xref: /freebsd/contrib/ntp/util/invoke-ntp-keygen.texi (revision 6c925b9c81036a86db387f75a32b423420eadf6c)
1@node ntp-keygen Invocation
2@section Invoking ntp-keygen
3@pindex ntp-keygen
4@cindex Create a NTP host key
5@ignore
6#
7# EDIT THIS FILE WITH CAUTION  (invoke-ntp-keygen.texi)
8#
9# It has been AutoGen-ed  November 21, 2016 at 08:03:45 AM by AutoGen 5.18.5
10# From the definitions    ntp-keygen-opts.def
11# and the template file   agtexi-cmd.tpl
12@end ignore
13
14
15
16This program generates cryptographic data files used by the NTPv4
17authentication and identification schemes.
18It generates MD5 key files used in symmetric key cryptography.
19In addition, if the OpenSSL software library has been installed,
20it generates keys, certificate and identity files used in public key
21cryptography.
22These files are used for cookie encryption,
23digital signature and challenge/response identification algorithms
24compatible with the Internet standard security infrastructure.
25
26All files are in PEM-encoded printable ASCII format,
27so they can be embedded as MIME attachments in mail to other sites
28and certificate authorities.
29By default, files are not encrypted.
30
31When used to generate message digest keys, the program produces a file
32containing ten pseudo-random printable ASCII strings suitable for the
33MD5 message digest algorithm included in the distribution.
34If the OpenSSL library is installed, it produces an additional ten
35hex-encoded random bit strings suitable for the SHA1 and other message
36digest algorithms.
37The message digest keys file must be distributed and stored
38using secure means beyond the scope of NTP itself.
39Besides the keys used for ordinary NTP associations, additional keys
40can be defined as passwords for the
41@code{ntpq(1ntpqmdoc)}
42and
43@code{ntpdc(1ntpdcmdoc)}
44utility programs.
45
46The remaining generated files are compatible with other OpenSSL
47applications and other Public Key Infrastructure (PKI) resources.
48Certificates generated by this program are compatible with extant
49industry practice, although some users might find the interpretation of
50X509v3 extension fields somewhat liberal.
51However, the identity keys are probably not compatible with anything
52other than Autokey.
53
54Some files used by this program are encrypted using a private password.
55The
56@code{-p}
57option specifies the password for local encrypted files and the
58@code{-q}
59option the password for encrypted files sent to remote sites.
60If no password is specified, the host name returned by the Unix
61@code{gethostname()}
62function, normally the DNS name of the host is used.
63
64The
65@kbd{pw}
66option of the
67@kbd{crypto}
68configuration command specifies the read
69password for previously encrypted local files.
70This must match the local password used by this program.
71If not specified, the host name is used.
72Thus, if files are generated by this program without password,
73they can be read back by
74@kbd{ntpd}
75without password but only on the same host.
76
77Normally, encrypted files for each host are generated by that host and
78used only by that host, although exceptions exist as noted later on
79this page.
80The symmetric keys file, normally called
81@kbd{ntp.keys},
82is usually installed in
83@file{/etc}.
84Other files and links are usually installed in
85@file{/usr/local/etc},
86which is normally in a shared filesystem in
87NFS-mounted networks and cannot be changed by shared clients.
88The location of the keys directory can be changed by the
89@kbd{keysdir}
90configuration command in such cases.
91Normally, this is in
92@file{/etc}.
93
94This program directs commentary and error messages to the standard
95error stream
96@kbd{stderr}
97and remote files to the standard output stream
98@kbd{stdout}
99where they can be piped to other applications or redirected to files.
100The names used for generated files and links all begin with the
101string
102@kbd{ntpkey}
103and include the file type, generating host and filestamp,
104as described in the
105@quotedblleft{}Cryptographic Data Files@quotedblright{}
106section below.
107@subsubsection Running the Program
108To test and gain experience with Autokey concepts, log in as root and
109change to the keys directory, usually
110@file{/usr/local/etc}
111When run for the first time, or if all files with names beginning with
112@kbd{ntpkey}
113have been removed, use the
114@code{ntp-keygen}
115command without arguments to generate a
116default RSA host key and matching RSA-MD5 certificate with expiration
117date one year hence.
118If run again without options, the program uses the
119existing keys and parameters and generates only a new certificate with
120new expiration date one year hence.
121
122Run the command on as many hosts as necessary.
123Designate one of them as the trusted host (TH) using
124@code{ntp-keygen}
125with the
126@code{-T}
127option and configure it to synchronize from reliable Internet servers.
128Then configure the other hosts to synchronize to the TH directly or
129indirectly.
130A certificate trail is created when Autokey asks the immediately
131ascendant host towards the TH to sign its certificate, which is then
132provided to the immediately descendant host on request.
133All group hosts should have acyclic certificate trails ending on the TH.
134
135The host key is used to encrypt the cookie when required and so must be
136RSA type.
137By default, the host key is also the sign key used to encrypt
138signatures.
139A different sign key can be assigned using the
140@code{-S}
141option and this can be either RSA or DSA type.
142By default, the signature
143message digest type is MD5, but any combination of sign key type and
144message digest type supported by the OpenSSL library can be specified
145using the
146@code{-c}
147option.
148The rules say cryptographic media should be generated with proventic
149filestamps, which means the host should already be synchronized before
150this program is run.
151This of course creates a chicken-and-egg problem
152when the host is started for the first time.
153Accordingly, the host time
154should be set by some other means, such as eyeball-and-wristwatch, at
155least so that the certificate lifetime is within the current year.
156After that and when the host is synchronized to a proventic source, the
157certificate should be re-generated.
158
159Additional information on trusted groups and identity schemes is on the
160@quotedblleft{}Autokey Public-Key Authentication@quotedblright{}
161page.
162
163
164
165The
166@code{ntpd(1ntpdmdoc)}
167configuration command
168@code{crypto} @code{pw} @kbd{password}
169specifies the read password for previously encrypted files.
170The daemon expires on the spot if the password is missing
171or incorrect.
172For convenience, if a file has been previously encrypted,
173the default read password is the name of the host running
174the program.
175If the previous write password is specified as the host name,
176these files can be read by that host with no explicit password.
177
178
179File names begin with the prefix
180@code{ntpkey_}
181and end with the postfix
182@kbd{_hostname.filestamp},
183where
184@kbd{hostname}
185is the owner name, usually the string returned
186by the Unix gethostname() routine, and
187@kbd{filestamp}
188is the NTP seconds when the file was generated, in decimal digits.
189This both guarantees uniqueness and simplifies maintenance
190procedures, since all files can be quickly removed
191by a
192@code{rm} @code{ntpkey*}
193command or all files generated
194at a specific time can be removed by a
195@code{rm}
196@kbd{*filestamp}
197command.
198To further reduce the risk of misconfiguration,
199the first two lines of a file contain the file name
200and generation date and time as comments.
201
202All files are installed by default in the keys directory
203@file{/usr/local/etc},
204which is normally in a shared filesystem
205in NFS-mounted networks.
206The actual location of the keys directory
207and each file can be overridden by configuration commands,
208but this is not recommended.
209Normally, the files for each host are generated by that host
210and used only by that host, although exceptions exist
211as noted later on this page.
212
213Normally, files containing private values,
214including the host key, sign key and identification parameters,
215are permitted root read/write-only;
216while others containing public values are permitted world readable.
217Alternatively, files containing private values can be encrypted
218and these files permitted world readable,
219which simplifies maintenance in shared file systems.
220Since uniqueness is insured by the hostname and
221file name extensions, the files for a NFS server and
222dependent clients can all be installed in the same shared directory.
223
224The recommended practice is to keep the file name extensions
225when installing a file and to install a soft link
226from the generic names specified elsewhere on this page
227to the generated files.
228This allows new file generations to be activated simply
229by changing the link.
230If a link is present, ntpd follows it to the file name
231to extract the filestamp.
232If a link is not present,
233@code{ntpd(1ntpdmdoc)}
234extracts the filestamp from the file itself.
235This allows clients to verify that the file and generation times
236are always current.
237The
238@code{ntp-keygen}
239program uses the same timestamp extension for all files generated
240at one time, so each generation is distinct and can be readily
241recognized in monitoring data.
242@subsubsection Running the program
243The safest way to run the
244@code{ntp-keygen}
245program is logged in directly as root.
246The recommended procedure is change to the keys directory,
247usually
248@file{/usr/local/etc},
249then run the program.
250When run for the first time,
251or if all
252@code{ntpkey}
253files have been removed,
254the program generates a RSA host key file and matching RSA-MD5 certificate file,
255which is all that is necessary in many cases.
256The program also generates soft links from the generic names
257to the respective files.
258If run again, the program uses the same host key file,
259but generates a new certificate file and link.
260
261The host key is used to encrypt the cookie when required and so must be RSA type.
262By default, the host key is also the sign key used to encrypt signatures.
263When necessary, a different sign key can be specified and this can be
264either RSA or DSA type.
265By default, the message digest type is MD5, but any combination
266of sign key type and message digest type supported by the OpenSSL library
267can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2
268and RIPE160 message digest algorithms.
269However, the scheme specified in the certificate must be compatible
270with the sign key.
271Certificates using any digest algorithm are compatible with RSA sign keys;
272however, only SHA and SHA1 certificates are compatible with DSA sign keys.
273
274Private/public key files and certificates are compatible with
275other OpenSSL applications and very likely other libraries as well.
276Certificates or certificate requests derived from them should be compatible
277with extant industry practice, although some users might find
278the interpretation of X509v3 extension fields somewhat liberal.
279However, the identification parameter files, although encoded
280as the other files, are probably not compatible with anything other than Autokey.
281
282Running the program as other than root and using the Unix
283@code{su}
284command
285to assume root may not work properly, since by default the OpenSSL library
286looks for the random seed file
287@code{.rnd}
288in the user home directory.
289However, there should be only one
290@code{.rnd},
291most conveniently
292in the root directory, so it is convenient to define the
293@code{$RANDFILE}
294environment variable used by the OpenSSL library as the path to
295@code{/.rnd}.
296
297Installing the keys as root might not work in NFS-mounted
298shared file systems, as NFS clients may not be able to write
299to the shared keys directory, even as root.
300In this case, NFS clients can specify the files in another
301directory such as
302@file{/etc}
303using the
304@code{keysdir}
305command.
306There is no need for one client to read the keys and certificates
307of other clients or servers, as these data are obtained automatically
308by the Autokey protocol.
309
310Ordinarily, cryptographic files are generated by the host that uses them,
311but it is possible for a trusted agent (TA) to generate these files
312for other hosts; however, in such cases files should always be encrypted.
313The subject name and trusted name default to the hostname
314of the host generating the files, but can be changed by command line options.
315It is convenient to designate the owner name and trusted name
316as the subject and issuer fields, respectively, of the certificate.
317The owner name is also used for the host and sign key files,
318while the trusted name is used for the identity files.
319
320
321All files are installed by default in the keys directory
322@file{/usr/local/etc},
323which is normally in a shared filesystem
324in NFS-mounted networks.
325The actual location of the keys directory
326and each file can be overridden by configuration commands,
327but this is not recommended.
328Normally, the files for each host are generated by that host
329and used only by that host, although exceptions exist
330as noted later on this page.
331
332Normally, files containing private values,
333including the host key, sign key and identification parameters,
334are permitted root read/write-only;
335while others containing public values are permitted world readable.
336Alternatively, files containing private values can be encrypted
337and these files permitted world readable,
338which simplifies maintenance in shared file systems.
339Since uniqueness is insured by the hostname and
340file name extensions, the files for a NFS server and
341dependent clients can all be installed in the same shared directory.
342
343The recommended practice is to keep the file name extensions
344when installing a file and to install a soft link
345from the generic names specified elsewhere on this page
346to the generated files.
347This allows new file generations to be activated simply
348by changing the link.
349If a link is present, ntpd follows it to the file name
350to extract the filestamp.
351If a link is not present,
352@code{ntpd(1ntpdmdoc)}
353extracts the filestamp from the file itself.
354This allows clients to verify that the file and generation times
355are always current.
356The
357@code{ntp-keygen}
358program uses the same timestamp extension for all files generated
359at one time, so each generation is distinct and can be readily
360recognized in monitoring data.
361@subsubsection Running the program
362The safest way to run the
363@code{ntp-keygen}
364program is logged in directly as root.
365The recommended procedure is change to the keys directory,
366usually
367@file{/usr/local/etc},
368then run the program.
369When run for the first time,
370or if all
371@code{ntpkey}
372files have been removed,
373the program generates a RSA host key file and matching RSA-MD5 certificate file,
374which is all that is necessary in many cases.
375The program also generates soft links from the generic names
376to the respective files.
377If run again, the program uses the same host key file,
378but generates a new certificate file and link.
379
380The host key is used to encrypt the cookie when required and so must be RSA type.
381By default, the host key is also the sign key used to encrypt signatures.
382When necessary, a different sign key can be specified and this can be
383either RSA or DSA type.
384By default, the message digest type is MD5, but any combination
385of sign key type and message digest type supported by the OpenSSL library
386can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2
387and RIPE160 message digest algorithms.
388However, the scheme specified in the certificate must be compatible
389with the sign key.
390Certificates using any digest algorithm are compatible with RSA sign keys;
391however, only SHA and SHA1 certificates are compatible with DSA sign keys.
392
393Private/public key files and certificates are compatible with
394other OpenSSL applications and very likely other libraries as well.
395Certificates or certificate requests derived from them should be compatible
396with extant industry practice, although some users might find
397the interpretation of X509v3 extension fields somewhat liberal.
398However, the identification parameter files, although encoded
399as the other files, are probably not compatible with anything other than Autokey.
400
401Running the program as other than root and using the Unix
402@code{su}
403command
404to assume root may not work properly, since by default the OpenSSL library
405looks for the random seed file
406@code{.rnd}
407in the user home directory.
408However, there should be only one
409@code{.rnd},
410most conveniently
411in the root directory, so it is convenient to define the
412@code{$RANDFILE}
413environment variable used by the OpenSSL library as the path to
414@code{/.rnd}.
415
416Installing the keys as root might not work in NFS-mounted
417shared file systems, as NFS clients may not be able to write
418to the shared keys directory, even as root.
419In this case, NFS clients can specify the files in another
420directory such as
421@file{/etc}
422using the
423@code{keysdir}
424command.
425There is no need for one client to read the keys and certificates
426of other clients or servers, as these data are obtained automatically
427by the Autokey protocol.
428
429Ordinarily, cryptographic files are generated by the host that uses them,
430but it is possible for a trusted agent (TA) to generate these files
431for other hosts; however, in such cases files should always be encrypted.
432The subject name and trusted name default to the hostname
433of the host generating the files, but can be changed by command line options.
434It is convenient to designate the owner name and trusted name
435as the subject and issuer fields, respectively, of the certificate.
436The owner name is also used for the host and sign key files,
437while the trusted name is used for the identity files.
438seconds.
439seconds.
440
441s Trusted Hosts and Groups
442Each cryptographic configuration involves selection of a signature scheme
443and identification scheme, called a cryptotype,
444as explained in the
445@ref{Authentication Options}
446section of
447@code{ntp.conf(5)}.
448The default cryptotype uses RSA encryption, MD5 message digest
449and TC identification.
450First, configure a NTP subnet including one or more low-stratum
451trusted hosts from which all other hosts derive synchronization
452directly or indirectly.
453Trusted hosts have trusted certificates;
454all other hosts have nontrusted certificates.
455These hosts will automatically and dynamically build authoritative
456certificate trails to one or more trusted hosts.
457A trusted group is the set of all hosts that have, directly or indirectly,
458a certificate trail ending at a trusted host.
459The trail is defined by static configuration file entries
460or dynamic means described on the
461@ref{Automatic NTP Configuration Options}
462section of
463@code{ntp.conf(5)}.
464
465On each trusted host as root, change to the keys directory.
466To insure a fresh fileset, remove all
467@code{ntpkey}
468files.
469Then run
470@code{ntp-keygen}
471@code{-T}
472to generate keys and a trusted certificate.
473On all other hosts do the same, but leave off the
474@code{-T}
475flag to generate keys and nontrusted certificates.
476When complete, start the NTP daemons beginning at the lowest stratum
477and working up the tree.
478It may take some time for Autokey to instantiate the certificate trails
479throughout the subnet, but setting up the environment is completely automatic.
480
481If it is necessary to use a different sign key or different digest/signature
482scheme than the default, run
483@code{ntp-keygen}
484with the
485@code{-S} @kbd{type}
486option, where
487@kbd{type}
488is either
489@code{RSA}
490or
491@code{DSA}.
492The most often need to do this is when a DSA-signed certificate is used.
493If it is necessary to use a different certificate scheme than the default,
494run
495@code{ntp-keygen}
496with the
497@code{-c} @kbd{scheme}
498option and selected
499@kbd{scheme}
500as needed.
501f
502@code{ntp-keygen}
503is run again without these options, it generates a new certificate
504using the same scheme and sign key.
505
506After setting up the environment it is advisable to update certificates
507from time to time, if only to extend the validity interval.
508Simply run
509@code{ntp-keygen}
510with the same flags as before to generate new certificates
511using existing keys.
512However, if the host or sign key is changed,
513@code{ntpd(1ntpdmdoc)}
514should be restarted.
515When
516@code{ntpd(1ntpdmdoc)}
517is restarted, it loads any new files and restarts the protocol.
518Other dependent hosts will continue as usual until signatures are refreshed,
519at which time the protocol is restarted.
520@subsubsection Identity Schemes
521As mentioned on the Autonomous Authentication page,
522the default TC identity scheme is vulnerable to a middleman attack.
523However, there are more secure identity schemes available,
524including PC, IFF, GQ and MV described on the
525"Identification Schemes"
526page
527(maybe available at
528@code{http://www.eecis.udel.edu/%7emills/keygen.html}).
529These schemes are based on a TA, one or more trusted hosts
530and some number of nontrusted hosts.
531Trusted hosts prove identity using values provided by the TA,
532while the remaining hosts prove identity using values provided
533by a trusted host and certificate trails that end on that host.
534The name of a trusted host is also the name of its sugroup
535and also the subject and issuer name on its trusted certificate.
536The TA is not necessarily a trusted host in this sense, but often is.
537
538In some schemes there are separate keys for servers and clients.
539A server can also be a client of another server,
540but a client can never be a server for another client.
541In general, trusted hosts and nontrusted hosts that operate
542as both server and client have parameter files that contain
543both server and client keys.
544Hosts that operate
545only as clients have key files that contain only client keys.
546
547The PC scheme supports only one trusted host in the group.
548On trusted host alice run
549@code{ntp-keygen}
550@code{-P}
551@code{-p} @kbd{password}
552to generate the host key file
553@file{ntpkey_RSAkey_}@kbd{alice.filestamp}
554and trusted private certificate file
555@file{ntpkey_RSA-MD5_cert_}@kbd{alice.filestamp}.
556Copy both files to all group hosts;
557they replace the files which would be generated in other schemes.
558On each host bob install a soft link from the generic name
559@file{ntpkey_host_}@kbd{bob}
560to the host key file and soft link
561@file{ntpkey_cert_}@kbd{bob}
562to the private certificate file.
563Note the generic links are on bob, but point to files generated
564by trusted host alice.
565In this scheme it is not possible to refresh
566either the keys or certificates without copying them
567to all other hosts in the group.
568
569For the IFF scheme proceed as in the TC scheme to generate keys
570and certificates for all group hosts, then for every trusted host in the group,
571generate the IFF parameter file.
572On trusted host alice run
573@code{ntp-keygen}
574@code{-T}
575@code{-I}
576@code{-p} @kbd{password}
577to produce her parameter file
578@file{ntpkey_IFFpar_}@kbd{alice.filestamp},
579which includes both server and client keys.
580Copy this file to all group hosts that operate as both servers
581and clients and install a soft link from the generic
582@file{ntpkey_iff_}@kbd{alice}
583to this file.
584If there are no hosts restricted to operate only as clients,
585there is nothing further to do.
586As the IFF scheme is independent
587of keys and certificates, these files can be refreshed as needed.
588
589If a rogue client has the parameter file, it could masquerade
590as a legitimate server and present a middleman threat.
591To eliminate this threat, the client keys can be extracted
592from the parameter file and distributed to all restricted clients.
593After generating the parameter file, on alice run
594@code{ntp-keygen}
595@code{-e}
596and pipe the output to a file or mail program.
597Copy or mail this file to all restricted clients.
598On these clients install a soft link from the generic
599@file{ntpkey_iff_}@kbd{alice}
600to this file.
601To further protect the integrity of the keys,
602each file can be encrypted with a secret password.
603
604For the GQ scheme proceed as in the TC scheme to generate keys
605and certificates for all group hosts, then for every trusted host
606in the group, generate the IFF parameter file.
607On trusted host alice run
608@code{ntp-keygen}
609@code{-T}
610@code{-G}
611@code{-p} @kbd{password}
612to produce her parameter file
613@file{ntpkey_GQpar_}@kbd{alice.filestamp},
614which includes both server and client keys.
615Copy this file to all group hosts and install a soft link
616from the generic
617@file{ntpkey_gq_}@kbd{alice}
618to this file.
619In addition, on each host bob install a soft link
620from generic
621@file{ntpkey_gq_}@kbd{bob}
622to this file.
623As the GQ scheme updates the GQ parameters file and certificate
624at the same time, keys and certificates can be regenerated as needed.
625
626For the MV scheme, proceed as in the TC scheme to generate keys
627and certificates for all group hosts.
628For illustration assume trish is the TA, alice one of several trusted hosts
629and bob one of her clients.
630On TA trish run
631@code{ntp-keygen}
632@code{-V} @kbd{n}
633@code{-p} @kbd{password},
634where
635@kbd{n}
636is the number of revokable keys (typically 5) to produce
637the parameter file
638@file{ntpkeys_MVpar_}@kbd{trish.filestamp}
639and client key files
640@file{ntpkeys_MVkeyd_}@kbd{trish.filestamp}
641where
642@kbd{d}
643is the key number (0 <
644@kbd{d}
645<
646@kbd{n}).
647Copy the parameter file to alice and install a soft link
648from the generic
649@file{ntpkey_mv_}@kbd{alice}
650to this file.
651Copy one of the client key files to alice for later distribution
652to her clients.
653It doesn't matter which client key file goes to alice,
654since they all work the same way.
655Alice copies the client key file to all of her cliens.
656On client bob install a soft link from generic
657@file{ntpkey_mvkey_}@kbd{bob}
658to the client key file.
659As the MV scheme is independent of keys and certificates,
660these files can be refreshed as needed.
661@subsubsection Command Line Options
662@table @asis
663@item @code{-c} @kbd{scheme}
664Select certificate message digest/signature encryption scheme.
665The
666@kbd{scheme}
667can be one of the following:
668. Cm RSA-MD2 , RSA-MD5 , RSA-SHA , RSA-SHA1 , RSA-MDC2 , RSA-RIPEMD160 , DSA-SHA ,
669or
670@code{DSA-SHA1}.
671Note that RSA schemes must be used with a RSA sign key and DSA
672schemes must be used with a DSA sign key.
673The default without this option is
674@code{RSA-MD5}.
675@item @code{-d}
676Enable debugging.
677This option displays the cryptographic data produced in eye-friendly billboards.
678@item @code{-e}
679Write the IFF client keys to the standard output.
680This is intended for automatic key distribution by mail.
681@item @code{-G}
682Generate parameters and keys for the GQ identification scheme,
683obsoleting any that may exist.
684@item @code{-g}
685Generate keys for the GQ identification scheme
686using the existing GQ parameters.
687If the GQ parameters do not yet exist, create them first.
688@item @code{-H}
689Generate new host keys, obsoleting any that may exist.
690@item @code{-I}
691Generate parameters for the IFF identification scheme,
692obsoleting any that may exist.
693@item @code{-i} @kbd{name}
694Set the suject name to
695@kbd{name}.
696This is used as the subject field in certificates
697and in the file name for host and sign keys.
698@item @code{-M}
699Generate MD5 keys, obsoleting any that may exist.
700@item @code{-P}
701Generate a private certificate.
702By default, the program generates public certificates.
703@item @code{-p} @kbd{password}
704Encrypt generated files containing private data with
705@kbd{password}
706and the DES-CBC algorithm.
707@item @code{-q}
708Set the password for reading files to password.
709@item @code{-S} @code{[@code{RSA} | @code{DSA}]}
710Generate a new sign key of the designated type,
711obsoleting any that may exist.
712By default, the program uses the host key as the sign key.
713@item @code{-s} @kbd{name}
714Set the issuer name to
715@kbd{name}.
716This is used for the issuer field in certificates
717and in the file name for identity files.
718@item @code{-T}
719Generate a trusted certificate.
720By default, the program generates a non-trusted certificate.
721@item @code{-V} @kbd{nkeys}
722Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
723@end table
724@subsubsection Random Seed File
725All cryptographically sound key generation schemes must have means
726to randomize the entropy seed used to initialize
727the internal pseudo-random number generator used
728by the library routines.
729The OpenSSL library uses a designated random seed file for this purpose.
730The file must be available when starting the NTP daemon and
731@code{ntp-keygen}
732program.
733If a site supports OpenSSL or its companion OpenSSH,
734it is very likely that means to do this are already available.
735
736It is important to understand that entropy must be evolved
737for each generation, for otherwise the random number sequence
738would be predictable.
739Various means dependent on external events, such as keystroke intervals,
740can be used to do this and some systems have built-in entropy sources.
741Suitable means are described in the OpenSSL software documentation,
742but are outside the scope of this page.
743
744The entropy seed used by the OpenSSL library is contained in a file,
745usually called
746@code{.rnd},
747which must be available when starting the NTP daemon
748or the
749@code{ntp-keygen}
750program.
751The NTP daemon will first look for the file
752using the path specified by the
753@code{randfile}
754subcommand of the
755@code{crypto}
756configuration command.
757If not specified in this way, or when starting the
758@code{ntp-keygen}
759program,
760the OpenSSL library will look for the file using the path specified
761by the
762.Ev RANDFILE
763environment variable in the user home directory,
764whether root or some other user.
765If the
766.Ev RANDFILE
767environment variable is not present,
768the library will look for the
769@code{.rnd}
770file in the user home directory.
771If the file is not available or cannot be written,
772the daemon exits with a message to the system log and the program
773exits with a suitable error message.
774@subsubsection Cryptographic Data Files
775All other file formats begin with two lines.
776The first contains the file name, including the generated host name
777and filestamp.
778The second contains the datestamp in conventional Unix date format.
779Lines beginning with # are considered comments and ignored by the
780@code{ntp-keygen}
781program and
782@code{ntpd(1ntpdmdoc)}
783daemon.
784Cryptographic values are encoded first using ASN.1 rules,
785then encrypted if necessary, and finally written PEM-encoded
786printable ASCII format preceded and followed by MIME content identifier lines.
787
788The format of the symmetric keys file is somewhat different
789than the other files in the interest of backward compatibility.
790Since DES-CBC is deprecated in NTPv4, the only key format of interest
791is MD5 alphanumeric strings.
792Following hte heard the keys are
793entered one per line in the format
794@example
795@kbd{keyno} @kbd{type} @kbd{key}
796@end example
797where
798@kbd{keyno}
799is a positive integer in the range 1-65,535,
800@kbd{type}
801is the string MD5 defining the key format and
802@kbd{key}
803is the key itself,
804which is a printable ASCII string 16 characters or less in length.
805Each character is chosen from the 93 printable characters
806in the range 0x21 through 0x7f excluding space and the
807@quoteleft{}#@quoteright{}
808character.
809
810Note that the keys used by the
811@code{ntpq(1ntpqmdoc)}
812and
813@code{ntpdc(1ntpdcmdoc)}
814programs
815are checked against passwords requested by the programs
816and entered by hand, so it is generally appropriate to specify these keys
817in human readable ASCII format.
818
819The
820@code{ntp-keygen}
821program generates a MD5 symmetric keys file
822@file{ntpkey_MD5key_}@kbd{hostname.filestamp}.
823Since the file contains private shared keys,
824it should be visible only to root and distributed by secure means
825to other subnet hosts.
826The NTP daemon loads the file
827@file{ntp.keys},
828so
829@code{ntp-keygen}
830installs a soft link from this name to the generated file.
831Subsequently, similar soft links must be installed by manual
832or automated means on the other subnet hosts.
833While this file is not used with the Autokey Version 2 protocol,
834it is needed to authenticate some remote configuration commands
835used by the
836@code{ntpq(1ntpqmdoc)}
837and
838@code{ntpdc(1ntpdcmdoc)}
839utilities.
840
841This section was generated by @strong{AutoGen},
842using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp-keygen} program.
843This software is released under the NTP license, <http://ntp.org/license>.
844
845@menu
846* ntp-keygen usage::                  ntp-keygen help/usage (@option{--help})
847* ntp-keygen imbits::                 imbits option (-b)
848* ntp-keygen certificate::            certificate option (-c)
849* ntp-keygen cipher::                 cipher option (-C)
850* ntp-keygen id-key::                 id-key option (-e)
851* ntp-keygen gq-params::              gq-params option (-G)
852* ntp-keygen host-key::               host-key option (-H)
853* ntp-keygen iffkey::                 iffkey option (-I)
854* ntp-keygen ident::                  ident option (-i)
855* ntp-keygen lifetime::               lifetime option (-l)
856* ntp-keygen md5key::                 md5key option (-M)
857* ntp-keygen modulus::                modulus option (-m)
858* ntp-keygen pvt-cert::               pvt-cert option (-P)
859* ntp-keygen password::               password option (-p)
860* ntp-keygen export-passwd::          export-passwd option (-q)
861* ntp-keygen sign-key::               sign-key option (-S)
862* ntp-keygen subject-name::           subject-name option (-s)
863* ntp-keygen trusted-cert::           trusted-cert option (-T)
864* ntp-keygen mv-params::              mv-params option (-V)
865* ntp-keygen mv-keys::                mv-keys option (-v)
866* ntp-keygen config::                 presetting/configuring ntp-keygen
867* ntp-keygen exit status::            exit status
868* ntp-keygen Usage::                  Usage
869* ntp-keygen Notes::                  Notes
870* ntp-keygen Bugs::                   Bugs
871@end menu
872
873@node ntp-keygen usage
874@subsection ntp-keygen help/usage (@option{--help})
875@cindex ntp-keygen help
876
877This is the automatically generated usage text for ntp-keygen.
878
879The text printed is the same whether selected with the @code{help} option
880(@option{--help}) or the @code{more-help} option (@option{--more-help}).  @code{more-help} will print
881the usage text by passing it through a pager program.
882@code{more-help} is disabled on platforms without a working
883@code{fork(2)} function.  The @code{PAGER} environment variable is
884used to select the program, defaulting to @file{more}.  Both will exit
885with a status code of 0.
886
887@exampleindent 0
888@example
889ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p9
890Usage:  ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
891  Flg Arg Option-Name    Description
892   -b Num imbits         identity modulus bits
893                                - it must be in the range:
894                                  256 to 2048
895   -c Str certificate    certificate scheme
896   -C Str cipher         privatekey cipher
897   -d no  debug-level    Increase debug verbosity level
898                                - may appear multiple times
899   -D Num set-debug-level Set the debug verbosity level
900                                - may appear multiple times
901   -e no  id-key         Write IFF or GQ identity keys
902   -G no  gq-params      Generate GQ parameters and keys
903   -H no  host-key       generate RSA host key
904   -I no  iffkey         generate IFF parameters
905   -i Str ident          set Autokey group name
906   -l Num lifetime       set certificate lifetime
907   -M no  md5key         generate MD5 keys
908   -m Num modulus        modulus
909                                - it must be in the range:
910                                  256 to 2048
911   -P no  pvt-cert       generate PC private certificate
912   -p Str password       local private password
913   -q Str export-passwd  export IFF or GQ group keys with password
914   -S Str sign-key       generate sign key (RSA or DSA)
915   -s Str subject-name   set host and optionally group name
916   -T no  trusted-cert   trusted certificate (TC scheme)
917   -V Num mv-params      generate <num> MV parameters
918   -v Num mv-keys        update <num> MV keys
919      opt version        output version information and exit
920   -? no  help           display extended usage information and exit
921   -! no  more-help      extended usage information passed thru pager
922   -> opt save-opts      save the option state to a config file
923   -< Str load-opts      load options from a config file
924                                - disabled as '--no-load-opts'
925                                - may appear multiple times
926
927Options are specified by doubled hyphens and their name or by a single
928hyphen and the flag character.
929
930
931The following option preset mechanisms are supported:
932 - reading file $HOME/.ntprc
933 - reading file ./.ntprc
934 - examining environment variables named NTP_KEYGEN_*
935
936Please send bug reports to:  <http://bugs.ntp.org, bugs@@ntp.org>
937@end example
938@exampleindent 4
939
940@node ntp-keygen imbits
941@subsection imbits option (-b)
942@cindex ntp-keygen-imbits
943
944This is the ``identity modulus bits'' option.
945This option takes a number argument @file{imbits}.
946
947@noindent
948This option has some usage constraints.  It:
949@itemize @bullet
950@item
951must be compiled in by defining @code{AUTOKEY} during the compilation.
952@end itemize
953
954The number of bits in the identity modulus.  The default is 256.
955@node ntp-keygen certificate
956@subsection certificate option (-c)
957@cindex ntp-keygen-certificate
958
959This is the ``certificate scheme'' option.
960This option takes a string argument @file{scheme}.
961
962@noindent
963This option has some usage constraints.  It:
964@itemize @bullet
965@item
966must be compiled in by defining @code{AUTOKEY} during the compilation.
967@end itemize
968
969scheme is one of
970RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160,
971DSA-SHA, or DSA-SHA1.
972
973Select the certificate message digest/signature encryption scheme.
974Note that RSA schemes must be used with a RSA sign key and DSA
975schemes must be used with a DSA sign key.  The default without
976this option is RSA-MD5.
977@node ntp-keygen cipher
978@subsection cipher option (-C)
979@cindex ntp-keygen-cipher
980
981This is the ``privatekey cipher'' option.
982This option takes a string argument @file{cipher}.
983
984@noindent
985This option has some usage constraints.  It:
986@itemize @bullet
987@item
988must be compiled in by defining @code{AUTOKEY} during the compilation.
989@end itemize
990
991Select the cipher which is used to encrypt the files containing
992private keys.  The default is three-key triple DES in CBC mode,
993equivalent to "@code{-C des-ede3-cbc".  The openssl tool lists ciphers
994available in "@code{openssl -h}" output.
995@node ntp-keygen id-key
996@subsection id-key option (-e)
997@cindex ntp-keygen-id-key
998
999This is the ``write iff or gq identity keys'' option.
1000
1001@noindent
1002This option has some usage constraints.  It:
1003@itemize @bullet
1004@item
1005must be compiled in by defining @code{AUTOKEY} during the compilation.
1006@end itemize
1007
1008Write the IFF or GQ client keys to the standard output.  This is
1009intended for automatic key distribution by mail.
1010@node ntp-keygen gq-params
1011@subsection gq-params option (-G)
1012@cindex ntp-keygen-gq-params
1013
1014This is the ``generate gq parameters and keys'' option.
1015
1016@noindent
1017This option has some usage constraints.  It:
1018@itemize @bullet
1019@item
1020must be compiled in by defining @code{AUTOKEY} during the compilation.
1021@end itemize
1022
1023Generate parameters and keys for the GQ identification scheme,
1024obsoleting any that may exist.
1025@node ntp-keygen host-key
1026@subsection host-key option (-H)
1027@cindex ntp-keygen-host-key
1028
1029This is the ``generate rsa host key'' option.
1030
1031@noindent
1032This option has some usage constraints.  It:
1033@itemize @bullet
1034@item
1035must be compiled in by defining @code{AUTOKEY} during the compilation.
1036@end itemize
1037
1038Generate new host keys, obsoleting any that may exist.
1039@node ntp-keygen iffkey
1040@subsection iffkey option (-I)
1041@cindex ntp-keygen-iffkey
1042
1043This is the ``generate iff parameters'' option.
1044
1045@noindent
1046This option has some usage constraints.  It:
1047@itemize @bullet
1048@item
1049must be compiled in by defining @code{AUTOKEY} during the compilation.
1050@end itemize
1051
1052Generate parameters for the IFF identification scheme, obsoleting
1053any that may exist.
1054@node ntp-keygen ident
1055@subsection ident option (-i)
1056@cindex ntp-keygen-ident
1057
1058This is the ``set autokey group name'' option.
1059This option takes a string argument @file{group}.
1060
1061@noindent
1062This option has some usage constraints.  It:
1063@itemize @bullet
1064@item
1065must be compiled in by defining @code{AUTOKEY} during the compilation.
1066@end itemize
1067
1068Set the optional Autokey group name to name.  This is used in
1069the file name of IFF, GQ, and MV client parameters files.  In
1070that role, the default is the host name if this option is not
1071provided.  The group name, if specified using @code{-i/--ident} or
1072using @code{-s/--subject-name} following an '@code{@}' character,
1073is also a part of the self-signed host certificate's subject and
1074issuer names in the form @code{host@group} and should match the
1075'@code{crypto ident}' or '@code{server ident}' configuration in
1076@code{ntpd}'s configuration file.
1077@node ntp-keygen lifetime
1078@subsection lifetime option (-l)
1079@cindex ntp-keygen-lifetime
1080
1081This is the ``set certificate lifetime'' option.
1082This option takes a number argument @file{lifetime}.
1083
1084@noindent
1085This option has some usage constraints.  It:
1086@itemize @bullet
1087@item
1088must be compiled in by defining @code{AUTOKEY} during the compilation.
1089@end itemize
1090
1091Set the certificate expiration to lifetime days from now.
1092@node ntp-keygen md5key
1093@subsection md5key option (-M)
1094@cindex ntp-keygen-md5key
1095
1096This is the ``generate md5 keys'' option.
1097Generate MD5 keys, obsoleting any that may exist.
1098@node ntp-keygen modulus
1099@subsection modulus option (-m)
1100@cindex ntp-keygen-modulus
1101
1102This is the ``modulus'' option.
1103This option takes a number argument @file{modulus}.
1104
1105@noindent
1106This option has some usage constraints.  It:
1107@itemize @bullet
1108@item
1109must be compiled in by defining @code{AUTOKEY} during the compilation.
1110@end itemize
1111
1112The number of bits in the prime modulus.  The default is 512.
1113@node ntp-keygen pvt-cert
1114@subsection pvt-cert option (-P)
1115@cindex ntp-keygen-pvt-cert
1116
1117This is the ``generate pc private certificate'' option.
1118
1119@noindent
1120This option has some usage constraints.  It:
1121@itemize @bullet
1122@item
1123must be compiled in by defining @code{AUTOKEY} during the compilation.
1124@end itemize
1125
1126Generate a private certificate.  By default, the program generates
1127public certificates.
1128@node ntp-keygen password
1129@subsection password option (-p)
1130@cindex ntp-keygen-password
1131
1132This is the ``local private password'' option.
1133This option takes a string argument @file{passwd}.
1134
1135@noindent
1136This option has some usage constraints.  It:
1137@itemize @bullet
1138@item
1139must be compiled in by defining @code{AUTOKEY} during the compilation.
1140@end itemize
1141
1142Local files containing private data are encrypted with the
1143DES-CBC algorithm and the specified password.  The same password
1144must be specified to the local ntpd via the "crypto pw password"
1145configuration command.  The default password is the local
1146hostname.
1147@node ntp-keygen export-passwd
1148@subsection export-passwd option (-q)
1149@cindex ntp-keygen-export-passwd
1150
1151This is the ``export iff or gq group keys with password'' option.
1152This option takes a string argument @file{passwd}.
1153
1154@noindent
1155This option has some usage constraints.  It:
1156@itemize @bullet
1157@item
1158must be compiled in by defining @code{AUTOKEY} during the compilation.
1159@end itemize
1160
1161Export IFF or GQ identity group keys to the standard output,
1162encrypted with the DES-CBC algorithm and the specified password.
1163The same password must be specified to the remote ntpd via the
1164"crypto pw password" configuration command.  See also the option
1165--id-key (-e) for unencrypted exports.
1166@node ntp-keygen sign-key
1167@subsection sign-key option (-S)
1168@cindex ntp-keygen-sign-key
1169
1170This is the ``generate sign key (rsa or dsa)'' option.
1171This option takes a string argument @file{sign}.
1172
1173@noindent
1174This option has some usage constraints.  It:
1175@itemize @bullet
1176@item
1177must be compiled in by defining @code{AUTOKEY} during the compilation.
1178@end itemize
1179
1180Generate a new sign key of the designated type, obsoleting any
1181that may exist.  By default, the program uses the host key as the
1182sign key.
1183@node ntp-keygen subject-name
1184@subsection subject-name option (-s)
1185@cindex ntp-keygen-subject-name
1186
1187This is the ``set host and optionally group name'' option.
1188This option takes a string argument @file{host@@group}.
1189
1190@noindent
1191This option has some usage constraints.  It:
1192@itemize @bullet
1193@item
1194must be compiled in by defining @code{AUTOKEY} during the compilation.
1195@end itemize
1196
1197Set the Autokey host name, and optionally, group name specified
1198following an '@code{@}' character.  The host name is used in the file
1199name of generated host and signing certificates, without the
1200group name.  The host name, and if provided, group name are used
1201in @code{host@group} form for the host certificate's subject and issuer
1202fields.  Specifying '@code{-s @group}' is allowed, and results in
1203leaving the host name unchanged while appending @code{@group} to the
1204subject and issuer fields, as with @code{-i group}.  The group name, or
1205if not provided, the host name are also used in the file names
1206of IFF, GQ, and MV client parameter files.
1207@node ntp-keygen trusted-cert
1208@subsection trusted-cert option (-T)
1209@cindex ntp-keygen-trusted-cert
1210
1211This is the ``trusted certificate (tc scheme)'' option.
1212
1213@noindent
1214This option has some usage constraints.  It:
1215@itemize @bullet
1216@item
1217must be compiled in by defining @code{AUTOKEY} during the compilation.
1218@end itemize
1219
1220Generate a trusted certificate.  By default, the program generates
1221a non-trusted certificate.
1222@node ntp-keygen mv-params
1223@subsection mv-params option (-V)
1224@cindex ntp-keygen-mv-params
1225
1226This is the ``generate <num> mv parameters'' option.
1227This option takes a number argument @file{num}.
1228
1229@noindent
1230This option has some usage constraints.  It:
1231@itemize @bullet
1232@item
1233must be compiled in by defining @code{AUTOKEY} during the compilation.
1234@end itemize
1235
1236Generate parameters and keys for the Mu-Varadharajan (MV)
1237identification scheme.
1238@node ntp-keygen mv-keys
1239@subsection mv-keys option (-v)
1240@cindex ntp-keygen-mv-keys
1241
1242This is the ``update <num> mv keys'' option.
1243This option takes a number argument @file{num}.
1244
1245@noindent
1246This option has some usage constraints.  It:
1247@itemize @bullet
1248@item
1249must be compiled in by defining @code{AUTOKEY} during the compilation.
1250@end itemize
1251
1252This option has no @samp{doc} documentation.
1253
1254
1255@node ntp-keygen config
1256@subsection presetting/configuring ntp-keygen
1257
1258Any option that is not marked as @i{not presettable} may be preset by
1259loading values from configuration ("rc" or "ini") files, and values from environment variables named @code{NTP-KEYGEN} and @code{NTP-KEYGEN_<OPTION_NAME>}.  @code{<OPTION_NAME>} must be one of
1260the options listed above in upper case and segmented with underscores.
1261The @code{NTP-KEYGEN} variable will be tokenized and parsed like
1262the command line.  The remaining variables are tested for existence and their
1263values are treated like option arguments.
1264
1265
1266@noindent
1267@code{libopts} will search in 2 places for configuration files:
1268@itemize @bullet
1269@item
1270$HOME
1271@item
1272$PWD
1273@end itemize
1274The environment variables @code{HOME}, and @code{PWD}
1275are expanded and replaced when @file{ntp-keygen} runs.
1276For any of these that are plain files, they are simply processed.
1277For any that are directories, then a file named @file{.ntprc} is searched for
1278within that directory and processed.
1279
1280Configuration files may be in a wide variety of formats.
1281The basic format is an option name followed by a value (argument) on the
1282same line.  Values may be separated from the option name with a colon,
1283equal sign or simply white space.  Values may be continued across multiple
1284lines by escaping the newline with a backslash.
1285
1286Multiple programs may also share the same initialization file.
1287Common options are collected at the top, followed by program specific
1288segments.  The segments are separated by lines like:
1289@example
1290[NTP-KEYGEN]
1291@end example
1292@noindent
1293or by
1294@example
1295<?program ntp-keygen>
1296@end example
1297@noindent
1298Do not mix these styles within one configuration file.
1299
1300Compound values and carefully constructed string values may also be
1301specified using XML syntax:
1302@example
1303<option-name>
1304   <sub-opt>...&lt;...&gt;...</sub-opt>
1305</option-name>
1306@end example
1307@noindent
1308yielding an @code{option-name.sub-opt} string value of
1309@example
1310"...<...>..."
1311@end example
1312@code{AutoOpts} does not track suboptions.  You simply note that it is a
1313hierarchicly valued option.  @code{AutoOpts} does provide a means for searching
1314the associated name/value pair list (see: optionFindValue).
1315
1316The command line options relating to configuration and/or usage help are:
1317
1318@subsubheading version (-)
1319
1320Print the program version to standard out, optionally with licensing
1321information, then exit 0.  The optional argument specifies how much licensing
1322detail to provide.  The default is to print just the version.  The licensing infomation may be selected with an option argument.
1323Only the first letter of the argument is examined:
1324
1325@table @samp
1326@item version
1327Only print the version.  This is the default.
1328@item copyright
1329Name the copyright usage licensing terms.
1330@item verbose
1331Print the full copyright usage licensing terms.
1332@end table
1333
1334@node ntp-keygen exit status
1335@subsection ntp-keygen exit status
1336
1337One of the following exit values will be returned:
1338@table @samp
1339@item 0 (EXIT_SUCCESS)
1340Successful program execution.
1341@item 1 (EXIT_FAILURE)
1342The operation failed or the command syntax was not valid.
1343@item 66 (EX_NOINPUT)
1344A specified configuration file could not be loaded.
1345@item 70 (EX_SOFTWARE)
1346libopts had an internal operational error.  Please report
1347it to autogen-users@@lists.sourceforge.net.  Thank you.
1348@end table
1349@node ntp-keygen Usage
1350@subsection ntp-keygen Usage
1351@node ntp-keygen Notes
1352@subsection ntp-keygen Notes
1353@node ntp-keygen Bugs
1354@subsection ntp-keygen Bugs
1355