1.Dd June 23 2020 2.Dt NTP_KEYS 5mdoc File Formats 3.Os FreeBSD 11.2-RELEASE_SI 4.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) 5.\" 6.\" It has been AutoGen-ed June 23, 2020 at 02:20:28 AM by AutoGen 5.18.5 7.\" From the definitions ntp.keys.def 8.\" and the template file agmdoc-file.tpl 9.Sh NAME 10.Nm ntp.keys 11.Nd NTP symmetric key file format 12 13.Sh NAME 14.Nm ntp.keys 15.Nd NTP symmetric key file format 16.Sh SYNOPSIS 17.Nm 18.Op Fl \-option\-name 19.Op Fl \-option\-name Ar value 20.Pp 21All arguments must be options. 22.Pp 23.Sh DESCRIPTION 24This document describes the format of an NTP symmetric key file. 25For a description of the use of this type of file, see the 26.Qq Authentication Support 27section of the 28.Xr ntp.conf 5 29page. 30.Pp 31.Xr ntpd 8 32reads its keys from a file specified using the 33.Fl k 34command line option or the 35.Ic keys 36statement in the configuration file. 37While key number 0 is fixed by the NTP standard 38(as 56 zero bits) 39and may not be changed, 40one or more keys numbered between 1 and 65535 41may be arbitrarily set in the keys file. 42.Pp 43The key file uses the same comment conventions 44as the configuration file. 45Key entries use a fixed format of the form 46.Pp 47.D1 Ar keyno type key opt_IP_list 48.Pp 49where 50.Ar keyno 51is a positive integer (between 1 and 65535), 52.Ar type 53is the message digest algorithm, 54.Ar key 55is the key itself, and 56.Ar opt_IP_list 57is an optional comma\-separated list of IPs 58where the 59.Ar keyno 60should be trusted. 61that are allowed to serve time. 62Each IP in 63.Ar opt_IP_list 64may contain an optional 65.Cm /subnetbits 66specification which identifies the number of bits for 67the desired subnet of trust. 68If 69.Ar opt_IP_list 70is empty, 71any properly\-authenticated message will be 72accepted. 73.Pp 74The 75.Ar key 76may be given in a format 77controlled by the 78.Ar type 79field. 80The 81.Ar type 82.Li MD5 83is always supported. 84If 85.Li ntpd 86was built with the OpenSSL library 87then any digest library supported by that library may be specified. 88However, if compliance with FIPS 140\-2 is required the 89.Ar type 90must be either 91.Li SHA 92or 93.Li SHA1 . 94.Pp 95What follows are some key types, and corresponding formats: 96.Pp 97.Bl -tag -width RMD160 -compact 98.It Li MD5 99The key is 1 to 16 printable characters terminated by 100an EOL, 101whitespace, 102or 103a 104.Li # 105(which is the "start of comment" character). 106.Pp 107.It Li SHA 108.It Li SHA1 109.It Li RMD160 110The key is a hex\-encoded ASCII string of 40 characters, 111which is truncated as necessary. 112.El 113.Pp 114Note that the keys used by the 115.Xr ntpq 8 116and 117.Xr ntpdc 8 118programs are checked against passwords 119requested by the programs and entered by hand, 120so it is generally appropriate to specify these keys in ASCII format. 121.Sh "OPTIONS" 122.Bl -tag 123.It Fl \-help 124Display usage information and exit. 125.It Fl \-more\-help 126Pass the extended usage information through a pager. 127.It Fl \-version Op Brq Ar v|c|n 128Output version of program and exit. The default mode is `v', a simple 129version. The `c' mode will print copyright information and `n' will 130print the full copyright notice. 131.El 132.Sh "OPTION PRESETS" 133Any option that is not marked as \fInot presettable\fP may be preset 134by loading values from environment variables named: 135.nf 136 \fBNTP_KEYS_<option\-name>\fP or \fBNTP_KEYS\fP 137.fi 138.ad 139.Sh "ENVIRONMENT" 140See \fBOPTION PRESETS\fP for configuration environment variables. 141.Sh FILES 142.Bl -tag -width /etc/ntp.keys -compact 143.It Pa /etc/ntp.keys 144the default name of the configuration file 145.El 146.Sh "EXIT STATUS" 147One of the following exit values will be returned: 148.Bl -tag 149.It 0 " (EXIT_SUCCESS)" 150Successful program execution. 151.It 1 " (EXIT_FAILURE)" 152The operation failed or the command syntax was not valid. 153.It 70 " (EX_SOFTWARE)" 154libopts had an internal operational error. Please report 155it to autogen\-users@lists.sourceforge.net. Thank you. 156.El 157.Sh "SEE ALSO" 158.Xr ntp.conf 5 , 159.Xr ntpd 1ntpdmdoc , 160.Xr ntpdate 1ntpdatemdoc , 161.Xr ntpdc 1ntpdcmdoc , 162.Xr sntp 1sntpmdoc 163.Sh "AUTHORS" 164The University of Delaware and Network Time Foundation 165.Sh "COPYRIGHT" 166Copyright (C) 1992\-2020 The University of Delaware and Network Time Foundation all rights reserved. 167This program is released under the terms of the NTP license, <http://ntp.org/license>. 168.Sh "BUGS" 169Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org 170.Sh NOTES 171This document was derived from FreeBSD. 172.Pp 173This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP 174option definitions. 175