xref: /freebsd/contrib/ntp/ntpd/ntp.keys.html (revision 7ef62cebc2f965b0f640263e179276928885e33d)
1<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2<html>
3<!-- Created by GNU Texinfo 6.6, http://www.gnu.org/software/texinfo/ -->
4<head>
5<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
6<title>NTP Symmetric Key</title>
7
8<meta name="description" content="NTP Symmetric Key">
9<meta name="keywords" content="NTP Symmetric Key">
10<meta name="resource-type" content="document">
11<meta name="distribution" content="global">
12<meta name="Generator" content="makeinfo">
13<link href="#Top" rel="start" title="Top">
14<link href="dir.html#Top" rel="up" title="(dir)">
15<style type="text/css">
16<!--
17a.summary-letter {text-decoration: none}
18blockquote.indentedblock {margin-right: 0em}
19div.display {margin-left: 3.2em}
20div.example {margin-left: 3.2em}
21div.lisp {margin-left: 3.2em}
22kbd {font-style: oblique}
23pre.display {font-family: inherit}
24pre.format {font-family: inherit}
25pre.menu-comment {font-family: serif}
26pre.menu-preformatted {font-family: serif}
27span.nolinebreak {white-space: nowrap}
28span.roman {font-family: initial; font-weight: normal}
29span.sansserif {font-family: sans-serif; font-weight: normal}
30ul.no-bullet {list-style: none}
31-->
32</style>
33
34
35</head>
36
37<body lang="en">
38<h1 class="settitle" align="center">NTP Symmetric Key</h1>
39
40
41
42
43
44<span id="Top"></span><div class="header">
45<p>
46Next: <a href="#ntp_002ekeys-Description" accesskey="n" rel="next">ntp.keys Description</a>, Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href="dir.html#Top" accesskey="u" rel="up">(dir)</a> &nbsp; </p>
47</div>
48<span id="NTP_0027s-Symmetric-Key-File-User-Manual"></span><h1 class="top">NTP&rsquo;s Symmetric Key File User Manual</h1>
49
50<p>This document describes the symmetric key file for the NTP Project&rsquo;s
51<code>ntpd</code> program.
52</p>
53<p>This document applies to version 4.2.8p17 of <code>ntp.keys</code>.
54</p>
55<span id="SEC_Overview"></span>
56<h2 class="shortcontents-heading">Short Table of Contents</h2>
57
58<div class="shortcontents">
59<ul class="no-bullet">
60<li><a id="stoc-Description" href="#toc-Description">1 Description</a></li>
61</ul>
62</div>
63
64
65<table class="menu" border="0" cellspacing="0">
66<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Description" accesskey="1">ntp.keys Description</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
67</td></tr>
68<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="2">ntp.keys Notes</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
69</td></tr>
70</table>
71
72<hr>
73<span id="ntp_002ekeys-Description"></span><div class="header">
74<p>
75Previous: <a href="#Top" accesskey="p" rel="prev">Top</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
76</div>
77<span id="Description"></span><h2 class="chapter">1 Description</h2>
78
79<p>The name and location of the symmetric key file for <code>ntpd</code> can
80be specified in a configuration file, by default <code>/etc/ntp.keys</code>.
81</p>
82<table class="menu" border="0" cellspacing="0">
83<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="1">Notes about ntp.keys</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
84</td></tr>
85</table>
86
87<hr>
88<span id="ntp_002ekeys-Notes"></span><div class="header">
89<p>
90Previous: <a href="#ntp_002ekeys-See-Also" accesskey="p" rel="prev">ntp.keys See Also</a>, Up: <a href="#ntp_002ekeys-Description" accesskey="u" rel="up">ntp.keys Description</a> &nbsp; </p>
91</div>
92<span id="Notes-about-ntp_002ekeys"></span><h3 class="section">1.1 Notes about ntp.keys</h3>
93<span id="index-ntp_002ekeys"></span>
94<span id="index-NTP-symmetric-key-file-format"></span>
95
96
97
98<p>This document describes the format of an NTP symmetric key file.
99For a description of the use of this type of file, see the
100&quot;Authentication Support&quot;
101section of the
102<code>ntp.conf(5)</code>
103page.
104</p>
105<p><code>ntpd(8)</code>
106reads its keys from a file specified using the
107<code>-k</code>
108command line option or the
109<code>keys</code>
110statement in the configuration file.
111While key number 0 is fixed by the NTP standard
112(as 56 zero bits)
113and may not be changed,
114one or more keys numbered between 1 and 65535
115may be arbitrarily set in the keys file.
116</p>
117<p>The key file uses the same comment conventions
118as the configuration file.
119Key entries use a fixed format of the form
120</p>
121<div class="example">
122<pre class="example"><kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd>
123</pre></div>
124
125<p>where
126<kbd>keyno</kbd>
127is a positive integer (between 1 and 65535),
128<kbd>type</kbd>
129is the message digest algorithm,
130<kbd>key</kbd>
131is the key itself, and
132<kbd>opt_IP_list</kbd>
133is an optional comma-separated list of IPs
134where the
135<kbd>keyno</kbd>
136should be trusted.
137that are allowed to serve time.
138Each IP in
139<kbd>opt_IP_list</kbd>
140may contain an optional
141<code>/subnetbits</code>
142specification which identifies the number of bits for
143the desired subnet of trust.
144If
145<kbd>opt_IP_list</kbd>
146is empty,
147any properly-authenticated message will be
148accepted.
149</p>
150<p>The
151<kbd>key</kbd>
152may be given in a format
153controlled by the
154<kbd>type</kbd>
155field.
156The
157<kbd>type</kbd>
158<code>MD5</code>
159is always supported.
160If
161<code>ntpd</code>
162was built with the OpenSSL library
163then any digest library supported by that library may be specified.
164However, if compliance with FIPS 140-2 is required the
165<kbd>type</kbd>
166must be either
167<code>SHA</code>
168or
169<code>SHA1</code>.
170</p>
171<p>What follows are some key types, and corresponding formats:
172</p>
173<dl compact="compact">
174<dt><code>MD5</code></dt>
175<dd><p>The key is 1 to 16 printable characters terminated by
176an EOL,
177whitespace,
178or
179a
180<code>#</code>
181(which is the &quot;start of comment&quot; character).
182</p>
183</dd>
184<dt><code>SHA</code></dt>
185<dt><code>SHA1</code></dt>
186<dt><code>RMD160</code></dt>
187<dd><p>The key is a hex-encoded ASCII string of 40 characters,
188which is truncated as necessary.
189</p></dd>
190</dl>
191
192<p>Note that the keys used by the
193<code>ntpq(8)</code>
194and
195<code>ntpdc(8)</code>
196programs are checked against passwords
197requested by the programs and entered by hand,
198so it is generally appropriate to specify these keys in ASCII format.
199</p>
200<p>This section was generated by <strong>AutoGen</strong>,
201using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program.
202This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
203</p>
204<table class="menu" border="0" cellspacing="0">
205<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Files" accesskey="1">ntp.keys Files</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Files
206</td></tr>
207<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-See-Also" accesskey="2">ntp.keys See Also</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">See Also
208</td></tr>
209<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="3">ntp.keys Notes</a></td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Notes
210</td></tr>
211</table>
212
213<hr>
214<span id="ntp_002ekeys-Files"></span><div class="header">
215<p>
216Next: <a href="#ntp_002ekeys-See-Also" accesskey="n" rel="next">ntp.keys See Also</a>, Up: <a href="#ntp_002ekeys-Notes" accesskey="u" rel="up">ntp.keys Notes</a> &nbsp; </p>
217</div>
218<span id="ntp_002ekeys-Files-1"></span><h4 class="subsection">1.1.1 ntp.keys Files</h4>
219<dl compact="compact">
220<dt><samp>/etc/ntp.keys</samp></dt>
221<dd><p>the default name of the configuration file
222</p></dd>
223</dl>
224<hr>
225<span id="ntp_002ekeys-See-Also"></span><div class="header">
226<p>
227Previous: <a href="#ntp_002ekeys-Files" accesskey="p" rel="prev">ntp.keys Files</a>, Up: <a href="#ntp_002ekeys-Notes" accesskey="u" rel="up">ntp.keys Notes</a> &nbsp; </p>
228</div>
229<span id="ntp_002ekeys-See-Also-1"></span><h4 class="subsection">1.1.2 ntp.keys See Also</h4>
230<p><code>ntp.conf(5)</code>,
231<code>ntpd(1ntpdmdoc)</code>,
232<code>ntpdate(1ntpdatemdoc)</code>,
233<code>ntpdc(1ntpdcmdoc)</code>,
234<code>sntp(1sntpmdoc)</code>
235</p><hr>
236<div class="header">
237<p>
238 &nbsp; </p>
239</div>
240<span id="ntp_002ekeys-Notes-1"></span><h4 class="subsection">1.1.3 ntp.keys Notes</h4>
241<p>This document was derived from FreeBSD.
242</p><hr>
243
244
245
246</body>
247</html>
248