign-key</code>= <code>[<code>RSA</code> | <code>DSA</code>]</code></dt>
1093 If compatibility with FIPS 140-2 is required, the sign key type must be
1096 <dt><code>-T</code> <code>--trusted-cert</code></dt>
1098 By default, the program generates a non-trusted certificate.
1100 <dt><code>-V</code> <code>--mv-params</code> <kbd>nkeys</kbd></dt>
1103 encrypted server keys and parameters for the Mu-Varadharajan (MV)
1106 <code>-I</code>
1108 <code>-G</code>
1114 <span id="Random-Seed-File-1"></span><h4 class="subsubsection">1.2.1.4 Random Seed File</h4>
1117 the internal pseudo-random number generator used
1121 <code>ntp-keygen</code>
1130 can be used to do this and some systems have built-in entropy sources.
1139 <code>ntp-keygen</code>
1148 <code>ntp-keygen</code>
1162 <code>ntp-keygen</code>
1173 <span id="Cryptographic-Data-Files-1"></span><h4 class="subsubsection">1.2.1.5 Cryptographic Data Files</h4>
1198 <code>ntp-keygen</code>
1204 rules, then encrypted if necessary, and finally written in PEM-encoded
1223 9  MD5 3-5vcn*6l29DS?Xdsg)*  # MD5 key
1235 </pre><div class="example">
1237 </pre></div>
1242 </p><div class="example">
1244 </pre></div>
1247 is a positive integer in the range 1-65535;
1255 however, if compatibility with FIPS 140-2 is required,
1273 An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which
1286 <code>ntp-keygen</code>
1295 <code>ntp-keygen</code>
1308 using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp-keygen</code> program.
1312 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-usage" accesskey="1">ntp-keygen usage</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">ntp-keygen help/usage (<samp>--help</samp>)
1314 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-imbits" accesskey="2">ntp-keygen imbits</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">imbits option (-b)
1316 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-certificate" accesskey="3">ntp-keygen certificate</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">certificate option (-c)
1318 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-cipher" accesskey="4">ntp-keygen cipher</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">cipher option (-C)
1320 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-id_002dkey" accesskey="5">ntp-keygen id-key</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">id-key option (-e)
1322 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-gq_002dparams" accesskey="6">ntp-keygen gq-params</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">gq-params option (-G)
1324 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-host_002dkey" accesskey="7">ntp-keygen host-key</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">host-key option (-H)
1326 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-iffkey" accesskey="8">ntp-keygen iffkey</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">iffkey option (-I)
1328 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-ident" accesskey="9">ntp-keygen ident</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">ident option (-i)
1330 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">lifetime option (-l)
1332 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">modulus option (-m)
1334 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">md5key option (-M)
1336 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">pvt-cert option (-P)
1338 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-password">ntp-keygen password</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">password option (-p)
1340 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-export_002dpasswd">ntp-keygen export-passwd</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">export-passwd option (-q)
1342 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">subject-name option (-s)
1344 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">sign-key option (-S)
1346 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">trusted-cert option (-T)
1348 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">mv-params option (-V)
1350 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">mv-keys option (-v)
1352 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-config">ntp-keygen config</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">presetting/configuring ntp-keygen
1354 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">exit status
1356 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Usage
1358 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Notes
1360 <tr><td align="left" valign="top">&bull; <a href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Bugs
1365 <span id="ntp_002dkeygen-usage"></span><div class="header">
1367 Next: <a href="#ntp_002dkeygen-imbits" accesskey="n" rel="next">ntp-keygen imbits</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1368 </div>
1369 <span id="ntp_002dkeygen-help_002fusage-_0028_002d_002dhelp_0029"></span><h4 class="subsection">1.2.2 ntp-keygen help/usage (<samp>--help</samp>)</h4>
1370 <span id="index-ntp_002dkeygen-help"></span>
1372 <p>This is the automatically generated usage text for ntp-keygen.
1375 (<samp>--help</samp>) or the <code>more-help</code> option (<samp>--more-help</samp>).  <code>more-help</code> will print
1377 <code>more-help</code> is disabled on platforms without a working
1382 <div class="example">
1383 <pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p18
1384 Usage:  ntp-keygen [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]...
1385   Flg Arg Option-Name    Description
1386    -b Num imbits         identity modulus bits
1387                                 - it must be in the range:
1389    -c Str certificate    certificate scheme
1390    -C Str cipher         privatekey cipher
1391    -d no  debug-level    Increase debug verbosity level
1392                                 - may appear multiple times
1393    -D Num set-debug-level Set the debug verbosity level
1394                                 - may appear multiple times
1395    -e no  id-key         Write IFF or GQ identity keys
1396    -G no  gq-params      Generate GQ parameters and keys
1397    -H no  host-key       generate RSA host key
1398    -I no  iffkey         generate IFF parameters
1399    -i Str ident          set Autokey group name
1400    -l Num lifetime       set certificate lifetime
1401    -m Num modulus        prime modulus
1402                                 - it must be in the range:
1404    -M no  md5key         generate symmetric keys
1405    -P no  pvt-cert       generate PC private certificate
1406    -p Str password       local private password
1407    -q Str export-passwd  export IFF or GQ group keys with password
1408    -s Str subject-name   set host and optionally group name
1409    -S Str sign-key       generate sign key (RSA or DSA)
1410    -T no  trusted-cert   trusted certificate (TC scheme)
1411    -V Num mv-params      generate &lt;num&gt; MV parameters
1412    -v Num mv-keys        update &lt;num&gt; MV keys
1414    -? no  help           display extended usage information and exit
1415    -! no  more-help      extended usage information passed thru pager
1416    -&gt; opt save-opts      save the option state to a config file
1417    -&lt; Str load-opts      load options from a config file
1418                                 - disabled as '--no-load-opts'
1419                                 - may appear multiple times
1426  - reading file $HOME/.ntprc
1427  - reading file ./.ntprc
1428  - examining environment variables named NTP_KEYGEN_*
1431 </pre></div>
1434 <span id="ntp_002dkeygen-imbits"></span><div class="header">
1436 Next: <a href="#ntp_002dkeygen-certificate" accesskey="n" rel="next">ntp-keygen certificate</a>, Previous: <a href="#ntp_002dkeygen-usage" accesskey="p" rel="prev">ntp-keygen usage</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1437 </div>
1438 <span id="imbits-option-_0028_002db_0029"></span><h4 class="subsection">1.2.3 imbits option (-b)</h4>
1439 <span id="index-ntp_002dkeygen_002dimbits"></span>
1451 <span id="ntp_002dkeygen-certificate"></span><div class="header">
1453 Next: <a href="#ntp_002dkeygen-cipher" accesskey="n" rel="next">ntp-keygen cipher</a>, Previous: <a href="#ntp_002dkeygen-imbits" accesskey="p" rel="prev">ntp-keygen imbits</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1454 </div>
1455 <span id="certificate-option-_0028_002dc_0029"></span><h4 class="subsection">1.2.4 certificate option (-c)</h4>
1456 <span id="index-ntp_002dkeygen_002dcertificate"></span>
1467 RSA-MD2, RSA-MD5, RSA-MDC2, RSA-SHA, RSA-SHA1, RSA-RIPEMD160,
1468 DSA-SHA, or DSA-SHA1.
1473 this option is RSA-MD5.
1475 <span id="ntp_002dkeygen-cipher"></span><div class="header">
1477 Next: <a href="#ntp_002dkeygen-id_002dkey" accesskey="n" rel="next">ntp-keygen id-key</a>, Previous: <a href="#ntp_002dkeygen-certificate" accesskey="p" rel="prev">ntp-keygen certificate</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1478 </div>
1479 <span id="cipher-option-_0028_002dC_0029"></span><h4 class="subsection">1.2.5 cipher option (-C)</h4>
1480 <span id="index-ntp_002dkeygen_002dcipher"></span>
1491 private keys.  The default is three-key triple DES in CBC mode,
1492 equivalent to &quot;<code>-C des-ede3-cbc</code>&quot;.  The openssl tool lists ciphers
1493 available in &quot;<code>openssl -h</code>&quot; output.
1495 <span id="ntp_002dkeygen-id_002dkey"></span><div class="header">
1497 Next: <a href="#ntp_002dkeygen-gq_002dparams" accesskey="n" rel="next">ntp-keygen gq-params</a>, Previous: <a href="#ntp_002dkeygen-cipher" accesskey="p" rel="prev">ntp-keygen cipher</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1498 </div>
1499 <span id="id_002dkey-option-_0028_002de_0029"></span><h4 class="subsection">1.2.6 id-key option (-e)</h4>
1500 <span id="index-ntp_002dkeygen_002did_002dkey"></span>
1513 <span id="ntp_002dkeygen-gq_002dparams"></span><div class="header">
1515 Next: <a href="#ntp_002dkeygen-host_002dkey" accesskey="n" rel="next">ntp-keygen host-key</a>, Previous: <a href="#ntp_002dkeygen-id_002dkey" accesskey="p" rel="prev">ntp-keygen id-key</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1516 </div>
1517 <span id="gq_002dparams-option-_0028_002dG_0029"></span><h4 class="subsection">1.2.7 gq-params option (-G)</h4>
1518 <span id="index-ntp_002dkeygen_002dgq_002dparams"></span>
1530 <span id="ntp_002dkeygen-host_002dkey"></span><div class="header">
1532 Next: <a href="#ntp_002dkeygen-iffkey" accesskey="n" rel="next">ntp-keygen iffkey</a>, Previous: <a href="#ntp_002dkeygen-gq_002dparams" accesskey="p" rel="prev">ntp-keygen gq-params</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1533 </div>
1534 <span id="host_002dkey-option-_0028_002dH_0029"></span><h4 class="subsection">1.2.8 host-key option (-H)</h4>
1535 <span id="index-ntp_002dkeygen_002dhost_002dkey"></span>
1546 <span id="ntp_002dkeygen-iffkey"></span><div class="header">
1548 Next: <a href="#ntp_002dkeygen-ident" accesskey="n" rel="next">ntp-keygen ident</a>, Previous: <a href="#ntp_002dkeygen-host_002dkey" accesskey="p" rel="prev">ntp-keygen host-key</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1549 </div>
1550 <span id="iffkey-option-_0028_002dI_0029"></span><h4 class="subsection">1.2.9 iffkey option (-I)</h4>
1551 <span id="index-ntp_002dkeygen_002diffkey"></span>
1563 <span id="ntp_002dkeygen-ident"></span><div class="header">
1565 Next: <a href="#ntp_002dkeygen-lifetime" accesskey="n" rel="next">ntp-keygen lifetime</a>, Previous: <a href="#ntp_002dkeygen-iffkey" accesskey="p" rel="prev">ntp-keygen iffkey</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1566 </div>
1567 <span id="ident-option-_0028_002di_0029"></span><h4 class="subsection">1.2.10 ident option (-i)</h4>
1568 <span id="index-ntp_002dkeygen_002dident"></span>
1581 provided.  The group name, if specified using <code>-i/--ident</code> or
1582 using <code>-s/--subject-name</code> following an &rsquo;<code>@</code>&rsquo; character,
1583 is also a part of the self-signed host certificate subject and
1588 <span id="ntp_002dkeygen-lifetime"></span><div class="header">
1590 Next: <a href="#ntp_002dkeygen-modulus" accesskey="n" rel="next">ntp-keygen modulus</a>, Previous: <a href="#ntp_002dkeygen-ident" accesskey="p" rel="prev">ntp-keygen ident</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1591 </div>
1592 <span id="lifetime-option-_0028_002dl_0029"></span><h4 class="subsection">1.2.11 lifetime option (-l)</h4>
1593 <span id="index-ntp_002dkeygen_002dlifetime"></span>
1605 <span id="ntp_002dkeygen-modulus"></span><div class="header">
1607 Next: <a href="#ntp_002dkeygen-md5key" accesskey="n" rel="next">ntp-keygen md5key</a>, Previous: <a href="#ntp_002dkeygen-lifetime" accesskey="p" rel="prev">ntp-keygen lifetime</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1608 </div>
1609 <span id="modulus-option-_0028_002dm_0029"></span><h4 class="subsection">1.2.12 modulus option (-m)</h4>
1610 <span id="index-ntp_002dkeygen_002dmodulus"></span>
1622 <span id="ntp_002dkeygen-md5key"></span><div class="header">
1624 Next: <a href="#ntp_002dkeygen-pvt_002dcert" accesskey="n" rel="next">ntp-keygen pvt-cert</a>, Previous: <a href="#ntp_002dkeygen-modulus" accesskey="p" rel="prev">ntp-keygen modulus</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1625 </div>
1626 <span id="md5key-option-_0028_002dM_0029"></span><h4 class="subsection">1.2.13 md5key option (-M)</h4>
1627 <span id="index-ntp_002dkeygen_002dmd5key"></span>
1632 <span id="ntp_002dkeygen-pvt_002dcert"></span><div class="header">
1634 Next: <a href="#ntp_002dkeygen-password" accesskey="n" rel="next">ntp-keygen password</a>, Previous: <a href="#ntp_002dkeygen-md5key" accesskey="p" rel="prev">ntp-keygen md5key</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1635 </div>
1636 <span id="pvt_002dcert-option-_0028_002dP_0029"></span><h4 class="subsection">1.2.14 pvt-cert option (-P)</h4>
1637 <span id="index-ntp_002dkeygen_002dpvt_002dcert"></span>
1649 <span id="ntp_002dkeygen-password"></span><div class="header">
1651 Next: <a href="#ntp_002dkeygen-export_002dpasswd" accesskey="n" rel="next">ntp-keygen export-passwd</a>, Previous: <a href="#ntp_002dkeygen-pvt_002dcert" accesskey="p" rel="prev">ntp-keygen pvt-cert</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1652 </div>
1653 <span id="password-option-_0028_002dp_0029"></span><h4 class="subsection">1.2.15 password option (-p)</h4>
1654 <span id="index-ntp_002dkeygen_002dpassword"></span>
1665 DES-CBC algorithm and the specified password.  The same password
1670 <span id="ntp_002dkeygen-export_002dpasswd"></span><div class="header">
1672 Next: <a href="#ntp_002dkeygen-subject_002dname" accesskey="n" rel="next">ntp-keygen subject-name</a>, Previous: <a href="#ntp_002dkeygen-password" accesskey="p" rel="prev">ntp-keygen password</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1673 </div>
1674 <span id="export_002dpasswd-option-_0028_002dq_0029"></span><h4 class="subsection">1.2.16 export-passwd option (-q)</h4>
1675 <span id="index-ntp_002dkeygen_002dexport_002dpasswd"></span>
1686 encrypted with the DES-CBC algorithm and the specified password.
1689 &ndash;id-key (-e) for unencrypted exports.
1691 <span id="ntp_002dkeygen-subject_002dname"></span><div class="header">
1693 Next: <a href="#ntp_002dkeygen-sign_002dkey" accesskey="n" rel="next">ntp-keygen sign-key</a>, Previous: <a href="#ntp_002dkeygen-export_002dpasswd" accesskey="p" rel="prev">ntp-keygen export-passwd</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1694 </div>
1695 <span id="subject_002dname-option-_0028_002ds_0029"></span><h4 class="subsection">1.2.17 subject-name option (-s)</h4>
1696 <span id="index-ntp_002dkeygen_002dsubject_002dname"></span>
1711 fields.  Specifying &rsquo;<code>-s @group</code>&rsquo; is allowed, and results in
1713 subject and issuer fields, as with <code>-i group</code>.  The group name, or
1717 <span id="ntp_002dkeygen-sign_002dkey"></span><div class="header">
1719 Next: <a href="#ntp_002dkeygen-trusted_002dcert" accesskey="n" rel="next">ntp-keygen trusted-cert</a>, Previous: <a href="#ntp_002dkeygen-subject_002dname" accesskey="p" rel="prev">ntp-keygen subject-name</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1720 </div>
1721 <span id="sign_002dkey-option-_0028_002dS_0029"></span><h4 class="subsection">1.2.18 sign-key option (-S)</h4>
1722 <span id="index-ntp_002dkeygen_002dsign_002dkey"></span>
1736 <span id="ntp_002dkeygen-trusted_002dcert"></span><div class="header">
1738 Next: <a href="#ntp_002dkeygen-mv_002dparams" accesskey="n" rel="next">ntp-keygen mv-params</a>, Previous: <a href="#ntp_002dkeygen-sign_002dkey" accesskey="p" rel="prev">ntp-keygen sign-key</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1739 </div>
1740 <span id="trusted_002dcert-option-_0028_002dT_0029"></span><h4 class="subsection">1.2.19 trusted-cert option (-T)</h4>
1741 <span id="index-ntp_002dkeygen_002dtrusted_002dcert"></span>
1751 a non-trusted certificate.
1753 <span id="ntp_002dkeygen-mv_002dparams"></span><div class="header">
1755 Next: <a href="#ntp_002dkeygen-mv_002dkeys" accesskey="n" rel="next">ntp-keygen mv-keys</a>, Previous: <a href="#ntp_002dkeygen-trusted_002dcert" accesskey="p" rel="prev">ntp-keygen trusted-cert</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1756 </div>
1757 <span id="mv_002dparams-option-_0028_002dV_0029"></span><h4 class="subsection">1.2.20 mv-params option (-V)</h4>
1758 <span id="index-ntp_002dkeygen_002dmv_002dparams"></span>
1768 <p>Generate parameters and keys for the Mu-Varadharajan (MV)
1771 <span id="ntp_002dkeygen-mv_002dkeys"></span><div class="header">
1773 Next: <a href="#ntp_002dkeygen-config" accesskey="n" rel="next">ntp-keygen config</a>, Previous: <a href="#ntp_002dkeygen-mv_002dparams" accesskey="p" rel="prev">ntp-keygen mv-params</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1774 </div>
1775 <span id="mv_002dkeys-option-_0028_002dv_0029"></span><h4 class="subsection">1.2.21 mv-keys option (-v)</h4>
1776 <span id="index-ntp_002dkeygen_002dmv_002dkeys"></span>
1790 <span id="ntp_002dkeygen-config"></span><div class="header">
1792 Next: <a href="#ntp_002dkeygen-exit-status" accesskey="n" rel="next">ntp-keygen exit status</a>, Previous: <a href="#ntp_002dkeygen-mv_002dkeys" accesskey="p" rel="prev">ntp-keygen mv-keys</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1793 </div>
1794 <span id="presetting_002fconfiguring-ntp_002dkeygen"></span><h4 class="subsection">1.2.22 presetting/configuring ntp-keygen</h4>
1797 loading values from configuration (&quot;rc&quot; or &quot;ini&quot;) files, and values from environment variables named <code>NTP-KEYGEN</code> and <code>NTP-KEYGEN_&lt;OPTION_NAME&gt;</code>.  <code>&lt;OPTION_NAME&gt;</code> must be one of
1799 The <code>NTP-KEYGEN</code> variable will be tokenized and parsed like
1810 are expanded and replaced when <samp>ntp-keygen</samp> runs.
1824 </p><div class="example">
1825 <pre class="example">[NTP-KEYGEN]
1826 </pre></div>
1828 </p><div class="example">
1829 <pre class="example">&lt;?program ntp-keygen&gt;
1830 </pre></div>
1835 </p><div class="example">
1836 <pre class="example">&lt;option-name&gt;
1837    &lt;sub-opt&gt;...&amp;lt;...&amp;gt;...&lt;/sub-opt&gt;
1838 &lt;/option-name&gt;
1839 </pre></div>
1840 <p>yielding an <code>option-name.sub-opt</code> string value of
1841 </p><div class="example">
1843 </pre></div>
1850 <span id="version-_0028_002d_0029"></span><h4 class="subsubheading">version (-)</h4>
1870 <span id="ntp_002dkeygen-exit-status"></span><div class="header">
1872 Next: <a href="#ntp_002dkeygen-Usage" accesskey="n" rel="next">ntp-keygen Usage</a>, Previous: <a href="#ntp_002dkeygen-config" accesskey="p" rel="prev">ntp-keygen config</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1873 </div>
1874 <span id="ntp_002dkeygen-exit-status-1"></span><h4 class="subsection">1.2.23 ntp-keygen exit status</h4>
1889 it to autogen-users@lists.sourceforge.net.  Thank you.
1893 <span id="ntp_002dkeygen-Usage"></span><div class="header">
1895 Next: <a href="#ntp_002dkeygen-Notes" accesskey="n" rel="next">ntp-keygen Notes</a>, Previous: <a href="#ntp_002dkeygen-exit-status" accesskey="p" rel="prev">ntp-keygen exit status</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1896 </div>
1897 <span id="ntp_002dkeygen-Usage-1"></span><h4 class="subsection">1.2.24 ntp-keygen Usage</h4>
1899 <span id="ntp_002dkeygen-Notes"></span><div class="header">
1901 Next: <a href="#ntp_002dkeygen-Bugs" accesskey="n" rel="next">ntp-keygen Bugs</a>, Previous: <a href="#ntp_002dkeygen-Usage" accesskey="p" rel="prev">ntp-keygen Usage</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1902 </div>
1903 <span id="ntp_002dkeygen-Notes-1"></span><h4 class="subsection">1.2.25 ntp-keygen Notes</h4>
1905 <span id="ntp_002dkeygen-Bugs"></span><div class="header">
1907 Previous: <a href="#ntp_002dkeygen-Notes" accesskey="p" rel="prev">ntp-keygen Notes</a>, Up: <a href="#ntp_002dkeygen-Invocation" accesskey="u" rel="up">ntp-keygen Invocation</a> &nbsp; </p>
1908 </div>
1909 <span id="ntp_002dkeygen-Bugs-1"></span><h4 class="subsection">1.2.26 ntp-keygen Bugs</h4>
1912 <span id="Random-Seed-File"></span><div class="header">
1914 Next: <a href="#Cryptographic-Data-Files" accesskey="n" rel="next">Cryptographic Data Files</a>, Previous: <a href="#Running-the-Program" accesskey="p" rel="prev">Running the Program</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
1915 </div>
1916 <span id="Random-Seed-File-2"></span><h3 class="section">1.3 Random Seed File</h3>
1920 pseudo-random number generator used by the OpenSSL library routines.
1925 starting the <code>ntp-keygen</code> program or <code>ntpd</code> daemon.
1933 Since both the <code>ntp-keygen</code> program and <code>ntpd</code> daemon must run
1940 <span id="Cryptographic-Data-Files"></span><div class="header">
1942 Previous: <a href="#Random-Seed-File" accesskey="p" rel="prev">Random Seed File</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
1943 </div>
1944 <span id="Cryptographic-Data-Files-2"></span><h3 class="section">1.4 Cryptographic Data Files</h3>
1969 using ASN.1 rules, then encrypted using the DES-CBC algorithm with
1970 given password and finally written in PEM-encoded printable ASCII text
1979 <div class="example">
1984  2 MD5 lu+H^tF46BKR-6~pV_5  # MD5 key
1986  4 MD5 |fdZrf0sF~;w-i^V  # MD5 key
1989  7 MD5 c9x=M'CfLxax9v)PV-si  # MD5 key
2003 </pre></div>
2019 compatibility with FIPS 140-2 is required, the key type must be either
2026 key consists of a hex-encoded ASCII string of 40 characters, which is
2035 <p>The <code>ntp-keygen</code> program generates a MD5 symmetric keys file
2040 The NTP daemon loads the file <code>ntp.keys</code>, so <code>ntp-keygen</code>