xref: /freebsd/contrib/ntp/ntpd/ntp.keys.html (revision fe6060f10f634930ff71b7c50291ddc610da2475)
1<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2<html>
3<!-- Created by GNU Texinfo 6.5, http://www.gnu.org/software/texinfo/ -->
4<head>
5<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
6<title>NTP Symmetric Key</title>
7
8<meta name="description" content="NTP Symmetric Key">
9<meta name="keywords" content="NTP Symmetric Key">
10<meta name="resource-type" content="document">
11<meta name="distribution" content="global">
12<meta name="Generator" content="makeinfo">
13<link href="#Top" rel="start" title="Top">
14<link href="dir.html#Top" rel="up" title="(dir)">
15<style type="text/css">
16<!--
17a.summary-letter {text-decoration: none}
18blockquote.indentedblock {margin-right: 0em}
19blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
20blockquote.smallquotation {font-size: smaller}
21div.display {margin-left: 3.2em}
22div.example {margin-left: 3.2em}
23div.lisp {margin-left: 3.2em}
24div.smalldisplay {margin-left: 3.2em}
25div.smallexample {margin-left: 3.2em}
26div.smalllisp {margin-left: 3.2em}
27kbd {font-style: oblique}
28pre.display {font-family: inherit}
29pre.format {font-family: inherit}
30pre.menu-comment {font-family: serif}
31pre.menu-preformatted {font-family: serif}
32pre.smalldisplay {font-family: inherit; font-size: smaller}
33pre.smallexample {font-size: smaller}
34pre.smallformat {font-family: inherit; font-size: smaller}
35pre.smalllisp {font-size: smaller}
36span.nolinebreak {white-space: nowrap}
37span.roman {font-family: initial; font-weight: normal}
38span.sansserif {font-family: sans-serif; font-weight: normal}
39ul.no-bullet {list-style: none}
40-->
41</style>
42
43
44</head>
45
46<body lang="en">
47<h1 class="settitle" align="center">NTP Symmetric Key</h1>
48
49
50
51
52
53<a name="Top"></a>
54<div class="header">
55<p>
56Next: <a href="#ntp_002ekeys-Description" accesskey="n" rel="next">ntp.keys Description</a>, Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href="dir.html#Top" accesskey="u" rel="up">(dir)</a> &nbsp; </p>
57</div>
58<a name="NTP_0027s-Symmetric-Key-File-User-Manual"></a>
59<h1 class="top">NTP&rsquo;s Symmetric Key File User Manual</h1>
60
61<p>This document describes the symmetric key file for the NTP Project&rsquo;s
62<code>ntpd</code> program.
63</p>
64<p>This document applies to version 4.2.8p15 of <code>ntp.keys</code>.
65</p>
66<a name="SEC_Overview"></a>
67<h2 class="shortcontents-heading">Short Table of Contents</h2>
68
69<div class="shortcontents">
70<ul class="no-bullet">
71<li><a name="stoc-Description" href="#toc-Description">1 Description</a></li>
72</ul>
73</div>
74
75
76<table class="menu" border="0" cellspacing="0">
77<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Description" accesskey="1">ntp.keys Description</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
78</td></tr>
79<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="2">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
80</td></tr>
81</table>
82
83<hr>
84<a name="ntp_002ekeys-Description"></a>
85<div class="header">
86<p>
87Previous: <a href="#Top" accesskey="p" rel="prev">Top</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> &nbsp; </p>
88</div>
89<a name="Description"></a>
90<h2 class="chapter">1 Description</h2>
91
92<p>The name and location of the symmetric key file for <code>ntpd</code> can
93be specified in a configuration file, by default <code>/etc/ntp.keys</code>.
94</p>
95<table class="menu" border="0" cellspacing="0">
96<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="1">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">
97</td></tr>
98</table>
99
100<hr>
101<a name="ntp_002ekeys-Notes"></a>
102<div class="header">
103<p>
104Previous: <a href="#ntp_002ekeys-See-Also" accesskey="p" rel="prev">ntp.keys See Also</a>, Up: <a href="#ntp_002ekeys-Description" accesskey="u" rel="up">ntp.keys Description</a> &nbsp; </p>
105</div>
106<a name="Notes-about-ntp_002ekeys"></a>
107<h3 class="section">1.1 Notes about ntp.keys</h3>
108<a name="index-ntp_002ekeys"></a>
109<a name="index-NTP-symmetric-key-file-format"></a>
110
111
112
113<p>This document describes the format of an NTP symmetric key file.
114For a description of the use of this type of file, see the
115&quot;Authentication Support&quot;
116section of the
117<code>ntp.conf(5)</code>
118page.
119</p>
120<p><code>ntpd(8)</code>
121reads its keys from a file specified using the
122<code>-k</code>
123command line option or the
124<code>keys</code>
125statement in the configuration file.
126While key number 0 is fixed by the NTP standard
127(as 56 zero bits)
128and may not be changed,
129one or more keys numbered between 1 and 65535
130may be arbitrarily set in the keys file.
131</p>
132<p>The key file uses the same comment conventions
133as the configuration file.
134Key entries use a fixed format of the form
135</p>
136<div class="example">
137<pre class="example"><kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd>
138</pre></div>
139
140<p>where
141<kbd>keyno</kbd>
142is a positive integer (between 1 and 65535),
143<kbd>type</kbd>
144is the message digest algorithm,
145<kbd>key</kbd>
146is the key itself, and
147<kbd>opt_IP_list</kbd>
148is an optional comma-separated list of IPs
149where the
150<kbd>keyno</kbd>
151should be trusted.
152that are allowed to serve time.
153Each IP in
154<kbd>opt_IP_list</kbd>
155may contain an optional
156<code>/subnetbits</code>
157specification which identifies the number of bits for
158the desired subnet of trust.
159If
160<kbd>opt_IP_list</kbd>
161is empty,
162any properly-authenticated message will be
163accepted.
164</p>
165<p>The
166<kbd>key</kbd>
167may be given in a format
168controlled by the
169<kbd>type</kbd>
170field.
171The
172<kbd>type</kbd>
173<code>MD5</code>
174is always supported.
175If
176<code>ntpd</code>
177was built with the OpenSSL library
178then any digest library supported by that library may be specified.
179However, if compliance with FIPS 140-2 is required the
180<kbd>type</kbd>
181must be either
182<code>SHA</code>
183or
184<code>SHA1</code>.
185</p>
186<p>What follows are some key types, and corresponding formats:
187</p>
188<dl compact="compact">
189<dt><code>MD5</code></dt>
190<dd><p>The key is 1 to 16 printable characters terminated by
191an EOL,
192whitespace,
193or
194a
195<code>#</code>
196(which is the &quot;start of comment&quot; character).
197</p>
198</dd>
199<dt><code>SHA</code></dt>
200<dt><code>SHA1</code></dt>
201<dt><code>RMD160</code></dt>
202<dd><p>The key is a hex-encoded ASCII string of 40 characters,
203which is truncated as necessary.
204</p></dd>
205</dl>
206
207<p>Note that the keys used by the
208<code>ntpq(8)</code>
209and
210<code>ntpdc(8)</code>
211programs are checked against passwords
212requested by the programs and entered by hand,
213so it is generally appropriate to specify these keys in ASCII format.
214</p>
215<p>This section was generated by <strong>AutoGen</strong>,
216using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program.
217This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
218</p>
219<table class="menu" border="0" cellspacing="0">
220<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Files" accesskey="1">ntp.keys Files</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Files
221</td></tr>
222<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-See-Also" accesskey="2">ntp.keys See Also</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">See Also
223</td></tr>
224<tr><td align="left" valign="top">&bull; <a href="#ntp_002ekeys-Notes" accesskey="3">ntp.keys Notes</a>:</td><td>&nbsp;&nbsp;</td><td align="left" valign="top">Notes
225</td></tr>
226</table>
227
228<hr>
229<a name="ntp_002ekeys-Files"></a>
230<div class="header">
231<p>
232Next: <a href="#ntp_002ekeys-See-Also" accesskey="n" rel="next">ntp.keys See Also</a>, Up: <a href="#ntp_002ekeys-Notes" accesskey="u" rel="up">ntp.keys Notes</a> &nbsp; </p>
233</div>
234<a name="ntp_002ekeys-Files-1"></a>
235<h4 class="subsection">1.1.1 ntp.keys Files</h4>
236<dl compact="compact">
237<dt><samp>/etc/ntp.keys</samp></dt>
238<dd><p>the default name of the configuration file
239</p></dd>
240</dl>
241<hr>
242<a name="ntp_002ekeys-See-Also"></a>
243<div class="header">
244<p>
245Previous: <a href="#ntp_002ekeys-Files" accesskey="p" rel="prev">ntp.keys Files</a>, Up: <a href="#ntp_002ekeys-Notes" accesskey="u" rel="up">ntp.keys Notes</a> &nbsp; </p>
246</div>
247<a name="ntp_002ekeys-See-Also-1"></a>
248<h4 class="subsection">1.1.2 ntp.keys See Also</h4>
249<p><code>ntp.conf(5)</code>,
250<code>ntpd(1ntpdmdoc)</code>,
251<code>ntpdate(1ntpdatemdoc)</code>,
252<code>ntpdc(1ntpdcmdoc)</code>,
253<code>sntp(1sntpmdoc)</code>
254</p><hr>
255<div class="header">
256<p>
257 &nbsp; </p>
258</div>
259<a name="ntp_002ekeys-Notes-1"></a>
260<h4 class="subsection">1.1.3 ntp.keys Notes</h4>
261<p>This document was derived from FreeBSD.
262</p><hr>
263
264
265
266</body>
267</html>
268