Lines Matching +full:software +full:- +full:generated
1 \input texinfo @c -*-texinfo-*-
3 @setfilename ntp-keygen.info
4 @settitle Ntp-keygen User's Manual
10 This file documents the use of the NTP Project's @code{ntp-keygen}
15 * ntp-keygen: (ntp-keygen). NTP Key Generation
20 @subtitle ntp-keygen, version @value{VERSION}, @value{UPDATED}
31 * ntp-keygen Invocation:: Invoking ntp-keygen
40 This document describes the use of the NTP Project's @code{ntp-keygen}
44 if the OpenSSL software
48 The message digest keys file is generated in a
50 All other files are in PEM-encoded
54 This document applies to version @value{VERSION} of @code{ntp-keygen}.
57 @comment node-name, next, previous, up
62 keys used in symmetric key cryptography and, if the OpenSSL software
65 public key cryptography. The message digest keys file is generated in a
66 format compatible with NTPv3. All other files are in PEM-encoded
71 containing ten pseudo-random printable ASCII strings suitable for the
74 OpenSSL library is installed, it produces an additional ten hex-encoded
83 The remaining generated files are compatible with other OpenSSL
85 Certificates generated by this program are compatible with extant
92 The @code{-p} option specifies the password for local encrypted files and the
93 @code{-q} option the password for encrypted files sent to remote sites.
101 Thus, if files are generated by this program without password,
105 Normally, encrypted files for each host are generated by that host and
112 NFS-mounted networks and cannot be changed by shared clients.
121 The names used for generated files and links all begin with the
127 @comment node-name, next, previous, up
134 removed, use the @code{ntp-keygen} command without arguments to generate a
135 default RSA host key and matching RSA-MD5 certificate with expiration
142 Designate one of them as the trusted host (TH) using @code{ntp-keygen}
143 with the @code{-T} option and configure
154 A different sign key can be assigned using the @code{-S} option
159 using the @code{-c} option.
161 The rules say cryptographic media should be generated with proventic
164 This of course creates a chicken-and-egg problem
167 should be set by some other means, such as eyeball-and-wristwatch, at
170 certificate should be re-generated.
173 Autokey Public-Key Authentication page.
175 @include invoke-ntp-keygen.texi
178 @comment node-name, next, previous, up
183 pseudo-random number generator used by the OpenSSL library routines.
188 starting the @code{ntp-keygen} program or @code{ntpd} daemon.
196 Since both the @code{ntp-keygen} program and @code{ntpd} daemon must run
203 @comment node-name, next, previous, up
210 By convention, key names in generated file names include both upper and
211 lower case characters, while key names in generated link names include
212 only lower case characters. The filestamp is not used in generated link
229 using ASN.1 rules, then encrypted using the DES-CBC algorithm with
230 given password and finally written in PEM-encoded printable ASCII text
236 Ordinarily, the file is generated by this program, but
244 2 MD5 lu+H^tF46BKR-6~p{V_5 # MD5 key
246 4 MD5 |fdZrf0sF~@PHZ;w-i^V # MD5 key
249 7 MD5 c9x=M'CfLxax9v)PV-si # MD5 key
279 compatibility with FIPS 140-2 is required, the key type must be either
286 key consists of a hex-encoded ASCII string of 40 characters, which is
295 The @code{ntp-keygen} program generates a MD5 symmetric keys file
300 The NTP daemon loads the file @code{ntp.keys}, so @code{ntp-keygen}
301 installs a soft link from this name to the generated file.