12b15cb3dSCy Schubert<html lang="en"> 22b15cb3dSCy Schubert<head> 32b15cb3dSCy Schubert<title>NTP Symmetric Key</title> 42b15cb3dSCy Schubert<meta http-equiv="Content-Type" content="text/html"> 52b15cb3dSCy Schubert<meta name="description" content="NTP Symmetric Key"> 62b15cb3dSCy Schubert<meta name="generator" content="makeinfo 4.7"> 72b15cb3dSCy Schubert<link title="Top" rel="top" href="#Top"> 82b15cb3dSCy Schubert<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage"> 92b15cb3dSCy Schubert<meta http-equiv="Content-Style-Type" content="text/css"> 102b15cb3dSCy Schubert<style type="text/css"><!-- 112b15cb3dSCy Schubert pre.display { font-family:inherit } 122b15cb3dSCy Schubert pre.format { font-family:inherit } 132b15cb3dSCy Schubert pre.smalldisplay { font-family:inherit; font-size:smaller } 142b15cb3dSCy Schubert pre.smallformat { font-family:inherit; font-size:smaller } 152b15cb3dSCy Schubert pre.smallexample { font-size:smaller } 162b15cb3dSCy Schubert pre.smalllisp { font-size:smaller } 172b15cb3dSCy Schubert span.sc { font-variant:small-caps } 182b15cb3dSCy Schubert span.roman { font-family: serif; font-weight: normal; } 192b15cb3dSCy Schubert--></style> 202b15cb3dSCy Schubert</head> 212b15cb3dSCy Schubert<body> 222b15cb3dSCy Schubert<h1 class="settitle">NTP Symmetric Key</h1> 232b15cb3dSCy Schubert<div class="node"> 242b15cb3dSCy Schubert<p><hr> 252b15cb3dSCy Schubert<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-Description">ntp.keys Description</a>, 262b15cb3dSCy SchubertPrevious: <a rel="previous" accesskey="p" href="#dir">(dir)</a>, 272b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#dir">(dir)</a> 282b15cb3dSCy Schubert<br> 292b15cb3dSCy Schubert</div> 302b15cb3dSCy Schubert 312b15cb3dSCy Schubert<h2 class="unnumbered">NTP's Symmetric Key File User Manual</h2> 322b15cb3dSCy Schubert 332b15cb3dSCy Schubert<p>This document describes the symmetric key file for the NTP Project's 342b15cb3dSCy Schubert<code>ntpd</code> program. 352b15cb3dSCy Schubert 36*68ba7e87SXin LI <p>This document applies to version 4.2.8p6 of <code>ntp.keys</code>. 372b15cb3dSCy Schubert 382b15cb3dSCy Schubert <div class="shortcontents"> 392b15cb3dSCy Schubert<h2>Short Contents</h2> 402b15cb3dSCy Schubert<ul> 412b15cb3dSCy Schubert<a href="#Top">NTP's Symmetric Key File User Manual</a> 422b15cb3dSCy Schubert</ul> 432b15cb3dSCy Schubert</div> 442b15cb3dSCy Schubert 452b15cb3dSCy Schubert<ul class="menu"> 462b15cb3dSCy Schubert<li><a accesskey="1" href="#ntp_002ekeys-Description">ntp.keys Description</a> 472b15cb3dSCy Schubert<li><a accesskey="2" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 482b15cb3dSCy Schubert</ul> 492b15cb3dSCy Schubert 502b15cb3dSCy Schubert<div class="node"> 512b15cb3dSCy Schubert<p><hr> 522b15cb3dSCy Schubert<a name="ntp_002ekeys-Description"></a>Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>, 532b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#Top">Top</a> 542b15cb3dSCy Schubert<br> 552b15cb3dSCy Schubert</div> 562b15cb3dSCy Schubert 572b15cb3dSCy Schubert<!-- node-name, next, previous, up --> 582b15cb3dSCy Schubert<h3 class="section">Description</h3> 592b15cb3dSCy Schubert 602b15cb3dSCy Schubert<p>The name and location of the symmetric key file for <code>ntpd</code> can 612b15cb3dSCy Schubertbe specified in a configuration file, by default <code>/etc/ntp.keys</code>. 622b15cb3dSCy Schubert 632b15cb3dSCy Schubert<div class="node"> 642b15cb3dSCy Schubert<p><hr> 652b15cb3dSCy Schubert<a name="ntp_002ekeys-Notes"></a> 662b15cb3dSCy Schubert<br> 672b15cb3dSCy Schubert</div> 682b15cb3dSCy Schubert 692b15cb3dSCy Schubert<h3 class="section">Notes about ntp.keys</h3> 702b15cb3dSCy Schubert 712b15cb3dSCy Schubert<p><a name="index-ntp_002ekeys-1"></a><a name="index-NTP-symmetric-key-file-format-2"></a> 722b15cb3dSCy Schubert 732b15cb3dSCy Schubert <p>This document describes the format of an NTP symmetric key file. 742b15cb3dSCy SchubertFor a description of the use of this type of file, see the 752b15cb3dSCy Schubert"Authentication Support" 762b15cb3dSCy Schubertsection of the 772b15cb3dSCy Schubert<code>ntp.conf(5)</code> 782b15cb3dSCy Schubertpage. 792b15cb3dSCy Schubert 802b15cb3dSCy Schubert <p><code>ntpd(8)</code> 812b15cb3dSCy Schubertreads its keys from a file specified using the 822b15cb3dSCy Schubert<code>-k</code> 832b15cb3dSCy Schubertcommand line option or the 842b15cb3dSCy Schubert<code>keys</code> 852b15cb3dSCy Schubertstatement in the configuration file. 862b15cb3dSCy SchubertWhile key number 0 is fixed by the NTP standard 872b15cb3dSCy Schubert(as 56 zero bits) 882b15cb3dSCy Schubertand may not be changed, 892b15cb3dSCy Schubertone or more keys numbered between 1 and 65534 902b15cb3dSCy Schubertmay be arbitrarily set in the keys file. 912b15cb3dSCy Schubert 922b15cb3dSCy Schubert <p>The key file uses the same comment conventions 932b15cb3dSCy Schubertas the configuration file. 942b15cb3dSCy SchubertKey entries use a fixed format of the form 952b15cb3dSCy Schubert 96*68ba7e87SXin LI<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd> 972b15cb3dSCy Schubert</pre> 982b15cb3dSCy Schubert <p>where 992b15cb3dSCy Schubert<kbd>keyno</kbd> 1002b15cb3dSCy Schubertis a positive integer (between 1 and 65534), 1012b15cb3dSCy Schubert<kbd>type</kbd> 1022b15cb3dSCy Schubertis the message digest algorithm, 1032b15cb3dSCy Schubertand 1042b15cb3dSCy Schubert<kbd>key</kbd> 105*68ba7e87SXin LIis the key itself, and 106*68ba7e87SXin LI<kbd>opt_IP_list</kbd> 107*68ba7e87SXin LIis an optional comma-separated list of IPs 108*68ba7e87SXin LIthat are allowed to serve time. 109*68ba7e87SXin LIIf 110*68ba7e87SXin LI<kbd>opt_IP_list</kbd> 111*68ba7e87SXin LIis empty, 112*68ba7e87SXin LIany properly-authenticated server message will be 113*68ba7e87SXin LIaccepted. 1142b15cb3dSCy Schubert 1152b15cb3dSCy Schubert <p>The 1162b15cb3dSCy Schubert<kbd>key</kbd> 1172b15cb3dSCy Schubertmay be given in a format 1182b15cb3dSCy Schubertcontrolled by the 1192b15cb3dSCy Schubert<kbd>type</kbd> 1202b15cb3dSCy Schubertfield. 1212b15cb3dSCy SchubertThe 1222b15cb3dSCy Schubert<kbd>type</kbd> 1232b15cb3dSCy Schubert<code>MD5</code> 1242b15cb3dSCy Schubertis always supported. 1252b15cb3dSCy SchubertIf 1262b15cb3dSCy Schubert<code>ntpd</code> 1272b15cb3dSCy Schubertwas built with the OpenSSL library 1282b15cb3dSCy Schubertthen any digest library supported by that library may be specified. 1292b15cb3dSCy SchubertHowever, if compliance with FIPS 140-2 is required the 1302b15cb3dSCy Schubert<kbd>type</kbd> 1312b15cb3dSCy Schubertmust be either 1322b15cb3dSCy Schubert<code>SHA</code> 1332b15cb3dSCy Schubertor 1342b15cb3dSCy Schubert<code>SHA1</code>. 1352b15cb3dSCy Schubert 1362b15cb3dSCy Schubert <p>What follows are some key types, and corresponding formats: 1372b15cb3dSCy Schubert 1382b15cb3dSCy Schubert <dl> 1392b15cb3dSCy Schubert<dt><code>MD5</code><dd>The key is 1 to 16 printable characters terminated by 1402b15cb3dSCy Schubertan EOL, 1412b15cb3dSCy Schubertwhitespace, 1422b15cb3dSCy Schubertor 1432b15cb3dSCy Schuberta 1442b15cb3dSCy Schubert<code>#</code> 1452b15cb3dSCy Schubert(which is the "start of comment" character). 1462b15cb3dSCy Schubert 1472b15cb3dSCy Schubert <br><dt><code>SHA</code><br><dt><code>SHA1</code><br><dt><code>RMD160</code><dd>The key is a hex-encoded ASCII string of 40 characters, 1482b15cb3dSCy Schubertwhich is truncated as necessary. 1492b15cb3dSCy Schubert</dl> 1502b15cb3dSCy Schubert 1512b15cb3dSCy Schubert <p>Note that the keys used by the 1522b15cb3dSCy Schubert<code>ntpq(8)</code> 1532b15cb3dSCy Schubertand 1542b15cb3dSCy Schubert<code>ntpdc(8)</code> 1552b15cb3dSCy Schubertprograms are checked against passwords 1562b15cb3dSCy Schubertrequested by the programs and entered by hand, 1572b15cb3dSCy Schubertso it is generally appropriate to specify these keys in ASCII format. 1582b15cb3dSCy Schubert 1592b15cb3dSCy Schubert <p>This section was generated by <strong>AutoGen</strong>, 1602b15cb3dSCy Schubertusing the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program. 1612b15cb3dSCy SchubertThis software is released under the NTP license, <http://ntp.org/license>. 1622b15cb3dSCy Schubert 1632b15cb3dSCy Schubert<ul class="menu"> 1642b15cb3dSCy Schubert<li><a accesskey="1" href="#ntp_002ekeys-Files">ntp.keys Files</a>: Files 1652b15cb3dSCy Schubert<li><a accesskey="2" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>: See Also 1662b15cb3dSCy Schubert<li><a accesskey="3" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>: Notes 1672b15cb3dSCy Schubert</ul> 1682b15cb3dSCy Schubert 1692b15cb3dSCy Schubert<div class="node"> 1702b15cb3dSCy Schubert<p><hr> 1712b15cb3dSCy Schubert<a name="ntp_002ekeys-Files"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>, 1722b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 1732b15cb3dSCy Schubert<br> 1742b15cb3dSCy Schubert</div> 1752b15cb3dSCy Schubert 1762b15cb3dSCy Schubert<h4 class="subsection">ntp.keys Files</h4> 1772b15cb3dSCy Schubert 1782b15cb3dSCy Schubert <dl> 1792b15cb3dSCy Schubert<dt><span class="file">/etc/ntp.keys</span><dd>the default name of the configuration file 1802b15cb3dSCy Schubert</dl> 1812b15cb3dSCy Schubert<div class="node"> 1822b15cb3dSCy Schubert<p><hr> 1832b15cb3dSCy Schubert<a name="ntp_002ekeys-See-Also"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>, 1842b15cb3dSCy SchubertPrevious: <a rel="previous" accesskey="p" href="#ntp_002ekeys-Files">ntp.keys Files</a>, 1852b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 1862b15cb3dSCy Schubert<br> 1872b15cb3dSCy Schubert</div> 1882b15cb3dSCy Schubert 1892b15cb3dSCy Schubert<h4 class="subsection">ntp.keys See Also</h4> 1902b15cb3dSCy Schubert 1912b15cb3dSCy Schubert<p><code>ntp.conf(5)</code>, 1922b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>, 1932b15cb3dSCy Schubert<code>ntpdate(1ntpdatemdoc)</code>, 1942b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>, 1952b15cb3dSCy Schubert<code>sntp(1sntpmdoc)</code> 1962b15cb3dSCy Schubert<div class="node"> 1972b15cb3dSCy Schubert<p><hr> 1982b15cb3dSCy Schubert<a name="ntp_002ekeys-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>, 1992b15cb3dSCy SchubertUp: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 2002b15cb3dSCy Schubert<br> 2012b15cb3dSCy Schubert</div> 2022b15cb3dSCy Schubert 2032b15cb3dSCy Schubert<h4 class="subsection">ntp.keys Notes</h4> 2042b15cb3dSCy Schubert 2052b15cb3dSCy Schubert<p>This document was derived from FreeBSD. 2062b15cb3dSCy Schubert 2072b15cb3dSCy Schubert</body></html> 2082b15cb3dSCy Schubert 209