12b15cb3dSCy Schubert<html lang="en"> 22b15cb3dSCy Schubert<head> 32b15cb3dSCy Schubert<title>NTP Symmetric Key</title> 42b15cb3dSCy Schubert<meta http-equiv="Content-Type" content="text/html"> 52b15cb3dSCy Schubert<meta name="description" content="NTP Symmetric Key"> 62b15cb3dSCy Schubert<meta name="generator" content="makeinfo 4.7"> 72b15cb3dSCy Schubert<link title="Top" rel="top" href="#Top"> 82b15cb3dSCy Schubert<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage"> 92b15cb3dSCy Schubert<meta http-equiv="Content-Style-Type" content="text/css"> 102b15cb3dSCy Schubert<style type="text/css"><!-- 112b15cb3dSCy Schubert pre.display { font-family:inherit } 122b15cb3dSCy Schubert pre.format { font-family:inherit } 132b15cb3dSCy Schubert pre.smalldisplay { font-family:inherit; font-size:smaller } 142b15cb3dSCy Schubert pre.smallformat { font-family:inherit; font-size:smaller } 152b15cb3dSCy Schubert pre.smallexample { font-size:smaller } 162b15cb3dSCy Schubert pre.smalllisp { font-size:smaller } 172b15cb3dSCy Schubert span.sc { font-variant:small-caps } 182b15cb3dSCy Schubert span.roman { font-family: serif; font-weight: normal; } 192b15cb3dSCy Schubert--></style> 202b15cb3dSCy Schubert</head> 212b15cb3dSCy Schubert<body> 222b15cb3dSCy Schubert<h1 class="settitle">NTP Symmetric Key</h1> 232b15cb3dSCy Schubert<div class="node"> 242b15cb3dSCy Schubert<p><hr> 252b15cb3dSCy Schubert<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-Description">ntp.keys Description</a>, 262b15cb3dSCy SchubertPrevious: <a rel="previous" accesskey="p" href="#dir">(dir)</a>, 272b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#dir">(dir)</a> 282b15cb3dSCy Schubert<br> 292b15cb3dSCy Schubert</div> 302b15cb3dSCy Schubert 312b15cb3dSCy Schubert<h2 class="unnumbered">NTP's Symmetric Key File User Manual</h2> 322b15cb3dSCy Schubert 332b15cb3dSCy Schubert<p>This document describes the symmetric key file for the NTP Project's 342b15cb3dSCy Schubert<code>ntpd</code> program. 352b15cb3dSCy Schubert 36*09100258SXin LI <p>This document applies to version 4.2.8p11 of <code>ntp.keys</code>. 372b15cb3dSCy Schubert 382b15cb3dSCy Schubert <div class="shortcontents"> 392b15cb3dSCy Schubert<h2>Short Contents</h2> 402b15cb3dSCy Schubert<ul> 412b15cb3dSCy Schubert<a href="#Top">NTP's Symmetric Key File User Manual</a> 422b15cb3dSCy Schubert</ul> 432b15cb3dSCy Schubert</div> 442b15cb3dSCy Schubert 452b15cb3dSCy Schubert<ul class="menu"> 462b15cb3dSCy Schubert<li><a accesskey="1" href="#ntp_002ekeys-Description">ntp.keys Description</a> 472b15cb3dSCy Schubert<li><a accesskey="2" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 482b15cb3dSCy Schubert</ul> 492b15cb3dSCy Schubert 502b15cb3dSCy Schubert<div class="node"> 512b15cb3dSCy Schubert<p><hr> 522b15cb3dSCy Schubert<a name="ntp_002ekeys-Description"></a>Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>, 532b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#Top">Top</a> 542b15cb3dSCy Schubert<br> 552b15cb3dSCy Schubert</div> 562b15cb3dSCy Schubert 572b15cb3dSCy Schubert<!-- node-name, next, previous, up --> 582b15cb3dSCy Schubert<h3 class="section">Description</h3> 592b15cb3dSCy Schubert 602b15cb3dSCy Schubert<p>The name and location of the symmetric key file for <code>ntpd</code> can 612b15cb3dSCy Schubertbe specified in a configuration file, by default <code>/etc/ntp.keys</code>. 622b15cb3dSCy Schubert 632b15cb3dSCy Schubert<div class="node"> 642b15cb3dSCy Schubert<p><hr> 652b15cb3dSCy Schubert<a name="ntp_002ekeys-Notes"></a> 662b15cb3dSCy Schubert<br> 672b15cb3dSCy Schubert</div> 682b15cb3dSCy Schubert 692b15cb3dSCy Schubert<h3 class="section">Notes about ntp.keys</h3> 702b15cb3dSCy Schubert 712b15cb3dSCy Schubert<p><a name="index-ntp_002ekeys-1"></a><a name="index-NTP-symmetric-key-file-format-2"></a> 722b15cb3dSCy Schubert 732b15cb3dSCy Schubert <p>This document describes the format of an NTP symmetric key file. 742b15cb3dSCy SchubertFor a description of the use of this type of file, see the 752b15cb3dSCy Schubert"Authentication Support" 762b15cb3dSCy Schubertsection of the 772b15cb3dSCy Schubert<code>ntp.conf(5)</code> 782b15cb3dSCy Schubertpage. 792b15cb3dSCy Schubert 802b15cb3dSCy Schubert <p><code>ntpd(8)</code> 812b15cb3dSCy Schubertreads its keys from a file specified using the 822b15cb3dSCy Schubert<code>-k</code> 832b15cb3dSCy Schubertcommand line option or the 842b15cb3dSCy Schubert<code>keys</code> 852b15cb3dSCy Schubertstatement in the configuration file. 862b15cb3dSCy SchubertWhile key number 0 is fixed by the NTP standard 872b15cb3dSCy Schubert(as 56 zero bits) 882b15cb3dSCy Schubertand may not be changed, 892b15cb3dSCy Schubertone or more keys numbered between 1 and 65534 902b15cb3dSCy Schubertmay be arbitrarily set in the keys file. 912b15cb3dSCy Schubert 922b15cb3dSCy Schubert <p>The key file uses the same comment conventions 932b15cb3dSCy Schubertas the configuration file. 942b15cb3dSCy SchubertKey entries use a fixed format of the form 952b15cb3dSCy Schubert 9668ba7e87SXin LI<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd> 972b15cb3dSCy Schubert</pre> 982b15cb3dSCy Schubert <p>where 992b15cb3dSCy Schubert<kbd>keyno</kbd> 1002b15cb3dSCy Schubertis a positive integer (between 1 and 65534), 1012b15cb3dSCy Schubert<kbd>type</kbd> 1022b15cb3dSCy Schubertis the message digest algorithm, 1032b15cb3dSCy Schubert<kbd>key</kbd> 10468ba7e87SXin LIis the key itself, and 10568ba7e87SXin LI<kbd>opt_IP_list</kbd> 10668ba7e87SXin LIis an optional comma-separated list of IPs 107*09100258SXin LIwhere the 108*09100258SXin LI<kbd>keyno</kbd> 109*09100258SXin LIshould be trusted. 11068ba7e87SXin LIthat are allowed to serve time. 111*09100258SXin LIEach IP in 112*09100258SXin LI<kbd>opt_IP_list</kbd> 113*09100258SXin LImay contain an optional 114*09100258SXin LI<code>/subnetbits</code> 115*09100258SXin LIspecification which identifies the number of bits for 116*09100258SXin LIthe desired subnet of trust. 11768ba7e87SXin LIIf 11868ba7e87SXin LI<kbd>opt_IP_list</kbd> 11968ba7e87SXin LIis empty, 120*09100258SXin LIany properly-authenticated message will be 12168ba7e87SXin LIaccepted. 1222b15cb3dSCy Schubert 1232b15cb3dSCy Schubert <p>The 1242b15cb3dSCy Schubert<kbd>key</kbd> 1252b15cb3dSCy Schubertmay be given in a format 1262b15cb3dSCy Schubertcontrolled by the 1272b15cb3dSCy Schubert<kbd>type</kbd> 1282b15cb3dSCy Schubertfield. 1292b15cb3dSCy SchubertThe 1302b15cb3dSCy Schubert<kbd>type</kbd> 1312b15cb3dSCy Schubert<code>MD5</code> 1322b15cb3dSCy Schubertis always supported. 1332b15cb3dSCy SchubertIf 1342b15cb3dSCy Schubert<code>ntpd</code> 1352b15cb3dSCy Schubertwas built with the OpenSSL library 1362b15cb3dSCy Schubertthen any digest library supported by that library may be specified. 1372b15cb3dSCy SchubertHowever, if compliance with FIPS 140-2 is required the 1382b15cb3dSCy Schubert<kbd>type</kbd> 1392b15cb3dSCy Schubertmust be either 1402b15cb3dSCy Schubert<code>SHA</code> 1412b15cb3dSCy Schubertor 1422b15cb3dSCy Schubert<code>SHA1</code>. 1432b15cb3dSCy Schubert 1442b15cb3dSCy Schubert <p>What follows are some key types, and corresponding formats: 1452b15cb3dSCy Schubert 1462b15cb3dSCy Schubert <dl> 1472b15cb3dSCy Schubert<dt><code>MD5</code><dd>The key is 1 to 16 printable characters terminated by 1482b15cb3dSCy Schubertan EOL, 1492b15cb3dSCy Schubertwhitespace, 1502b15cb3dSCy Schubertor 1512b15cb3dSCy Schuberta 1522b15cb3dSCy Schubert<code>#</code> 1532b15cb3dSCy Schubert(which is the "start of comment" character). 1542b15cb3dSCy Schubert 1552b15cb3dSCy Schubert <br><dt><code>SHA</code><br><dt><code>SHA1</code><br><dt><code>RMD160</code><dd>The key is a hex-encoded ASCII string of 40 characters, 1562b15cb3dSCy Schubertwhich is truncated as necessary. 1572b15cb3dSCy Schubert</dl> 1582b15cb3dSCy Schubert 1592b15cb3dSCy Schubert <p>Note that the keys used by the 1602b15cb3dSCy Schubert<code>ntpq(8)</code> 1612b15cb3dSCy Schubertand 1622b15cb3dSCy Schubert<code>ntpdc(8)</code> 1632b15cb3dSCy Schubertprograms are checked against passwords 1642b15cb3dSCy Schubertrequested by the programs and entered by hand, 1652b15cb3dSCy Schubertso it is generally appropriate to specify these keys in ASCII format. 1662b15cb3dSCy Schubert 1672b15cb3dSCy Schubert <p>This section was generated by <strong>AutoGen</strong>, 1682b15cb3dSCy Schubertusing the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program. 1692b15cb3dSCy SchubertThis software is released under the NTP license, <http://ntp.org/license>. 1702b15cb3dSCy Schubert 1712b15cb3dSCy Schubert<ul class="menu"> 1722b15cb3dSCy Schubert<li><a accesskey="1" href="#ntp_002ekeys-Files">ntp.keys Files</a>: Files 1732b15cb3dSCy Schubert<li><a accesskey="2" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>: See Also 1742b15cb3dSCy Schubert<li><a accesskey="3" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>: Notes 1752b15cb3dSCy Schubert</ul> 1762b15cb3dSCy Schubert 1772b15cb3dSCy Schubert<div class="node"> 1782b15cb3dSCy Schubert<p><hr> 1792b15cb3dSCy Schubert<a name="ntp_002ekeys-Files"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>, 1802b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 1812b15cb3dSCy Schubert<br> 1822b15cb3dSCy Schubert</div> 1832b15cb3dSCy Schubert 1842b15cb3dSCy Schubert<h4 class="subsection">ntp.keys Files</h4> 1852b15cb3dSCy Schubert 1862b15cb3dSCy Schubert <dl> 1872b15cb3dSCy Schubert<dt><span class="file">/etc/ntp.keys</span><dd>the default name of the configuration file 1882b15cb3dSCy Schubert</dl> 1892b15cb3dSCy Schubert<div class="node"> 1902b15cb3dSCy Schubert<p><hr> 1912b15cb3dSCy Schubert<a name="ntp_002ekeys-See-Also"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>, 1922b15cb3dSCy SchubertPrevious: <a rel="previous" accesskey="p" href="#ntp_002ekeys-Files">ntp.keys Files</a>, 1932b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 1942b15cb3dSCy Schubert<br> 1952b15cb3dSCy Schubert</div> 1962b15cb3dSCy Schubert 1972b15cb3dSCy Schubert<h4 class="subsection">ntp.keys See Also</h4> 1982b15cb3dSCy Schubert 1992b15cb3dSCy Schubert<p><code>ntp.conf(5)</code>, 2002b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>, 2012b15cb3dSCy Schubert<code>ntpdate(1ntpdatemdoc)</code>, 2022b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>, 2032b15cb3dSCy Schubert<code>sntp(1sntpmdoc)</code> 2042b15cb3dSCy Schubert<div class="node"> 2052b15cb3dSCy Schubert<p><hr> 2062b15cb3dSCy Schubert<a name="ntp_002ekeys-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>, 2072b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 2082b15cb3dSCy Schubert<br> 2092b15cb3dSCy Schubert</div> 2102b15cb3dSCy Schubert 2112b15cb3dSCy Schubert<h4 class="subsection">ntp.keys Notes</h4> 2122b15cb3dSCy Schubert 2132b15cb3dSCy Schubert<p>This document was derived from FreeBSD. 2142b15cb3dSCy Schubert 2152b15cb3dSCy Schubert</body></html> 2162b15cb3dSCy Schubert 217