Lines Matching +full:other +full:- +full:key
1 \input texinfo @c -*-texinfo-*-
3 @setfilename ntp-keygen.info
4 @settitle Ntp-keygen User's Manual
10 This file documents the use of the NTP Project's @code{ntp-keygen}
15 * ntp-keygen: (ntp-keygen). NTP Key Generation
19 @title NTP Key Generation User's Manual
20 @subtitle ntp-keygen, version @value{VERSION}, @value{UPDATED}
31 * ntp-keygen Invocation:: Invoking ntp-keygen
38 @top NTP Key Generation Program User Manual
40 This document describes the use of the NTP Project's @code{ntp-keygen}
43 It can generate message digest keys used in symmetric key cryptography and,
47 public key cryptography.
50 All other files are in PEM-encoded
52 mail to other sites.
54 This document applies to version @value{VERSION} of @code{ntp-keygen}.
57 @comment node-name, next, previous, up
62 keys used in symmetric key cryptography and, if the OpenSSL software
65 public key cryptography. The message digest keys file is generated in a
66 format compatible with NTPv3. All other files are in PEM-encoded
68 mail to other sites.
71 containing ten pseudo-random printable ASCII strings suitable for the
74 OpenSSL library is installed, it produces an additional ten hex-encoded
75 random bit strings suitable for the SHA1 and other message digest
83 The remaining generated files are compatible with other OpenSSL
84 applications and other Public Key Infrastructure (PKI) resources.
89 are probably not compatible with anything other than Autokey.
92 The @code{-p} option specifies the password for local encrypted files and the
93 @code{-q} option the password for encrypted files sent to remote sites.
110 Other files and links are usually installed
112 NFS-mounted networks and cannot be changed by shared clients.
119 @code{stdout} where they can be piped to other applications or redirected to
127 @comment node-name, next, previous, up
134 removed, use the @code{ntp-keygen} command without arguments to generate a
135 default RSA host key and matching RSA-MD5 certificate with expiration
142 Designate one of them as the trusted host (TH) using @code{ntp-keygen}
143 with the @code{-T} option and configure
145 Then configure the other hosts to synchronize to the TH directly or indirectly.
151 The host key is used to encrypt the cookie when required and so must be
153 By default, the host key is also the sign key used to encrypt signatures.
154 A different sign key can be assigned using the @code{-S} option
157 message digest type is MD5, but any combination of sign key type and
159 using the @code{-c} option.
164 This of course creates a chicken-and-egg problem
167 should be set by some other means, such as eyeball-and-wristwatch, at
170 certificate should be re-generated.
173 Autokey Public-Key Authentication page.
175 @include invoke-ntp-keygen.texi
178 @comment node-name, next, previous, up
181 All cryptographically sound key generation schemes must have means to
183 pseudo-random number generator used by the OpenSSL library routines.
188 starting the @code{ntp-keygen} program or @code{ntpd} daemon.
192 or some other user.
196 Since both the @code{ntp-keygen} program and @code{ntpd} daemon must run
203 @comment node-name, next, previous, up
207 where @code{key} is the key or parameter type,
210 By convention, key names in generated file names include both upper and
211 lower case characters, while key names in generated link names include
215 The key name is a string defining the cryptographic key type.
216 Key types include public/private keys host and sign, certificate cert
217 and several challenge/response key types.
220 server files for responses have a key subtype, as in the GQ response
229 using ASN.1 rules, then encrypted using the DES-CBC algorithm with
230 given password and finally written in PEM-encoded printable ASCII text
234 is somewhat different than the other files in the interest of backward
243 1 MD5 "]!ghT%O;3)WJ,/Nc:>I # MD5 key
244 2 MD5 lu+H^tF46BKR-6~p{V_5 # MD5 key
245 3 MD5 :lnoVsE%Y}z*avh%EtNC # MD5 key
246 4 MD5 |fdZrf0sF~@PHZ;w-i^V # MD5 key
247 5 MD5 IyAG>O"}y"LmCRS!*bHC # MD5 key
248 6 MD5 ">e\A@>hT/661ri52,,H # MD5 key
249 7 MD5 c9x=M'CfLxax9v)PV-si # MD5 key
250 8 MD5 E|=jvFVov?Bn|Ev=&aK\ # MD5 key
251 9 MD5 T!c4UT&`(m$+m+B6,`Q0 # MD5 key
252 10 MD5 JVF/1=)=IFbHbJQz..Cd # MD5 key
253 11 SHA1 6dea311109529e436c2b4fccae9bc753c16d1b48 # SHA1 key
254 12 SHA1 7076f373d86c4848c59ff8046e49cb7d614ec394 # SHA1 key
255 13 SHA1 5f48b1b60591eb01b7cf1d33b7774f08d20262d3 # SHA1 key
256 14 SHA1 eed5ab9d9497319ec60cf3781d52607e76720178 # SHA1 key
257 15 SHA1 f283562611a04c964da8126296f5f8e58c3f85de # SHA1 key
258 16 SHA1 1930da171297dd63549af50b29449de17dcf341f # SHA1 key
259 17 SHA1 fee892110358cd4382322b889869e750db8e8a8f # SHA1 key
260 18 SHA1 b5520c9fadd7ad3fd8bfa061c8821b65d029bb37 # SHA1 key
261 19 SHA1 8c74fb440ec80f453ec6aaa62b9baed0ab723b92 # SHA1 key
262 20 SHA1 6bc05f734306a189326000970c19b3910f403795 # SHA1 key
265 Figure 1. Typical Symmetric Key File
270 integer between 1 and 65535, inclusive, representing the key identifier
272 Next is the key type for the message digest algorithm,
276 If the OpenSSL library is installed, the key type can be any
279 compatibility with FIPS 140-2 is required, the key type must be either
281 The key type can be changed using an ASCII text editor.
283 An MD5 key consists of a printable ASCII string less than or equal to
286 key consists of a hex-encoded ASCII string of 40 characters, which is
295 The @code{ntp-keygen} program generates a MD5 symmetric keys file
299 secure means to other subnet hosts.
300 The NTP daemon loads the file @code{ntp.keys}, so @code{ntp-keygen}
303 manual or automated means on the other subnet hosts.