xref: /freebsd/contrib/ntp/ntpd/ntp.keys.html (revision 052d159a8b83f03d7dc5eb31cd9a9b4a6fe3d9da)
1*052d159aSCy Schubert<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2*052d159aSCy Schubert<html>
3*052d159aSCy Schubert<!-- Created by GNU Texinfo 6.5, http://www.gnu.org/software/texinfo/ -->
42b15cb3dSCy Schubert<head>
5*052d159aSCy Schubert<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
62b15cb3dSCy Schubert<title>NTP Symmetric Key</title>
7*052d159aSCy Schubert
82b15cb3dSCy Schubert<meta name="description" content="NTP Symmetric Key">
9*052d159aSCy Schubert<meta name="keywords" content="NTP Symmetric Key">
10*052d159aSCy Schubert<meta name="resource-type" content="document">
11*052d159aSCy Schubert<meta name="distribution" content="global">
12*052d159aSCy Schubert<meta name="Generator" content="makeinfo">
13*052d159aSCy Schubert<link href="#Top" rel="start" title="Top">
14*052d159aSCy Schubert<link href="dir.html#Top" rel="up" title="(dir)">
15*052d159aSCy Schubert<style type="text/css">
16*052d159aSCy Schubert<!--
17*052d159aSCy Schuberta.summary-letter {text-decoration: none}
18*052d159aSCy Schubertblockquote.indentedblock {margin-right: 0em}
19*052d159aSCy Schubertblockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
20*052d159aSCy Schubertblockquote.smallquotation {font-size: smaller}
21*052d159aSCy Schubertdiv.display {margin-left: 3.2em}
22*052d159aSCy Schubertdiv.example {margin-left: 3.2em}
23*052d159aSCy Schubertdiv.lisp {margin-left: 3.2em}
24*052d159aSCy Schubertdiv.smalldisplay {margin-left: 3.2em}
25*052d159aSCy Schubertdiv.smallexample {margin-left: 3.2em}
26*052d159aSCy Schubertdiv.smalllisp {margin-left: 3.2em}
27*052d159aSCy Schubertkbd {font-style: oblique}
282b15cb3dSCy Schubertpre.display {font-family: inherit}
292b15cb3dSCy Schubertpre.format {font-family: inherit}
30*052d159aSCy Schubertpre.menu-comment {font-family: serif}
31*052d159aSCy Schubertpre.menu-preformatted {font-family: serif}
322b15cb3dSCy Schubertpre.smalldisplay {font-family: inherit; font-size: smaller}
332b15cb3dSCy Schubertpre.smallexample {font-size: smaller}
34*052d159aSCy Schubertpre.smallformat {font-family: inherit; font-size: smaller}
352b15cb3dSCy Schubertpre.smalllisp {font-size: smaller}
36*052d159aSCy Schubertspan.nolinebreak {white-space: nowrap}
37*052d159aSCy Schubertspan.roman {font-family: initial; font-weight: normal}
38*052d159aSCy Schubertspan.sansserif {font-family: sans-serif; font-weight: normal}
39*052d159aSCy Schubertul.no-bullet {list-style: none}
40*052d159aSCy Schubert-->
41*052d159aSCy Schubert</style>
42*052d159aSCy Schubert
43*052d159aSCy Schubert
442b15cb3dSCy Schubert</head>
45*052d159aSCy Schubert
46*052d159aSCy Schubert<body lang="en">
47*052d159aSCy Schubert<h1 class="settitle" align="center">NTP Symmetric Key</h1>
48*052d159aSCy Schubert
49*052d159aSCy Schubert
50*052d159aSCy Schubert
51*052d159aSCy Schubert
52*052d159aSCy Schubert
53*052d159aSCy Schubert<a name="Top"></a>
54*052d159aSCy Schubert<div class="header">
55*052d159aSCy Schubert<p>
56*052d159aSCy SchubertNext: <a href="#ntp_002ekeys-Description" accesskey="n" rel="next">ntp.keys Description</a>, Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href="dir.html#Top" accesskey="u" rel="up">(dir)</a> &nbsp; </p>
572b15cb3dSCy Schubert</div>
58*052d159aSCy Schubert<a name="NTP_0027s-Symmetric-Key-File-User-Manual"></a>
59*052d159aSCy Schubert<h1 class="top">NTP&rsquo;s Symmetric Key File User Manual</h1>
602b15cb3dSCy Schubert
61*052d159aSCy Schubert<p>This document describes the symmetric key file for the NTP Project&rsquo;s
622b15cb3dSCy Schubert<code>ntpd</code> program.
63*052d159aSCy Schubert</p>
64*052d159aSCy Schubert<p>This document applies to version 4.2.8p13 of <code>ntp.keys</code>.
65*052d159aSCy Schubert</p>
66*052d159aSCy Schubert<a name="SEC_Overview"></a>
67*052d159aSCy Schubert<h2 class="shortcontents-heading">Short Table of Contents</h2>
682b15cb3dSCy Schubert
692b15cb3dSCy Schubert<div class="shortcontents">
70*052d159aSCy Schubert<ul class="no-bullet">
71*052d159aSCy Schubert<li><a name="stoc-Description" href="#toc-Description">1 Description</a></li>
722b15cb3dSCy Schubert</ul>
732b15cb3dSCy Schubert</div>
742b15cb3dSCy Schubert
752b15cb3dSCy Schubert
76*052d159aSCy Schubert<table class="menu" border="0" cellspacing="0">
77*052d159aSCy Schubert<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Description" accesskey="1">ntp.keys Description</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
78*052d159aSCy Schubert</td></tr>
79*052d159aSCy Schubert<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="2">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
80*052d159aSCy Schubert</td></tr>
81*052d159aSCy Schubert</table>
82*052d159aSCy Schubert
83*052d159aSCy Schubert<hr>
84*052d159aSCy Schubert<a name="ntp_002ekeys-Description"></a>
85*052d159aSCy Schubert<div class="header">
86*052d159aSCy Schubert<p>
87*052d159aSCy SchubertPrevious: <a href="#Top" accesskey="p" rel="prev">Top</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
882b15cb3dSCy Schubert</div>
89*052d159aSCy Schubert<a name="Description"></a>
90*052d159aSCy Schubert<h2 class="chapter">1 Description</h2>
912b15cb3dSCy Schubert
922b15cb3dSCy Schubert<p>The name and location of the symmetric key file for <code>ntpd</code> can
932b15cb3dSCy Schubertbe specified in a configuration file, by default <code>/etc/ntp.keys</code>.
94*052d159aSCy Schubert</p>
95*052d159aSCy Schubert<table class="menu" border="0" cellspacing="0">
96*052d159aSCy Schubert<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="1">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
97*052d159aSCy Schubert</td></tr>
98*052d159aSCy Schubert</table>
992b15cb3dSCy Schubert
100*052d159aSCy Schubert<hr>
1012b15cb3dSCy Schubert<a name="ntp_002ekeys-Notes"></a>
102*052d159aSCy Schubert<div class="header">
103*052d159aSCy Schubert<p>
104*052d159aSCy SchubertPrevious: <a href="#ntp_002ekeys-See-Also" accesskey="p" rel="prev">ntp.keys See Also</a>, Up: <a href="#ntp_002ekeys-Description" accesskey="u" rel="up">ntp.keys Description</a> &nbsp; </p>
1052b15cb3dSCy Schubert</div>
106*052d159aSCy Schubert<a name="Notes-about-ntp_002ekeys"></a>
107*052d159aSCy Schubert<h3 class="section">1.1 Notes about ntp.keys</h3>
108*052d159aSCy Schubert<a name="index-ntp_002ekeys"></a>
109*052d159aSCy Schubert<a name="index-NTP-symmetric-key-file-format"></a>
1102b15cb3dSCy Schubert
1112b15cb3dSCy Schubert
1122b15cb3dSCy Schubert
1132b15cb3dSCy Schubert<p>This document describes the format of an NTP symmetric key file.
1142b15cb3dSCy SchubertFor a description of the use of this type of file, see the
115*052d159aSCy Schubert&quot;Authentication Support&quot;
1162b15cb3dSCy Schubertsection of the
1172b15cb3dSCy Schubert<code>ntp.conf(5)</code>
1182b15cb3dSCy Schubertpage.
119*052d159aSCy Schubert</p>
1202b15cb3dSCy Schubert<p><code>ntpd(8)</code>
1212b15cb3dSCy Schubertreads its keys from a file specified using the
1222b15cb3dSCy Schubert<code>-k</code>
1232b15cb3dSCy Schubertcommand line option or the
1242b15cb3dSCy Schubert<code>keys</code>
1252b15cb3dSCy Schubertstatement in the configuration file.
1262b15cb3dSCy SchubertWhile key number 0 is fixed by the NTP standard
1272b15cb3dSCy Schubert(as 56 zero bits)
1282b15cb3dSCy Schubertand may not be changed,
1294e1ef62aSXin LIone or more keys numbered between 1 and 65535
1302b15cb3dSCy Schubertmay be arbitrarily set in the keys file.
131*052d159aSCy Schubert</p>
1322b15cb3dSCy Schubert<p>The key file uses the same comment conventions
1332b15cb3dSCy Schubertas the configuration file.
1342b15cb3dSCy SchubertKey entries use a fixed format of the form
135*052d159aSCy Schubert</p>
136*052d159aSCy Schubert<div class="example">
13768ba7e87SXin LI<pre class="example"><kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd>
138*052d159aSCy Schubert</pre></div>
139*052d159aSCy Schubert
1402b15cb3dSCy Schubert<p>where
1412b15cb3dSCy Schubert<kbd>keyno</kbd>
1424e1ef62aSXin LIis a positive integer (between 1 and 65535),
1432b15cb3dSCy Schubert<kbd>type</kbd>
1442b15cb3dSCy Schubertis the message digest algorithm,
1452b15cb3dSCy Schubert<kbd>key</kbd>
14668ba7e87SXin LIis the key itself, and
14768ba7e87SXin LI<kbd>opt_IP_list</kbd>
14868ba7e87SXin LIis an optional comma-separated list of IPs
14909100258SXin LIwhere the
15009100258SXin LI<kbd>keyno</kbd>
15109100258SXin LIshould be trusted.
15268ba7e87SXin LIthat are allowed to serve time.
15309100258SXin LIEach IP in
15409100258SXin LI<kbd>opt_IP_list</kbd>
15509100258SXin LImay contain an optional
15609100258SXin LI<code>/subnetbits</code>
15709100258SXin LIspecification which identifies the number of bits for
15809100258SXin LIthe desired subnet of trust.
15968ba7e87SXin LIIf
16068ba7e87SXin LI<kbd>opt_IP_list</kbd>
16168ba7e87SXin LIis empty,
16209100258SXin LIany properly-authenticated message will be
16368ba7e87SXin LIaccepted.
164*052d159aSCy Schubert</p>
1652b15cb3dSCy Schubert<p>The
1662b15cb3dSCy Schubert<kbd>key</kbd>
1672b15cb3dSCy Schubertmay be given in a format
1682b15cb3dSCy Schubertcontrolled by the
1692b15cb3dSCy Schubert<kbd>type</kbd>
1702b15cb3dSCy Schubertfield.
1712b15cb3dSCy SchubertThe
1722b15cb3dSCy Schubert<kbd>type</kbd>
1732b15cb3dSCy Schubert<code>MD5</code>
1742b15cb3dSCy Schubertis always supported.
1752b15cb3dSCy SchubertIf
1762b15cb3dSCy Schubert<code>ntpd</code>
1772b15cb3dSCy Schubertwas built with the OpenSSL library
1782b15cb3dSCy Schubertthen any digest library supported by that library may be specified.
1792b15cb3dSCy SchubertHowever, if compliance with FIPS 140-2 is required the
1802b15cb3dSCy Schubert<kbd>type</kbd>
1812b15cb3dSCy Schubertmust be either
1822b15cb3dSCy Schubert<code>SHA</code>
1832b15cb3dSCy Schubertor
1842b15cb3dSCy Schubert<code>SHA1</code>.
185*052d159aSCy Schubert</p>
1862b15cb3dSCy Schubert<p>What follows are some key types, and corresponding formats:
187*052d159aSCy Schubert</p>
188*052d159aSCy Schubert<dl compact="compact">
189*052d159aSCy Schubert<dt><code>MD5</code></dt>
190*052d159aSCy Schubert<dd><p>The key is 1 to 16 printable characters terminated by
1912b15cb3dSCy Schubertan EOL,
1922b15cb3dSCy Schubertwhitespace,
1932b15cb3dSCy Schubertor
1942b15cb3dSCy Schuberta
1952b15cb3dSCy Schubert<code>#</code>
196*052d159aSCy Schubert(which is the &quot;start of comment&quot; character).
197*052d159aSCy Schubert</p>
198*052d159aSCy Schubert</dd>
199*052d159aSCy Schubert<dt><code>SHA</code></dt>
200*052d159aSCy Schubert<dt><code>SHA1</code></dt>
201*052d159aSCy Schubert<dt><code>RMD160</code></dt>
202*052d159aSCy Schubert<dd><p>The key is a hex-encoded ASCII string of 40 characters,
2032b15cb3dSCy Schubertwhich is truncated as necessary.
204*052d159aSCy Schubert</p></dd>
2052b15cb3dSCy Schubert</dl>
2062b15cb3dSCy Schubert
2072b15cb3dSCy Schubert<p>Note that the keys used by the
2082b15cb3dSCy Schubert<code>ntpq(8)</code>
2092b15cb3dSCy Schubertand
2102b15cb3dSCy Schubert<code>ntpdc(8)</code>
2112b15cb3dSCy Schubertprograms are checked against passwords
2122b15cb3dSCy Schubertrequested by the programs and entered by hand,
2132b15cb3dSCy Schubertso it is generally appropriate to specify these keys in ASCII format.
214*052d159aSCy Schubert</p>
2152b15cb3dSCy Schubert<p>This section was generated by <strong>AutoGen</strong>,
2162b15cb3dSCy Schubertusing the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program.
2172b15cb3dSCy SchubertThis software is released under the NTP license, &lt;http://ntp.org/license&gt;.
218*052d159aSCy Schubert</p>
219*052d159aSCy Schubert<table class="menu" border="0" cellspacing="0">
220*052d159aSCy Schubert<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Files" accesskey="1">ntp.keys Files</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Files
221*052d159aSCy Schubert</td></tr>
222*052d159aSCy Schubert<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-See-Also" accesskey="2">ntp.keys See Also</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">See Also
223*052d159aSCy Schubert</td></tr>
224*052d159aSCy Schubert<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="3">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Notes
225*052d159aSCy Schubert</td></tr>
226*052d159aSCy Schubert</table>
2272b15cb3dSCy Schubert
228*052d159aSCy Schubert<hr>
229*052d159aSCy Schubert<a name="ntp_002ekeys-Files"></a>
230*052d159aSCy Schubert<div class="header">
231*052d159aSCy Schubert<p>
232*052d159aSCy SchubertNext: <a href="#ntp_002ekeys-See-Also" accesskey="n" rel="next">ntp.keys See Also</a>, Up: <a href="#ntp_002ekeys-Notes" accesskey="u" rel="up">ntp.keys Notes</a> &nbsp; </p>
2332b15cb3dSCy Schubert</div>
234*052d159aSCy Schubert<a name="ntp_002ekeys-Files-1"></a>
235*052d159aSCy Schubert<h4 class="subsection">1.1.1 ntp.keys Files</h4>
236*052d159aSCy Schubert<dl compact="compact">
237*052d159aSCy Schubert<dt><samp>/etc/ntp.keys</samp></dt>
238*052d159aSCy Schubert<dd><p>the default name of the configuration file
239*052d159aSCy Schubert</p></dd>
2402b15cb3dSCy Schubert</dl>
241*052d159aSCy Schubert<hr>
242*052d159aSCy Schubert<a name="ntp_002ekeys-See-Also"></a>
243*052d159aSCy Schubert<div class="header">
244*052d159aSCy Schubert<p>
245*052d159aSCy SchubertPrevious: <a href="#ntp_002ekeys-Files" accesskey="p" rel="prev">ntp.keys Files</a>, Up: <a href="#ntp_002ekeys-Notes" accesskey="u" rel="up">ntp.keys Notes</a> &nbsp; </p>
2462b15cb3dSCy Schubert</div>
247*052d159aSCy Schubert<a name="ntp_002ekeys-See-Also-1"></a>
248*052d159aSCy Schubert<h4 class="subsection">1.1.2 ntp.keys See Also</h4>
2492b15cb3dSCy Schubert<p><code>ntp.conf(5)</code>,
2502b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>,
2512b15cb3dSCy Schubert<code>ntpdate(1ntpdatemdoc)</code>,
2522b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>,
2532b15cb3dSCy Schubert<code>sntp(1sntpmdoc)</code>
254*052d159aSCy Schubert</p><hr>
255*052d159aSCy Schubert<div class="header">
256*052d159aSCy Schubert<p>
257*052d159aSCy Schubert &nbsp; </p>
2582b15cb3dSCy Schubert</div>
259*052d159aSCy Schubert<a name="ntp_002ekeys-Notes-1"></a>
260*052d159aSCy Schubert<h4 class="subsection">1.1.3 ntp.keys Notes</h4>
2612b15cb3dSCy Schubert<p>This document was derived from FreeBSD.
262*052d159aSCy Schubert</p><hr>
2632b15cb3dSCy Schubert
2642b15cb3dSCy Schubert
265*052d159aSCy Schubert
266*052d159aSCy Schubert</body>
267*052d159aSCy Schubert</html>
268