2 .Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
4 .\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
6 .\" It has been AutoGen-ed April 26, 2016 at 08:30:23 PM by AutoGen 5.18.5
7 .\" From the definitions ntp-keygen-opts.def
8 .\" and the template file agmdoc-cmd.tpl
11 .Nd Create a NTP host key
14 .\" Mixture of short (flag) options and long options
16 .Op Fl flag Op Ar value
17 .Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
19 All arguments must be options.
22 This program generates cryptographic data files used by the NTPv4
23 authentication and identification schemes.
24 It generates MD5 key files used in symmetric key cryptography.
25 In addition, if the OpenSSL software library has been installed,
26 it generates keys, certificate and identity files used in public key
28 These files are used for cookie encryption,
29 digital signature and challenge/response identification algorithms
30 compatible with the Internet standard security infrastructure.
32 All files are in PEM\-encoded printable ASCII format,
33 so they can be embedded as MIME attachments in mail to other sites
34 and certificate authorities.
35 By default, files are not encrypted.
37 When used to generate message digest keys, the program produces a file
38 containing ten pseudo\-random printable ASCII strings suitable for the
39 MD5 message digest algorithm included in the distribution.
40 If the OpenSSL library is installed, it produces an additional ten
41 hex\-encoded random bit strings suitable for the SHA1 and other message
43 The message digest keys file must be distributed and stored
44 using secure means beyond the scope of NTP itself.
45 Besides the keys used for ordinary NTP associations, additional keys
46 can be defined as passwords for the
52 The remaining generated files are compatible with other OpenSSL
53 applications and other Public Key Infrastructure (PKI) resources.
54 Certificates generated by this program are compatible with extant
55 industry practice, although some users might find the interpretation of
56 X509v3 extension fields somewhat liberal.
57 However, the identity keys are probably not compatible with anything
60 Some files used by this program are encrypted using a private password.
63 option specifies the password for local encrypted files and the
65 option the password for encrypted files sent to remote sites.
66 If no password is specified, the host name returned by the Unix
68 function, normally the DNS name of the host is used.
74 configuration command specifies the read
75 password for previously encrypted local files.
76 This must match the local password used by this program.
77 If not specified, the host name is used.
78 Thus, if files are generated by this program without password,
79 they can be read back by
81 without password but only on the same host.
83 Normally, encrypted files for each host are generated by that host and
84 used only by that host, although exceptions exist as noted later on
86 The symmetric keys file, normally called
88 is usually installed in
90 Other files and links are usually installed in
92 which is normally in a shared filesystem in
93 NFS\-mounted networks and cannot be changed by shared clients.
94 The location of the keys directory can be changed by the
96 configuration command in such cases.
100 This program directs commentary and error messages to the standard
103 and remote files to the standard output stream
105 where they can be piped to other applications or redirected to files.
106 The names used for generated files and links all begin with the
109 and include the file type, generating host and filestamp,
111 .Dq Cryptographic Data Files
113 .Ss Running the Program
114 To test and gain experience with Autokey concepts, log in as root and
115 change to the keys directory, usually
117 When run for the first time, or if all files with names beginning with
119 have been removed, use the
121 command without arguments to generate a
122 default RSA host key and matching RSA\-MD5 certificate with expiration
124 If run again without options, the program uses the
125 existing keys and parameters and generates only a new certificate with
126 new expiration date one year hence.
128 Run the command on as many hosts as necessary.
129 Designate one of them as the trusted host (TH) using
133 option and configure it to synchronize from reliable Internet servers.
134 Then configure the other hosts to synchronize to the TH directly or
136 A certificate trail is created when Autokey asks the immediately
137 ascendant host towards the TH to sign its certificate, which is then
138 provided to the immediately descendant host on request.
139 All group hosts should have acyclic certificate trails ending on the TH.
141 The host key is used to encrypt the cookie when required and so must be
143 By default, the host key is also the sign key used to encrypt
145 A different sign key can be assigned using the
147 option and this can be either RSA or DSA type.
148 By default, the signature
149 message digest type is MD5, but any combination of sign key type and
150 message digest type supported by the OpenSSL library can be specified
154 The rules say cryptographic media should be generated with proventic
155 filestamps, which means the host should already be synchronized before
157 This of course creates a chicken\-and\-egg problem
158 when the host is started for the first time.
159 Accordingly, the host time
160 should be set by some other means, such as eyeball\-and\-wristwatch, at
161 least so that the certificate lifetime is within the current year.
162 After that and when the host is synchronized to a proventic source, the
163 certificate should be re\-generated.
165 Additional information on trusted groups and identity schemes is on the
166 .Dq Autokey Public\-Key Authentication
171 configuration command
172 .Ic crypto pw Ar password
173 specifies the read password for previously encrypted files.
174 The daemon expires on the spot if the password is missing
176 For convenience, if a file has been previously encrypted,
177 the default read password is the name of the host running
179 If the previous write password is specified as the host name,
180 these files can be read by that host with no explicit password.
182 File names begin with the prefix
184 and end with the postfix
185 .Ar _hostname.filestamp ,
188 is the owner name, usually the string returned
189 by the Unix gethostname() routine, and
191 is the NTP seconds when the file was generated, in decimal digits.
192 This both guarantees uniqueness and simplifies maintenance
193 procedures, since all files can be quickly removed
196 command or all files generated
197 at a specific time can be removed by a
201 To further reduce the risk of misconfiguration,
202 the first two lines of a file contain the file name
203 and generation date and time as comments.
205 All files are installed by default in the keys directory
207 which is normally in a shared filesystem
208 in NFS\-mounted networks.
209 The actual location of the keys directory
210 and each file can be overridden by configuration commands,
211 but this is not recommended.
212 Normally, the files for each host are generated by that host
213 and used only by that host, although exceptions exist
214 as noted later on this page.
216 Normally, files containing private values,
217 including the host key, sign key and identification parameters,
218 are permitted root read/write\-only;
219 while others containing public values are permitted world readable.
220 Alternatively, files containing private values can be encrypted
221 and these files permitted world readable,
222 which simplifies maintenance in shared file systems.
223 Since uniqueness is insured by the hostname and
224 file name extensions, the files for a NFS server and
225 dependent clients can all be installed in the same shared directory.
227 The recommended practice is to keep the file name extensions
228 when installing a file and to install a soft link
229 from the generic names specified elsewhere on this page
230 to the generated files.
231 This allows new file generations to be activated simply
232 by changing the link.
233 If a link is present, ntpd follows it to the file name
234 to extract the filestamp.
235 If a link is not present,
237 extracts the filestamp from the file itself.
238 This allows clients to verify that the file and generation times
242 program uses the same timestamp extension for all files generated
243 at one time, so each generation is distinct and can be readily
244 recognized in monitoring data.
245 .Ss Running the program
246 The safest way to run the
248 program is logged in directly as root.
249 The recommended procedure is change to the keys directory,
252 then run the program.
253 When run for the first time,
256 files have been removed,
257 the program generates a RSA host key file and matching RSA\-MD5 certificate file,
258 which is all that is necessary in many cases.
259 The program also generates soft links from the generic names
260 to the respective files.
261 If run again, the program uses the same host key file,
262 but generates a new certificate file and link.
264 The host key is used to encrypt the cookie when required and so must be RSA type.
265 By default, the host key is also the sign key used to encrypt signatures.
266 When necessary, a different sign key can be specified and this can be
267 either RSA or DSA type.
268 By default, the message digest type is MD5, but any combination
269 of sign key type and message digest type supported by the OpenSSL library
270 can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2
271 and RIPE160 message digest algorithms.
272 However, the scheme specified in the certificate must be compatible
274 Certificates using any digest algorithm are compatible with RSA sign keys;
275 however, only SHA and SHA1 certificates are compatible with DSA sign keys.
277 Private/public key files and certificates are compatible with
278 other OpenSSL applications and very likely other libraries as well.
279 Certificates or certificate requests derived from them should be compatible
280 with extant industry practice, although some users might find
281 the interpretation of X509v3 extension fields somewhat liberal.
282 However, the identification parameter files, although encoded
283 as the other files, are probably not compatible with anything other than Autokey.
285 Running the program as other than root and using the Unix
288 to assume root may not work properly, since by default the OpenSSL library
289 looks for the random seed file
291 in the user home directory.
292 However, there should be only one
295 in the root directory, so it is convenient to define the
297 environment variable used by the OpenSSL library as the path to
300 Installing the keys as root might not work in NFS\-mounted
301 shared file systems, as NFS clients may not be able to write
302 to the shared keys directory, even as root.
303 In this case, NFS clients can specify the files in another
309 There is no need for one client to read the keys and certificates
310 of other clients or servers, as these data are obtained automatically
311 by the Autokey protocol.
313 Ordinarily, cryptographic files are generated by the host that uses them,
314 but it is possible for a trusted agent (TA) to generate these files
315 for other hosts; however, in such cases files should always be encrypted.
316 The subject name and trusted name default to the hostname
317 of the host generating the files, but can be changed by command line options.
318 It is convenient to designate the owner name and trusted name
319 as the subject and issuer fields, respectively, of the certificate.
320 The owner name is also used for the host and sign key files,
321 while the trusted name is used for the identity files.
323 All files are installed by default in the keys directory
325 which is normally in a shared filesystem
326 in NFS\-mounted networks.
327 The actual location of the keys directory
328 and each file can be overridden by configuration commands,
329 but this is not recommended.
330 Normally, the files for each host are generated by that host
331 and used only by that host, although exceptions exist
332 as noted later on this page.
334 Normally, files containing private values,
335 including the host key, sign key and identification parameters,
336 are permitted root read/write\-only;
337 while others containing public values are permitted world readable.
338 Alternatively, files containing private values can be encrypted
339 and these files permitted world readable,
340 which simplifies maintenance in shared file systems.
341 Since uniqueness is insured by the hostname and
342 file name extensions, the files for a NFS server and
343 dependent clients can all be installed in the same shared directory.
345 The recommended practice is to keep the file name extensions
346 when installing a file and to install a soft link
347 from the generic names specified elsewhere on this page
348 to the generated files.
349 This allows new file generations to be activated simply
350 by changing the link.
351 If a link is present, ntpd follows it to the file name
352 to extract the filestamp.
353 If a link is not present,
355 extracts the filestamp from the file itself.
356 This allows clients to verify that the file and generation times
360 program uses the same timestamp extension for all files generated
361 at one time, so each generation is distinct and can be readily
362 recognized in monitoring data.
363 .Ss Running the program
364 The safest way to run the
366 program is logged in directly as root.
367 The recommended procedure is change to the keys directory,
370 then run the program.
371 When run for the first time,
374 files have been removed,
375 the program generates a RSA host key file and matching RSA\-MD5 certificate file,
376 which is all that is necessary in many cases.
377 The program also generates soft links from the generic names
378 to the respective files.
379 If run again, the program uses the same host key file,
380 but generates a new certificate file and link.
382 The host key is used to encrypt the cookie when required and so must be RSA type.
383 By default, the host key is also the sign key used to encrypt signatures.
384 When necessary, a different sign key can be specified and this can be
385 either RSA or DSA type.
386 By default, the message digest type is MD5, but any combination
387 of sign key type and message digest type supported by the OpenSSL library
388 can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2
389 and RIPE160 message digest algorithms.
390 However, the scheme specified in the certificate must be compatible
392 Certificates using any digest algorithm are compatible with RSA sign keys;
393 however, only SHA and SHA1 certificates are compatible with DSA sign keys.
395 Private/public key files and certificates are compatible with
396 other OpenSSL applications and very likely other libraries as well.
397 Certificates or certificate requests derived from them should be compatible
398 with extant industry practice, although some users might find
399 the interpretation of X509v3 extension fields somewhat liberal.
400 However, the identification parameter files, although encoded
401 as the other files, are probably not compatible with anything other than Autokey.
403 Running the program as other than root and using the Unix
406 to assume root may not work properly, since by default the OpenSSL library
407 looks for the random seed file
409 in the user home directory.
410 However, there should be only one
413 in the root directory, so it is convenient to define the
415 environment variable used by the OpenSSL library as the path to
418 Installing the keys as root might not work in NFS\-mounted
419 shared file systems, as NFS clients may not be able to write
420 to the shared keys directory, even as root.
421 In this case, NFS clients can specify the files in another
427 There is no need for one client to read the keys and certificates
428 of other clients or servers, as these data are obtained automatically
429 by the Autokey protocol.
431 Ordinarily, cryptographic files are generated by the host that uses them,
432 but it is possible for a trusted agent (TA) to generate these files
433 for other hosts; however, in such cases files should always be encrypted.
434 The subject name and trusted name default to the hostname
435 of the host generating the files, but can be changed by command line options.
436 It is convenient to designate the owner name and trusted name
437 as the subject and issuer fields, respectively, of the certificate.
438 The owner name is also used for the host and sign key files,
439 while the trusted name is used for the identity files.
442 s Trusted Hosts and Groups
443 Each cryptographic configuration involves selection of a signature scheme
444 and identification scheme, called a cryptotype,
446 .Sx Authentication Options
449 The default cryptotype uses RSA encryption, MD5 message digest
450 and TC identification.
451 First, configure a NTP subnet including one or more low\-stratum
452 trusted hosts from which all other hosts derive synchronization
453 directly or indirectly.
454 Trusted hosts have trusted certificates;
455 all other hosts have nontrusted certificates.
456 These hosts will automatically and dynamically build authoritative
457 certificate trails to one or more trusted hosts.
458 A trusted group is the set of all hosts that have, directly or indirectly,
459 a certificate trail ending at a trusted host.
460 The trail is defined by static configuration file entries
461 or dynamic means described on the
462 .Sx Automatic NTP Configuration Options
466 On each trusted host as root, change to the keys directory.
467 To insure a fresh fileset, remove all
473 to generate keys and a trusted certificate.
474 On all other hosts do the same, but leave off the
476 flag to generate keys and nontrusted certificates.
477 When complete, start the NTP daemons beginning at the lowest stratum
478 and working up the tree.
479 It may take some time for Autokey to instantiate the certificate trails
480 throughout the subnet, but setting up the environment is completely automatic.
482 If it is necessary to use a different sign key or different digest/signature
483 scheme than the default, run
493 The most often need to do this is when a DSA\-signed certificate is used.
494 If it is necessary to use a different certificate scheme than the default,
504 is run again without these options, it generates a new certificate
505 using the same scheme and sign key.
507 After setting up the environment it is advisable to update certificates
508 from time to time, if only to extend the validity interval.
511 with the same flags as before to generate new certificates
513 However, if the host or sign key is changed,
518 is restarted, it loads any new files and restarts the protocol.
519 Other dependent hosts will continue as usual until signatures are refreshed,
520 at which time the protocol is restarted.
522 As mentioned on the Autonomous Authentication page,
523 the default TC identity scheme is vulnerable to a middleman attack.
524 However, there are more secure identity schemes available,
525 including PC, IFF, GQ and MV described on the
526 .Qq Identification Schemes
529 .Li http://www.eecis.udel.edu/%7emills/keygen.html ) .
530 These schemes are based on a TA, one or more trusted hosts
531 and some number of nontrusted hosts.
532 Trusted hosts prove identity using values provided by the TA,
533 while the remaining hosts prove identity using values provided
534 by a trusted host and certificate trails that end on that host.
535 The name of a trusted host is also the name of its sugroup
536 and also the subject and issuer name on its trusted certificate.
537 The TA is not necessarily a trusted host in this sense, but often is.
539 In some schemes there are separate keys for servers and clients.
540 A server can also be a client of another server,
541 but a client can never be a server for another client.
542 In general, trusted hosts and nontrusted hosts that operate
543 as both server and client have parameter files that contain
544 both server and client keys.
546 only as clients have key files that contain only client keys.
548 The PC scheme supports only one trusted host in the group.
549 On trusted host alice run
553 to generate the host key file
554 .Pa ntpkey_RSAkey_ Ns Ar alice.filestamp
555 and trusted private certificate file
556 .Pa ntpkey_RSA\-MD5_cert_ Ns Ar alice.filestamp .
557 Copy both files to all group hosts;
558 they replace the files which would be generated in other schemes.
559 On each host bob install a soft link from the generic name
560 .Pa ntpkey_host_ Ns Ar bob
561 to the host key file and soft link
562 .Pa ntpkey_cert_ Ns Ar bob
563 to the private certificate file.
564 Note the generic links are on bob, but point to files generated
565 by trusted host alice.
566 In this scheme it is not possible to refresh
567 either the keys or certificates without copying them
568 to all other hosts in the group.
570 For the IFF scheme proceed as in the TC scheme to generate keys
571 and certificates for all group hosts, then for every trusted host in the group,
572 generate the IFF parameter file.
573 On trusted host alice run
578 to produce her parameter file
579 .Pa ntpkey_IFFpar_ Ns Ar alice.filestamp ,
580 which includes both server and client keys.
581 Copy this file to all group hosts that operate as both servers
582 and clients and install a soft link from the generic
583 .Pa ntpkey_iff_ Ns Ar alice
585 If there are no hosts restricted to operate only as clients,
586 there is nothing further to do.
587 As the IFF scheme is independent
588 of keys and certificates, these files can be refreshed as needed.
590 If a rogue client has the parameter file, it could masquerade
591 as a legitimate server and present a middleman threat.
592 To eliminate this threat, the client keys can be extracted
593 from the parameter file and distributed to all restricted clients.
594 After generating the parameter file, on alice run
597 and pipe the output to a file or mail program.
598 Copy or mail this file to all restricted clients.
599 On these clients install a soft link from the generic
600 .Pa ntpkey_iff_ Ns Ar alice
602 To further protect the integrity of the keys,
603 each file can be encrypted with a secret password.
605 For the GQ scheme proceed as in the TC scheme to generate keys
606 and certificates for all group hosts, then for every trusted host
607 in the group, generate the IFF parameter file.
608 On trusted host alice run
613 to produce her parameter file
614 .Pa ntpkey_GQpar_ Ns Ar alice.filestamp ,
615 which includes both server and client keys.
616 Copy this file to all group hosts and install a soft link
618 .Pa ntpkey_gq_ Ns Ar alice
620 In addition, on each host bob install a soft link
622 .Pa ntpkey_gq_ Ns Ar bob
624 As the GQ scheme updates the GQ parameters file and certificate
625 at the same time, keys and certificates can be regenerated as needed.
627 For the MV scheme, proceed as in the TC scheme to generate keys
628 and certificates for all group hosts.
629 For illustration assume trish is the TA, alice one of several trusted hosts
630 and bob one of her clients.
637 is the number of revokable keys (typically 5) to produce
639 .Pa ntpkeys_MVpar_ Ns Ar trish.filestamp
641 .Pa ntpkeys_MVkeyd_ Ns Ar trish.filestamp
644 is the key number (0 \&<
648 Copy the parameter file to alice and install a soft link
650 .Pa ntpkey_mv_ Ns Ar alice
652 Copy one of the client key files to alice for later distribution
654 It doesn't matter which client key file goes to alice,
655 since they all work the same way.
656 Alice copies the client key file to all of her cliens.
657 On client bob install a soft link from generic
658 .Pa ntpkey_mvkey_ Ns Ar bob
659 to the client key file.
660 As the MV scheme is independent of keys and certificates,
661 these files can be refreshed as needed.
662 .Ss Command Line Options
663 .Bl -tag -width indent
665 Select certificate message digest/signature encryption scheme.
668 can be one of the following:
669 . Cm RSA\-MD2 , RSA\-MD5 , RSA\-SHA , RSA\-SHA1 , RSA\-MDC2 , RSA\-RIPEMD160 , DSA\-SHA ,
672 Note that RSA schemes must be used with a RSA sign key and DSA
673 schemes must be used with a DSA sign key.
674 The default without this option is
678 This option displays the cryptographic data produced in eye\-friendly billboards.
680 Write the IFF client keys to the standard output.
681 This is intended for automatic key distribution by mail.
683 Generate parameters and keys for the GQ identification scheme,
684 obsoleting any that may exist.
686 Generate keys for the GQ identification scheme
687 using the existing GQ parameters.
688 If the GQ parameters do not yet exist, create them first.
690 Generate new host keys, obsoleting any that may exist.
692 Generate parameters for the IFF identification scheme,
693 obsoleting any that may exist.
695 Set the suject name to
697 This is used as the subject field in certificates
698 and in the file name for host and sign keys.
700 Generate MD5 keys, obsoleting any that may exist.
702 Generate a private certificate.
703 By default, the program generates public certificates.
705 Encrypt generated files containing private data with
707 and the DES\-CBC algorithm.
709 Set the password for reading files to password.
710 .It Fl S Oo Cm RSA | DSA Oc
711 Generate a new sign key of the designated type,
712 obsoleting any that may exist.
713 By default, the program uses the host key as the sign key.
715 Set the issuer name to
717 This is used for the issuer field in certificates
718 and in the file name for identity files.
720 Generate a trusted certificate.
721 By default, the program generates a non\-trusted certificate.
723 Generate parameters and keys for the Mu\-Varadharajan (MV) identification scheme.
726 All cryptographically sound key generation schemes must have means
727 to randomize the entropy seed used to initialize
728 the internal pseudo\-random number generator used
729 by the library routines.
730 The OpenSSL library uses a designated random seed file for this purpose.
731 The file must be available when starting the NTP daemon and
734 If a site supports OpenSSL or its companion OpenSSH,
735 it is very likely that means to do this are already available.
737 It is important to understand that entropy must be evolved
738 for each generation, for otherwise the random number sequence
739 would be predictable.
740 Various means dependent on external events, such as keystroke intervals,
741 can be used to do this and some systems have built\-in entropy sources.
742 Suitable means are described in the OpenSSL software documentation,
743 but are outside the scope of this page.
745 The entropy seed used by the OpenSSL library is contained in a file,
748 which must be available when starting the NTP daemon
752 The NTP daemon will first look for the file
753 using the path specified by the
757 configuration command.
758 If not specified in this way, or when starting the
761 the OpenSSL library will look for the file using the path specified
764 environment variable in the user home directory,
765 whether root or some other user.
768 environment variable is not present,
769 the library will look for the
771 file in the user home directory.
772 If the file is not available or cannot be written,
773 the daemon exits with a message to the system log and the program
774 exits with a suitable error message.
775 .Ss Cryptographic Data Files
776 All other file formats begin with two lines.
777 The first contains the file name, including the generated host name
779 The second contains the datestamp in conventional Unix date format.
780 Lines beginning with # are considered comments and ignored by the
785 Cryptographic values are encoded first using ASN.1 rules,
786 then encrypted if necessary, and finally written PEM\-encoded
787 printable ASCII format preceded and followed by MIME content identifier lines.
789 The format of the symmetric keys file is somewhat different
790 than the other files in the interest of backward compatibility.
791 Since DES\-CBC is deprecated in NTPv4, the only key format of interest
792 is MD5 alphanumeric strings.
793 Following hte heard the keys are
794 entered one per line in the format
795 .D1 Ar keyno type key
798 is a positive integer in the range 1\-65,535,
800 is the string MD5 defining the key format and
803 which is a printable ASCII string 16 characters or less in length.
804 Each character is chosen from the 93 printable characters
805 in the range 0x21 through 0x7f excluding space and the
809 Note that the keys used by the
814 are checked against passwords requested by the programs
815 and entered by hand, so it is generally appropriate to specify these keys
816 in human readable ASCII format.
820 program generates a MD5 symmetric keys file
821 .Pa ntpkey_MD5key_ Ns Ar hostname.filestamp .
822 Since the file contains private shared keys,
823 it should be visible only to root and distributed by secure means
824 to other subnet hosts.
825 The NTP daemon loads the file
829 installs a soft link from this name to the generated file.
830 Subsequently, similar soft links must be installed by manual
831 or automated means on the other subnet hosts.
832 While this file is not used with the Autokey Version 2 protocol,
833 it is needed to authenticate some remote configuration commands
841 .It Fl b Ar imbits , Fl \-imbits Ns = Ns Ar imbits
842 identity modulus bits.
843 This option takes an integer number as its argument.
846 is constrained to being:
850 in the range 256 through 2048
854 The number of bits in the identity modulus. The default is 256.
855 .It Fl c Ar scheme , Fl \-certificate Ns = Ns Ar scheme
859 RSA\-MD2, RSA\-MD5, RSA\-SHA, RSA\-SHA1, RSA\-MDC2, RSA\-RIPEMD160,
860 DSA\-SHA, or DSA\-SHA1.
862 Select the certificate message digest/signature encryption scheme.
863 Note that RSA schemes must be used with a RSA sign key and DSA
864 schemes must be used with a DSA sign key. The default without
865 this option is RSA\-MD5.
866 .It Fl C Ar cipher , Fl \-cipher Ns = Ns Ar cipher
869 Select the cipher which is used to encrypt the files containing
870 private keys. The default is three\-key triple DES in CBC mode,
871 equivalent to "@code{\-C des\-ede3\-cbc". The openssl tool lists ciphers
872 available in "\fBopenssl \-h\fP" output.
873 .It Fl d , Fl \-debug\-level
874 Increase debug verbosity level.
875 This option may appear an unlimited number of times.
877 .It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
878 Set the debug verbosity level.
879 This option may appear an unlimited number of times.
880 This option takes an integer number as its argument.
882 .It Fl e , Fl \-id\-key
883 Write IFF or GQ identity keys.
885 Write the IFF or GQ client keys to the standard output. This is
886 intended for automatic key distribution by mail.
887 .It Fl G , Fl \-gq\-params
888 Generate GQ parameters and keys.
890 Generate parameters and keys for the GQ identification scheme,
891 obsoleting any that may exist.
892 .It Fl H , Fl \-host\-key
893 generate RSA host key.
895 Generate new host keys, obsoleting any that may exist.
896 .It Fl I , Fl \-iffkey
897 generate IFF parameters.
899 Generate parameters for the IFF identification scheme, obsoleting
901 .It Fl i Ar group , Fl \-ident Ns = Ns Ar group
902 set Autokey group name.
904 Set the optional Autokey group name to name. This is used in
905 the file name of IFF, GQ, and MV client parameters files. In
906 that role, the default is the host name if this option is not
907 provided. The group name, if specified using \fB\-i/\-\-ident\fP or
908 using \fB\-s/\-\-subject\-name\fP following an '\fB@\fP' character,
909 is also a part of the self\-signed host certificate's subject and
910 issuer names in the form \fBhost@group\fP and should match the
911 \'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
912 \fBntpd\fP's configuration file.
913 .It Fl l Ar lifetime , Fl \-lifetime Ns = Ns Ar lifetime
914 set certificate lifetime.
915 This option takes an integer number as its argument.
917 Set the certificate expiration to lifetime days from now.
918 .It Fl M , Fl \-md5key
921 Generate MD5 keys, obsoleting any that may exist.
922 .It Fl m Ar modulus , Fl \-modulus Ns = Ns Ar modulus
924 This option takes an integer number as its argument.
927 is constrained to being:
931 in the range 256 through 2048
935 The number of bits in the prime modulus. The default is 512.
936 .It Fl P , Fl \-pvt\-cert
937 generate PC private certificate.
939 Generate a private certificate. By default, the program generates
941 .It Fl p Ar passwd , Fl \-password Ns = Ns Ar passwd
942 local private password.
944 Local files containing private data are encrypted with the
945 DES\-CBC algorithm and the specified password. The same password
946 must be specified to the local ntpd via the "crypto pw password"
947 configuration command. The default password is the local
949 .It Fl q Ar passwd , Fl \-export\-passwd Ns = Ns Ar passwd
950 export IFF or GQ group keys with password.
952 Export IFF or GQ identity group keys to the standard output,
953 encrypted with the DES\-CBC algorithm and the specified password.
954 The same password must be specified to the remote ntpd via the
955 "crypto pw password" configuration command. See also the option
956 -\-id\-key (\-e) for unencrypted exports.
957 .It Fl S Ar sign , Fl \-sign\-key Ns = Ns Ar sign
958 generate sign key (RSA or DSA).
960 Generate a new sign key of the designated type, obsoleting any
961 that may exist. By default, the program uses the host key as the
963 .It Fl s Ar host@group , Fl \-subject\-name Ns = Ns Ar host@group
964 set host and optionally group name.
966 Set the Autokey host name, and optionally, group name specified
967 following an '\fB@\fP' character. The host name is used in the file
968 name of generated host and signing certificates, without the
969 group name. The host name, and if provided, group name are used
970 in \fBhost@group\fP form for the host certificate's subject and issuer
971 fields. Specifying '\fB\-s @group\fP' is allowed, and results in
972 leaving the host name unchanged while appending \fB@group\fP to the
973 subject and issuer fields, as with \fB\-i group\fP. The group name, or
974 if not provided, the host name are also used in the file names
975 of IFF, GQ, and MV client parameter files.
976 .It Fl T , Fl \-trusted\-cert
977 trusted certificate (TC scheme).
979 Generate a trusted certificate. By default, the program generates
980 a non\-trusted certificate.
981 .It Fl V Ar num , Fl \-mv\-params Ns = Ns Ar num
982 generate <num> MV parameters.
983 This option takes an integer number as its argument.
985 Generate parameters and keys for the Mu\-Varadharajan (MV)
986 identification scheme.
987 .It Fl v Ar num , Fl \-mv\-keys Ns = Ns Ar num
988 update <num> MV keys.
989 This option takes an integer number as its argument.
991 This option has not been fully documented.
992 .It Fl \&? , Fl \-help
993 Display usage information and exit.
994 .It Fl \&! , Fl \-more\-help
995 Pass the extended usage information through a pager.
996 .It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
997 Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
998 configuration file listed in the \fBOPTION PRESETS\fP section, below.
999 The command will exit after updating the config file.
1000 .It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
1001 Load options from \fIcfgfile\fP.
1002 The \fIno\-load\-opts\fP form will disable the loading
1003 of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
1005 .It Fl \-version Op Brq Ar v|c|n
1006 Output version of program and exit. The default mode is `v', a simple
1007 version. The `c' mode will print copyright information and `n' will
1008 print the full copyright notice.
1010 .Sh "OPTION PRESETS"
1011 Any option that is not marked as \fInot presettable\fP may be preset
1012 by loading values from configuration ("RC" or ".INI") file(s) and values from
1013 environment variables named:
1015 \fBNTP_KEYGEN_<option\-name>\fP or \fBNTP_KEYGEN\fP
1018 The environmental presets take precedence (are processed later than)
1019 the configuration files.
1020 The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
1021 If any of these are directories, then the file \fI.ntprc\fP
1022 is searched for within those directories.
1026 option specifies the write password and
1028 option the read password for previously encrypted files.
1031 program prompts for the password if it reads an encrypted file
1032 and the password is missing or incorrect.
1033 If an encrypted file is read successfully and
1034 no write password is specified, the read password is used
1035 as the write password by default.
1037 See \fBOPTION PRESETS\fP for configuration environment variables.
1039 See \fBOPTION PRESETS\fP for configuration files.
1041 One of the following exit values will be returned:
1043 .It 0 " (EXIT_SUCCESS)"
1044 Successful program execution.
1045 .It 1 " (EXIT_FAILURE)"
1046 The operation failed or the command syntax was not valid.
1047 .It 66 " (EX_NOINPUT)"
1048 A specified configuration file could not be loaded.
1049 .It 70 " (EX_SOFTWARE)"
1050 libopts had an internal operational error. Please report
1051 it to autogen\-users@lists.sourceforge.net. Thank you.
1054 The University of Delaware and Network Time Foundation
1056 Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
1057 This program is released under the terms of the NTP license, <http://ntp.org/license>.
1059 It can take quite a while to generate some cryptographic values,
1060 from one to several minutes with modern architectures
1061 such as UltraSPARC and up to tens of minutes to an hour
1062 with older architectures such as SPARC IPC.
1064 Please report bugs to http://bugs.ntp.org .
1066 Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
1068 Portions of this document came from FreeBSD.
1070 This manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP