Lines Matching +full:oc +full:- +full:level +full:- +full:select
4 .\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
6 .\" It has been AutoGen-ed May 25, 2024 at 12:04:46 AM by AutoGen 5.18.16
7 .\" From the definitions ntp-keygen-opts.def
8 .\" and the template file agmdoc-cmd.tpl
10 .Nm ntp-keygen
17 .Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
34 All other files are in PEM\-encoded printable ASCII format,
40 produces a file containing ten pseudo\-random printable ASCII strings
44 hex\-encoded random bit strings suitable for SHA1, AES\-128\-CMAC, and
107 NFS\-mounted networks and cannot be changed by shared clients.
151 .Cm RSA\-MD5
215 Installing the keys as root might not work in NFS\-mounted
242 in NFS\-mounted networks.
252 are permitted root read/write\-only;
325 This of course creates a chicken\-and\-egg problem
328 should be set by some other means, such as eyeball\-and\-wristwatch, at
331 certificate should be re\-generated.
334 .Dq Autokey Public\-Key Authentication
375 First, configure a NTP subnet including one or more low\-stratum
418 .Cm DSA Ns \-signed
484 .Pa ntpkey Ns _ Cm RSA\-MD5 _ Pa cert_alice. Ar filestamp ,
620 .Bl -tag -width indent
621 .It Fl b Fl \-imbits Ns = Ar modulus
629 .It Fl c Fl \-certificate Ns = Ar scheme
630 Select certificate signature encryption/message digest scheme.
634 .Cm RSA\-MD2 , RSA\-MD5 , RSA\-MDC2 , RSA\-SHA , RSA\-SHA1 , RSA\-RIPEMD160 , DSA\-SHA ,
636 .Cm DSA\-SHA1 .
647 .Cm RSA\-MD5 .
648 If compatibility with FIPS 140\-2 is required, either the
649 .Cm DSA\-SHA
651 .Cm DSA\-SHA1
653 .It Fl C Fl \-cipher Ns = Ar cipher
654 Select the OpenSSL cipher to encrypt the files containing private keys.
655 The default without this option is three\-key triple DES in CBC mode,
656 .Cm des\-ede3\-cbc .
660 .It Fl d Fl \-debug\-level
661 Increase debugging verbosity level.
662 This option displays the cryptographic data produced in eye\-friendly billboards.
663 .It Fl D Fl \-set\-debug\-level Ns = Ar level
665 .Ar level .
666 This option displays the cryptographic data produced in eye\-friendly billboards.
667 .It Fl e Fl \-id\-key
678 .It Fl G Fl \-gq\-params
681 parameters and key file for the Guillou\-Quisquater (GQ) identity scheme.
687 .It Fl H Fl \-host\-key
691 .It Fl I Fl \-iffkey
700 .It Fl i Fl \-ident Ns = Ar group
722 .It Fl l Fl \-lifetime Ns = Ar days
726 .It Fl m Fl \-modulus Ns = Ar bits
732 .It Fl M Fl \-md5key
745 .It Fl p Fl \-password Ns = Ar passwd
752 .It Fl P Fl \-pvt\-cert
758 .It Fl q Fl \-export\-passwd Ns = Ar passwd
773 .It Fl s Fl \-subject\-key Ns = Ar Oo host Oc Op @ Ar group
797 .It Fl S Fl \-sign\-key Ns = Op Cm RSA | DSA
800 If compatibility with FIPS 140\-2 is required, the sign key type must be
802 .It Fl T Fl \-trusted\-cert
804 By default, the program generates a non\-trusted certificate.
805 .It Fl V Fl \-mv\-params Ar nkeys
808 encrypted server keys and parameters for the Mu\-Varadharajan (MV)
820 the internal pseudo\-random number generator used
833 can be used to do this and some systems have built\-in entropy sources.
906 rules, then encrypted if necessary, and finally written in PEM\-encoded
914 .Bd -literal -unfilled -offset center
925 9 MD5 3\-5vcn*6l29DS?Xdsg)* # MD5 key
946 is a positive integer in the range 1\-65535;
954 however, if compatibility with FIPS 140\-2 is required,
972 An OpenSSL key consists of a hex\-encoded ASCII string of 40 characters, which
1006 .Bl -tag
1007 .It Fl b Ar imbits , Fl \-imbits Ns = Ns Ar imbits
1018 .in -4
1021 .It Fl c Ar scheme , Fl \-certificate Ns = Ns Ar scheme
1025 RSA\-MD2, RSA\-MD5, RSA\-MDC2, RSA\-SHA, RSA\-SHA1, RSA\-RIPEMD160,
1026 DSA\-SHA, or DSA\-SHA1.
1028 Select the certificate signature encryption/message digest scheme.
1031 this option is RSA\-MD5.
1032 .It Fl C Ar cipher , Fl \-cipher Ns = Ns Ar cipher
1035 Select the cipher which is used to encrypt the files containing
1036 private keys. The default is three\-key triple DES in CBC mode,
1037 equivalent to "\fB\-C des\-ede3\-cbc\fP". The openssl tool lists ciphers
1038 available in "\fBopenssl \-h\fP" output.
1039 .It Fl d , Fl \-debug\-level
1040 Increase debug verbosity level.
1043 .It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
1044 Set the debug verbosity level.
1048 .It Fl e , Fl \-id\-key
1054 .It Fl G , Fl \-gq\-params
1059 .It Fl H , Fl \-host\-key
1063 .It Fl I , Fl \-iffkey
1068 .It Fl i Ar group , Fl \-ident Ns = Ns Ar group
1074 provided. The group name, if specified using \fB\-i/\-\-ident\fP or
1075 using \fB\-s/\-\-subject\-name\fP following an '\fB@\fP' character,
1076 is also a part of the self\-signed host certificate subject and
1080 .It Fl l Ar lifetime , Fl \-lifetime Ns = Ns Ar lifetime
1085 .It Fl m Ar modulus , Fl \-modulus Ns = Ns Ar modulus
1096 .in -4
1099 .It Fl M , Fl \-md5key
1103 .It Fl P , Fl \-pvt\-cert
1108 .It Fl p Ar passwd , Fl \-password Ns = Ns Ar passwd
1112 DES\-CBC algorithm and the specified password. The same password
1116 .It Fl q Ar passwd , Fl \-export\-passwd Ns = Ns Ar passwd
1120 encrypted with the DES\-CBC algorithm and the specified password.
1123 -\-id\-key (\-e) for unencrypted exports.
1124 .It Fl s Ar host@group , Fl \-subject\-name Ns = Ns Ar host@group
1132 fields. Specifying '\fB\-s @group\fP' is allowed, and results in
1134 subject and issuer fields, as with \fB\-i group\fP. The group name, or
1137 .It Fl S Ar sign , Fl \-sign\-key Ns = Ns Ar sign
1143 .It Fl T , Fl \-trusted\-cert
1147 a non\-trusted certificate.
1148 .It Fl V Ar num , Fl \-mv\-params Ns = Ns Ar num
1152 Generate parameters and keys for the Mu\-Varadharajan (MV)
1154 .It Fl v Ar num , Fl \-mv\-keys Ns = Ns Ar num
1159 .It Fl \&? , Fl \-help
1161 .It Fl \&! , Fl \-more\-help
1163 .It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
1167 .It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
1169 The \fIno\-load\-opts\fP form will disable the loading
1170 of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
1172 .It Fl \-version Op Brq Ar v|c|n
1182 \fBNTP_KEYGEN_<option\-name>\fP or \fBNTP_KEYGEN\fP
1197 .Bl -tag
1206 it to autogen\-users@lists.sourceforge.net. Thank you.
1211 Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved.
1222 This manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP