xref: /freebsd/contrib/ntp/ntpd/invoke-ntp.keys.texi (revision a0ee8cc636cd5c2374ec44ca71226564ea0bca95)
1@node ntp.keys Notes
2@section Notes about ntp.keys
3@pindex ntp.keys
4@cindex NTP symmetric key file format
5@ignore
6#
7# EDIT THIS FILE WITH CAUTION  (invoke-ntp.keys.texi)
8#
9# It has been AutoGen-ed  January  7, 2016 at 11:30:52 PM by AutoGen 5.18.5
10# From the definitions    ntp.keys.def
11# and the template file   agtexi-file.tpl
12@end ignore
13
14
15
16This document describes the format of an NTP symmetric key file.
17For a description of the use of this type of file, see the
18"Authentication Support"
19section of the
20@code{ntp.conf(5)}
21page.
22
23@code{ntpd(8)}
24reads its keys from a file specified using the
25@code{-k}
26command line option or the
27@code{keys}
28statement in the configuration file.
29While key number 0 is fixed by the NTP standard
30(as 56 zero bits)
31and may not be changed,
32one or more keys numbered between 1 and 65534
33may be arbitrarily set in the keys file.
34
35The key file uses the same comment conventions
36as the configuration file.
37Key entries use a fixed format of the form
38
39@example
40@kbd{keyno} @kbd{type} @kbd{key}
41@end example
42
43where
44@kbd{keyno}
45is a positive integer (between 1 and 65534),
46@kbd{type}
47is the message digest algorithm,
48and
49@kbd{key}
50is the key itself.
51
52The
53@kbd{key}
54may be given in a format
55controlled by the
56@kbd{type}
57field.
58The
59@kbd{type}
60@code{MD5}
61is always supported.
62If
63@code{ntpd}
64was built with the OpenSSL library
65then any digest library supported by that library may be specified.
66However, if compliance with FIPS 140-2 is required the
67@kbd{type}
68must be either
69@code{SHA}
70or
71@code{SHA1}.
72
73What follows are some key types, and corresponding formats:
74
75@table @asis
76@item @code{MD5}
77The key is 1 to 16 printable characters terminated by
78an EOL,
79whitespace,
80or
81a
82@code{#}
83(which is the "start of comment" character).
84
85@item @code{SHA}
86@item @code{SHA1}
87@item @code{RMD160}
88The key is a hex-encoded ASCII string of 40 characters,
89which is truncated as necessary.
90@end table
91
92Note that the keys used by the
93@code{ntpq(8)}
94and
95@code{ntpdc(8)}
96programs are checked against passwords
97requested by the programs and entered by hand,
98so it is generally appropriate to specify these keys in ASCII format.
99
100This section was generated by @strong{AutoGen},
101using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.keys} program.
102This software is released under the NTP license, <http://ntp.org/license>.
103
104@menu
105* ntp.keys Files::                  Files
106* ntp.keys See Also::               See Also
107* ntp.keys Notes::                  Notes
108@end menu
109
110@node ntp.keys Files
111@subsection ntp.keys Files
112@table @asis
113@item @file{/etc/ntp.keys}
114the default name of the configuration file
115@end table
116@node ntp.keys See Also
117@subsection ntp.keys See Also
118@code{ntp.conf(5)},
119@code{ntpd(1ntpdmdoc)},
120@code{ntpdate(1ntpdatemdoc)},
121@code{ntpdc(1ntpdcmdoc)},
122@code{sntp(1sntpmdoc)}
123@node ntp.keys Notes
124@subsection ntp.keys Notes
125This document was derived from FreeBSD.
126