@node ntp.keys Notes @section Notes about ntp.keys @pindex ntp.keys @cindex NTP symmetric key file format @ignore # # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) # # It has been AutoGen-ed June 6, 2023 at 04:37:41 AM by AutoGen 5.18.16 # From the definitions ntp.keys.def # and the template file agtexi-file.tpl @end ignore This document describes the format of an NTP symmetric key file. For a description of the use of this type of file, see the "Authentication Support" section of the @code{ntp.conf(5)} page. @code{ntpd(8)} reads its keys from a file specified using the @code{-k} command line option or the @code{keys} statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. The key file uses the same comment conventions as the configuration file. Key entries use a fixed format of the form @example @kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list} @end example where @kbd{keyno} is a positive integer (between 1 and 65535), @kbd{type} is the message digest algorithm, @kbd{key} is the key itself, and @kbd{opt_IP_list} is an optional comma-separated list of IPs where the @kbd{keyno} should be trusted. that are allowed to serve time. Each IP in @kbd{opt_IP_list} may contain an optional @code{/subnetbits} specification which identifies the number of bits for the desired subnet of trust. If @kbd{opt_IP_list} is empty, any properly-authenticated message will be accepted. The @kbd{key} may be given in a format controlled by the @kbd{type} field. The @kbd{type} @code{MD5} is always supported. If @code{ntpd} was built with the OpenSSL library then any digest library supported by that library may be specified. However, if compliance with FIPS 140-2 is required the @kbd{type} must be either @code{SHA} or @code{SHA1}. What follows are some key types, and corresponding formats: @table @asis @item @code{MD5} The key is 1 to 16 printable characters terminated by an EOL, whitespace, or a @code{#} (which is the "start of comment" character). @item @code{SHA} @item @code{SHA1} @item @code{RMD160} The key is a hex-encoded ASCII string of 40 characters, which is truncated as necessary. @end table Note that the keys used by the @code{ntpq(8)} and @code{ntpdc(8)} programs are checked against passwords requested by the programs and entered by hand, so it is generally appropriate to specify these keys in ASCII format. This section was generated by @strong{AutoGen}, using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.keys} program. This software is released under the NTP license, . @menu * ntp.keys Files:: Files * ntp.keys See Also:: See Also * ntp.keys Notes:: Notes @end menu @node ntp.keys Files @subsection ntp.keys Files @table @asis @item @file{/etc/ntp.keys} the default name of the configuration file @end table @node ntp.keys See Also @subsection ntp.keys See Also @code{ntp.conf(5)}, @code{ntpd(1ntpdmdoc)}, @code{ntpdate(1ntpdatemdoc)}, @code{ntpdc(1ntpdcmdoc)}, @code{sntp(1sntpmdoc)} @node ntp.keys Notes @subsection ntp.keys Notes This document was derived from FreeBSD.