"Fossies" - the Fresh Open Source Software Archive

Member "ntp-4.2.8p15/util/ntp-keygen.1ntp-keygenmdoc" (23 Jun 2020, 40517 Bytes) of package /linux/misc/ntp-4.2.8p15.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ntp-keygen.1ntp-keygenmdoc": 4.2.8p14_vs_4.2.8p15.

    1 .Dd June 23 2020
    2 .Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
    3 .Os
    4 .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
    5 .\"
    6 .\"  It has been AutoGen-ed  June 23, 2020 at 02:21:05 AM by AutoGen 5.18.5
    7 .\"  From the definitions    ntp-keygen-opts.def
    8 .\"  and the template file   agmdoc-cmd.tpl
    9 .Sh NAME
   10 .Nm ntp-keygen
   11 .Nd Create a NTP host key
   12 .Sh SYNOPSIS
   13 .Nm
   14 .\" Mixture of short (flag) options and long options
   15 .Op Fl flags
   16 .Op Fl flag Op Ar value
   17 .Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
   18 .Pp
   19 All arguments must be options.
   20 .Pp
   22 This program generates cryptographic data files used by the NTPv4
   23 authentication and identification schemes.
   24 It can generate message digest keys used in symmetric key cryptography and,
   25 if the OpenSSL software library has been installed, it can generate host keys,
   26 signing keys, certificates, and identity keys and parameters used in Autokey
   27 public key cryptography.
   28 These files are used for cookie encryption,
   29 digital signature, and challenge/response identification algorithms
   30 compatible with the Internet standard security infrastructure.
   31 .Pp
   32 The message digest symmetric keys file is generated in a format
   33 compatible with NTPv3.
   34 All other files are in PEM\-encoded printable ASCII format,
   35 so they can be embedded as MIME attachments in email to other sites
   36 and certificate authorities.
   37 By default, files are not encrypted.
   38 .Pp
   39 When used to generate message digest symmetric keys, the program
   40 produces a file containing ten pseudo\-random printable ASCII strings
   41 suitable for the MD5 message digest algorithm included in the
   42 distribution.
   43 If the OpenSSL library is installed, it produces an additional ten
   44 hex\-encoded random bit strings suitable for SHA1, AES\-128\-CMAC, and
   45 other message digest algorithms.
   46 The message digest symmetric keys file must be distributed and stored
   47 using secure means beyond the scope of NTP itself.
   48 Besides the keys used for ordinary NTP associations, additional keys
   49 can be defined as passwords for the
   50 .Xr ntpq 1ntpqmdoc
   51 and
   52 .Xr ntpdc 1ntpdcmdoc
   53 utility programs.
   54 .Pp
   55 The remaining generated files are compatible with other OpenSSL
   56 applications and other Public Key Infrastructure (PKI) resources.
   57 Certificates generated by this program are compatible with extant
   58 industry practice, although some users might find the interpretation of
   59 X509v3 extension fields somewhat liberal.
   60 However, the identity keys are probably not compatible with anything
   61 other than Autokey.
   62 .Pp
   63 Some files used by this program are encrypted using a private password.
   64 The
   65 .Fl p
   66 option specifies the read password for local encrypted files and the
   67 .Fl q
   68 option the write password for encrypted files sent to remote sites.
   69 If no password is specified, the host name returned by the Unix
   70 .Xr hostname 1
   71 command, normally the DNS name of the host, is used as the the default read
   72 password, for convenience.
   73 The
   74 .Nm
   75 program prompts for the password if it reads an encrypted file
   76 and the password is missing or incorrect.
   77 If an encrypted file is read successfully and
   78 no write password is specified, the read password is used
   79 as the write password by default.
   80 .Pp
   81 The
   82 .Cm pw
   83 option of the
   84 .Ic crypto
   85 .Xr ntpd 1ntpdmdoc
   86 configuration command specifies the read
   87 password for previously encrypted local files.
   88 This must match the local read password used by this program.
   89 If not specified, the host name is used.
   90 Thus, if files are generated by this program without an explicit password,
   91 they can be read back by
   92 .Xr ntpd 1ntpdmdoc
   93 without specifying an explicit password but only on the same host.
   94 If the write password used for encryption is specified as the host name,
   95 these files can be read by that host with no explicit password.
   96 .Pp
   97 Normally, encrypted files for each host are generated by that host and
   98 used only by that host, although exceptions exist as noted later on
   99 this page.
  100 The symmetric keys file, normally called
  101 .Pa ntp.keys ,
  102 is usually installed in
  103 .Pa /etc .
  104 Other files and links are usually installed in
  105 .Pa /usr/local/etc ,
  106 which is normally in a shared filesystem in
  107 NFS\-mounted networks and cannot be changed by shared clients.
  108 In these cases, NFS clients can specify the files in another
  109 directory such as
  110 .Pa /etc
  111 using the
  112 .Ic keysdir
  113 .Xr ntpd 1ntpdmdoc
  114 configuration file command.
  115 .Pp
  116 This program directs commentary and error messages to the standard
  117 error stream
  118 .Pa stderr
  119 and remote files to the standard output stream
  120 .Pa stdout
  121 where they can be piped to other applications or redirected to files.
  122 The names used for generated files and links all begin with the
  123 string
  124 .Pa ntpkey\&*
  125 and include the file type, generating host and filestamp,
  126 as described in the
  127 .Sx "Cryptographic Data Files"
  128 section below.
  129 .Ss Running the Program
  130 The safest way to run the
  131 .Nm
  132 program is logged in directly as root.
  133 The recommended procedure is change to the
  134 .Ar keys
  135 directory, usually
  136 .Pa /usr/local/etc ,
  137 then run the program.
  138 .Pp
  139 To test and gain experience with Autokey concepts, log in as root and
  140 change to the
  141 .Ar keys
  142 directory, usually
  143 .Pa /usr/local/etc .
  144 When run for the first time, or if all files with names beginning with
  145 .Pa ntpkey\&*
  146 have been removed, use the
  147 .Nm
  148 command without arguments to generate a default
  149 .Cm RSA
  150 host key and matching
  151 .Cm RSA\-MD5
  152 certificate file with expiration date one year hence,
  153 which is all that is necessary in many cases.
  154 The program also generates soft links from the generic names
  155 to the respective files.
  156 If run again without options, the program uses the
  157 existing keys and parameters and generates a new certificate file with
  158 new expiration date one year hence, and soft link.
  159 .Pp
  160 The host key is used to encrypt the cookie when required and so must be
  161 .Cm RSA
  162 type.
  163 By default, the host key is also the sign key used to encrypt signatures.
  164 When necessary, a different sign key can be specified and this can be
  165 either
  166 .Cm RSA
  167 or
  168 .Cm DSA
  169 type.
  170 By default, the message digest type is
  171 .Cm MD5 ,
  172 but any combination
  173 of sign key type and message digest type supported by the OpenSSL library
  174 can be specified, including those using the
  175 .Cm AES128CMAC , MD2 , MD5 , MDC2 , SHA , SHA1
  176 and
  177 .Cm RIPE160
  178 message digest algorithms.
  179 However, the scheme specified in the certificate must be compatible
  180 with the sign key.
  181 Certificates using any digest algorithm are compatible with
  182 .Cm RSA
  183 sign keys;
  184 however, only
  185 .Cm SHA
  186 and
  187 .Cm SHA1
  188 certificates are compatible with
  189 .Cm DSA
  190 sign keys.
  191 .Pp
  192 Private/public key files and certificates are compatible with
  193 other OpenSSL applications and very likely other libraries as well.
  194 Certificates or certificate requests derived from them should be compatible
  195 with extant industry practice, although some users might find
  196 the interpretation of X509v3 extension fields somewhat liberal.
  197 However, the identification parameter files, although encoded
  198 as the other files, are probably not compatible with anything other than Autokey.
  199 .Pp
  200 Running the program as other than root and using the Unix
  201 .Xr su 1
  202 command
  203 to assume root may not work properly, since by default the OpenSSL library
  204 looks for the random seed file
  205 .Pa .rnd
  206 in the user home directory.
  207 However, there should be only one
  208 .Pa .rnd ,
  209 most conveniently
  210 in the root directory, so it is convenient to define the
  211 .Ev RANDFILE
  212 environment variable used by the OpenSSL library as the path to
  213 .Pa .rnd .
  214 .Pp
  215 Installing the keys as root might not work in NFS\-mounted
  216 shared file systems, as NFS clients may not be able to write
  217 to the shared keys directory, even as root.
  218 In this case, NFS clients can specify the files in another
  219 directory such as
  220 .Pa /etc
  221 using the
  222 .Ic keysdir
  223 .Xr ntpd 1ntpdmdoc
  224 configuration file command.
  225 There is no need for one client to read the keys and certificates
  226 of other clients or servers, as these data are obtained automatically
  227 by the Autokey protocol.
  228 .Pp
  229 Ordinarily, cryptographic files are generated by the host that uses them,
  230 but it is possible for a trusted agent (TA) to generate these files
  231 for other hosts; however, in such cases files should always be encrypted.
  232 The subject name and trusted name default to the hostname
  233 of the host generating the files, but can be changed by command line options.
  234 It is convenient to designate the owner name and trusted name
  235 as the subject and issuer fields, respectively, of the certificate.
  236 The owner name is also used for the host and sign key files,
  237 while the trusted name is used for the identity files.
  238 .Pp
  239 All files are installed by default in the keys directory
  240 .Pa /usr/local/etc ,
  241 which is normally in a shared filesystem
  242 in NFS\-mounted networks.
  243 The actual location of the keys directory
  244 and each file can be overridden by configuration commands,
  245 but this is not recommended.
  246 Normally, the files for each host are generated by that host
  247 and used only by that host, although exceptions exist
  248 as noted later on this page.
  249 .Pp
  250 Normally, files containing private values,
  251 including the host key, sign key and identification parameters,
  252 are permitted root read/write\-only;
  253 while others containing public values are permitted world readable.
  254 Alternatively, files containing private values can be encrypted
  255 and these files permitted world readable,
  256 which simplifies maintenance in shared file systems.
  257 Since uniqueness is insured by the
  258 .Ar hostname
  259 and
  260 .Ar filestamp
  261 file name extensions, the files for an NTP server and
  262 dependent clients can all be installed in the same shared directory.
  263 .Pp
  264 The recommended practice is to keep the file name extensions
  265 when installing a file and to install a soft link
  266 from the generic names specified elsewhere on this page
  267 to the generated files.
  268 This allows new file generations to be activated simply
  269 by changing the link.
  270 If a link is present,
  271 .Xr ntpd 1ntpdmdoc
  272 follows it to the file name to extract the
  273 .Ar filestamp .
  274 If a link is not present,
  275 .Xr ntpd 1ntpdmdoc
  276 extracts the
  277 .Ar filestamp
  278 from the file itself.
  279 This allows clients to verify that the file and generation times
  280 are always current.
  281 The
  282 .Nm
  283 program uses the same
  284 .Ar filestamp
  285 extension for all files generated
  286 at one time, so each generation is distinct and can be readily
  287 recognized in monitoring data.
  288 .Pp
  289 Run the command on as many hosts as necessary.
  290 Designate one of them as the trusted host (TH) using
  291 .Nm
  292 with the
  293 .Fl T
  294 option and configure it to synchronize from reliable Internet servers.
  295 Then configure the other hosts to synchronize to the TH directly or
  296 indirectly.
  297 A certificate trail is created when Autokey asks the immediately
  298 ascendant host towards the TH to sign its certificate, which is then
  299 provided to the immediately descendant host on request.
  300 All group hosts should have acyclic certificate trails ending on the TH.
  301 .Pp
  302 The host key is used to encrypt the cookie when required and so must be
  303 RSA type.
  304 By default, the host key is also the sign key used to encrypt
  305 signatures.
  306 A different sign key can be assigned using the
  307 .Fl S
  308 option and this can be either
  309 .Cm RSA
  310 or
  311 .Cm DSA
  312 type.
  313 By default, the signature
  314 message digest type is
  315 .Cm MD5 ,
  316 but any combination of sign key type and
  317 message digest type supported by the OpenSSL library can be specified
  318 using the
  319 .Fl c
  320 option.
  321 .Pp
  322 The rules say cryptographic media should be generated with proventic
  323 filestamps, which means the host should already be synchronized before
  324 this program is run.
  325 This of course creates a chicken\-and\-egg problem
  326 when the host is started for the first time.
  327 Accordingly, the host time
  328 should be set by some other means, such as eyeball\-and\-wristwatch, at
  329 least so that the certificate lifetime is within the current year.
  330 After that and when the host is synchronized to a proventic source, the
  331 certificate should be re\-generated.
  332 .Pp
  333 Additional information on trusted groups and identity schemes is on the
  334 .Dq Autokey Public\-Key Authentication
  335 page.
  336 .Pp
  337 File names begin with the prefix
  338 .Pa ntpkey Ns _
  339 and end with the suffix
  340 .Pa _ Ns Ar hostname . Ar filestamp ,
  341 where
  342 .Ar hostname
  343 is the owner name, usually the string returned
  344 by the Unix
  345 .Xr hostname 1
  346 command, and
  347 .Ar filestamp
  348 is the NTP seconds when the file was generated, in decimal digits.
  349 This both guarantees uniqueness and simplifies maintenance
  350 procedures, since all files can be quickly removed
  351 by a
  352 .Ic rm Pa ntpkey\&*
  353 command or all files generated
  354 at a specific time can be removed by a
  355 .Ic rm Pa \&* Ns Ar filestamp
  356 command.
  357 To further reduce the risk of misconfiguration,
  358 the first two lines of a file contain the file name
  359 and generation date and time as comments.
  360 .Ss Trusted Hosts and Groups
  361 Each cryptographic configuration involves selection of a signature scheme
  362 and identification scheme, called a cryptotype,
  363 as explained in the
  364 .Sx Authentication Options
  365 section of
  366 .Xr ntp.conf 5 .
  367 The default cryptotype uses
  368 .Cm RSA
  369 encryption,
  370 .Cm MD5
  371 message digest
  372 and
  373 .Cm TC
  374 identification.
  375 First, configure a NTP subnet including one or more low\-stratum
  376 trusted hosts from which all other hosts derive synchronization
  377 directly or indirectly.
  378 Trusted hosts have trusted certificates;
  379 all other hosts have nontrusted certificates.
  380 These hosts will automatically and dynamically build authoritative
  381 certificate trails to one or more trusted hosts.
  382 A trusted group is the set of all hosts that have, directly or indirectly,
  383 a certificate trail ending at a trusted host.
  384 The trail is defined by static configuration file entries
  385 or dynamic means described on the
  386 .Sx Automatic NTP Configuration Options
  387 section of
  388 .Xr ntp.conf 5 .
  389 .Pp
  390 On each trusted host as root, change to the keys directory.
  391 To insure a fresh fileset, remove all
  392 .Pa ntpkey
  393 files.
  394 Then run
  395 .Nm
  396 .Fl T
  397 to generate keys and a trusted certificate.
  398 On all other hosts do the same, but leave off the
  399 .Fl T
  400 flag to generate keys and nontrusted certificates.
  401 When complete, start the NTP daemons beginning at the lowest stratum
  402 and working up the tree.
  403 It may take some time for Autokey to instantiate the certificate trails
  404 throughout the subnet, but setting up the environment is completely automatic.
  405 .Pp
  406 If it is necessary to use a different sign key or different digest/signature
  407 scheme than the default, run
  408 .Nm
  409 with the
  410 .Fl S Ar type
  411 option, where
  412 .Ar type
  413 is either
  414 .Cm RSA
  415 or
  416 .Cm DSA .
  417 The most frequent need to do this is when a
  418 .Cm DSA Ns \-signed
  419 certificate is used.
  420 If it is necessary to use a different certificate scheme than the default,
  421 run
  422 .Nm
  423 with the
  424 .Fl c Ar scheme
  425 option and selected
  426 .Ar scheme
  427 as needed.
  428 If
  429 .Nm
  430 is run again without these options, it generates a new certificate
  431 using the same scheme and sign key, and soft link.
  432 .Pp
  433 After setting up the environment it is advisable to update certificates
  434 from time to time, if only to extend the validity interval.
  435 Simply run
  436 .Nm
  437 with the same flags as before to generate new certificates
  438 using existing keys, and soft links.
  439 However, if the host or sign key is changed,
  440 .Xr ntpd 1ntpdmdoc
  441 should be restarted.
  442 When
  443 .Xr ntpd 1ntpdmdoc
  444 is restarted, it loads any new files and restarts the protocol.
  445 Other dependent hosts will continue as usual until signatures are refreshed,
  446 at which time the protocol is restarted.
  447 .Ss Identity Schemes
  448 As mentioned on the Autonomous Authentication page,
  449 the default
  450 .Cm TC
  451 identity scheme is vulnerable to a middleman attack.
  452 However, there are more secure identity schemes available,
  453 including
  454 .Cm PC , IFF , GQ
  455 and
  456 .Cm MV
  457 schemes described below.
  458 These schemes are based on a TA, one or more trusted hosts
  459 and some number of nontrusted hosts.
  460 Trusted hosts prove identity using values provided by the TA,
  461 while the remaining hosts prove identity using values provided
  462 by a trusted host and certificate trails that end on that host.
  463 The name of a trusted host is also the name of its sugroup
  464 and also the subject and issuer name on its trusted certificate.
  465 The TA is not necessarily a trusted host in this sense, but often is.
  466 .Pp
  467 In some schemes there are separate keys for servers and clients.
  468 A server can also be a client of another server,
  469 but a client can never be a server for another client.
  470 In general, trusted hosts and nontrusted hosts that operate
  471 as both server and client have parameter files that contain
  472 both server and client keys.
  473 Hosts that operate
  474 only as clients have key files that contain only client keys.
  475 .Pp
  476 The PC scheme supports only one trusted host in the group.
  477 On trusted host alice run
  478 .Nm
  479 .Fl P
  480 .Fl p Ar password
  481 to generate the host key file
  482 .Pa ntpkey Ns _ Cm RSA Pa key_alice. Ar filestamp
  483 and trusted private certificate file
  484 .Pa ntpkey Ns _ Cm RSA\-MD5 _ Pa cert_alice. Ar filestamp ,
  485 and soft links.
  486 Copy both files to all group hosts;
  487 they replace the files which would be generated in other schemes.
  488 On each host
  489 .Ar bob
  490 install a soft link from the generic name
  491 .Pa ntpkey_host_ Ns Ar bob
  492 to the host key file and soft link
  493 .Pa ntpkey_cert_ Ns Ar bob
  494 to the private certificate file.
  495 Note the generic links are on bob, but point to files generated
  496 by trusted host alice.
  497 In this scheme it is not possible to refresh
  498 either the keys or certificates without copying them
  499 to all other hosts in the group, and recreating the soft links.
  500 .Pp
  501 For the
  502 .Cm IFF
  503 scheme proceed as in the
  504 .Cm TC
  505 scheme to generate keys
  506 and certificates for all group hosts, then for every trusted host in the group,
  507 generate the
  508 .Cm IFF
  509 parameter file.
  510 On trusted host alice run
  511 .Nm
  512 .Fl T
  513 .Fl I
  514 .Fl p Ar password
  515 to produce her parameter file
  516 .Pa ntpkey_IFFpar_alice. Ns Ar filestamp ,
  517 which includes both server and client keys.
  518 Copy this file to all group hosts that operate as both servers
  519 and clients and install a soft link from the generic
  520 .Pa ntpkey_iff_alice
  521 to this file.
  522 If there are no hosts restricted to operate only as clients,
  523 there is nothing further to do.
  524 As the
  525 .Cm IFF
  526 scheme is independent
  527 of keys and certificates, these files can be refreshed as needed.
  528 .Pp
  529 If a rogue client has the parameter file, it could masquerade
  530 as a legitimate server and present a middleman threat.
  531 To eliminate this threat, the client keys can be extracted
  532 from the parameter file and distributed to all restricted clients.
  533 After generating the parameter file, on alice run
  534 .Nm
  535 .Fl e
  536 and pipe the output to a file or email program.
  537 Copy or email this file to all restricted clients.
  538 On these clients install a soft link from the generic
  539 .Pa ntpkey_iff_alice
  540 to this file.
  541 To further protect the integrity of the keys,
  542 each file can be encrypted with a secret password.
  543 .Pp
  544 For the
  545 .Cm GQ
  546 scheme proceed as in the
  547 .Cm TC
  548 scheme to generate keys
  549 and certificates for all group hosts, then for every trusted host
  550 in the group, generate the
  551 .Cm IFF
  552 parameter file.
  553 On trusted host alice run
  554 .Nm
  555 .Fl T
  556 .Fl G
  557 .Fl p Ar password
  558 to produce her parameter file
  559 .Pa ntpkey_GQpar_alice. Ns Ar filestamp ,
  560 which includes both server and client keys.
  561 Copy this file to all group hosts and install a soft link
  562 from the generic
  563 .Pa ntpkey_gq_alice
  564 to this file.
  565 In addition, on each host
  566 .Ar bob
  567 install a soft link
  568 from generic
  569 .Pa ntpkey_gq_ Ns Ar bob
  570 to this file.
  571 As the
  572 .Cm GQ
  573 scheme updates the
  574 .Cm GQ
  575 parameters file and certificate
  576 at the same time, keys and certificates can be regenerated as needed.
  577 .Pp
  578 For the
  579 .Cm MV
  580 scheme, proceed as in the
  581 .Cm TC
  582 scheme to generate keys
  583 and certificates for all group hosts.
  584 For illustration assume trish is the TA, alice one of several trusted hosts
  585 and bob one of her clients.
  586 On TA trish run
  587 .Nm
  588 .Fl V Ar n
  589 .Fl p Ar password ,
  590 where
  591 .Ar n
  592 is the number of revokable keys (typically 5) to produce
  593 the parameter file
  594 .Pa ntpkeys_MVpar_trish. Ns Ar filestamp
  595 and client key files
  596 .Pa ntpkeys_MVkey Ns Ar d _ Pa trish. Ar filestamp
  597 where
  598 .Ar d
  599 is the key number (0 \&<
  600 .Ar d
  601 \&<
  602 .Ar n ) .
  603 Copy the parameter file to alice and install a soft link
  604 from the generic
  605 .Pa ntpkey_mv_alice
  606 to this file.
  607 Copy one of the client key files to alice for later distribution
  608 to her clients.
  609 It does not matter which client key file goes to alice,
  610 since they all work the same way.
  611 Alice copies the client key file to all of her clients.
  612 On client bob install a soft link from generic
  613 .Pa ntpkey_mvkey_bob
  614 to the client key file.
  615 As the
  616 .Cm MV
  617 scheme is independent of keys and certificates,
  618 these files can be refreshed as needed.
  619 .Ss Command Line Options
  620 .Bl -tag -width indent
  621 .It Fl b Fl \-imbits Ns = Ar modulus
  622 Set the number of bits in the identity modulus for generating identity keys to
  623 .Ar modulus
  624 bits.
  625 The number of bits in the identity modulus defaults to 256, but can be set to
  626 values from 256 to 2048 (32 to 256 octets).
  627 Use the larger moduli with caution, as this can consume considerable computing
  628 resources and increases the size of authenticated packets.
  629 .It Fl c Fl \-certificate Ns = Ar scheme
  630 Select certificate signature encryption/message digest scheme.
  631 The
  632 .Ar scheme
  633 can be one of the following:
  634 .Cm RSA\-MD2 , RSA\-MD5 , RSA\-MDC2 , RSA\-SHA , RSA\-SHA1 , RSA\-RIPEMD160 , DSA\-SHA ,
  635 or
  636 .Cm DSA\-SHA1 .
  637 Note that
  638 .Cm RSA
  639 schemes must be used with an
  640 .Cm RSA
  641 sign key and
  642 .Cm DSA
  643 schemes must be used with a
  644 .Cm DSA
  645 sign key.
  646 The default without this option is
  647 .Cm RSA\-MD5 .
  648 If compatibility with FIPS 140\-2 is required, either the
  649 .Cm DSA\-SHA
  650 or
  651 .Cm DSA\-SHA1
  652 scheme must be used.
  653 .It Fl C Fl \-cipher Ns = Ar cipher
  654 Select the OpenSSL cipher to encrypt the files containing private keys.
  655 The default without this option is three\-key triple DES in CBC mode,
  656 .Cm des\-ede3\-cbc .
  657 The
  658 .Ic openssl Fl h
  659 command provided with OpenSSL displays available ciphers.
  660 .It Fl d Fl \-debug\-level
  661 Increase debugging verbosity level.
  662 This option displays the cryptographic data produced in eye\-friendly billboards.
  663 .It Fl D Fl \-set\-debug\-level Ns = Ar level
  664 Set the debugging verbosity to
  665 .Ar level .
  666 This option displays the cryptographic data produced in eye\-friendly billboards.
  667 .It Fl e Fl \-id\-key
  668 Write the
  669 .Cm IFF
  670 or
  671 .Cm GQ
  672 public parameters from the
  673 .Ar IFFkey or GQkey
  674 client keys file previously specified
  675 as unencrypted data to the standard output stream
  676 .Pa stdout .
  677 This is intended for automatic key distribution by email.
  678 .It Fl G Fl \-gq\-params
  679 Generate a new encrypted
  680 .Cm GQ
  681 parameters and key file for the Guillou\-Quisquater (GQ) identity scheme.
  682 This option is mutually exclusive with the
  683 .Fl I
  684 and
  685 .Fl V
  686 options.
  687 .It Fl H Fl \-host\-key
  688 Generate a new encrypted
  689 .Cm RSA
  690 public/private host key file.
  691 .It Fl I Fl \-iffkey
  692 Generate a new encrypted
  693 .Cm IFF
  694 key file for the Schnorr (IFF) identity scheme.
  695 This option is mutually exclusive with the
  696 .Fl G
  697 and
  698 Fl V
  699 options.
  700 .It Fl i Fl \-ident Ns = Ar group
  701 Set the optional Autokey group name to
  702 .Ar group .
  703 This is used in the identity scheme parameter file names of
  704 .Cm IFF , GQ ,
  705 and
  706 .Cm MV
  707 client parameters files.
  708 In that role, the default is the host name if no group is provided.
  709 The group name, if specified using
  710 .Fl i
  711 or
  712 .Fl s
  713 following an
  714 .Ql @
  715 character, is also used in certificate subject and issuer names in the form
  716 .Ar host @ group
  717 and should match the group specified via
  718 .Ic crypto Cm ident
  719 or
  720 .Ic server Cm ident
  721 in the ntpd configuration file.
  722 .It Fl l Fl \-lifetime Ns = Ar days
  723 Set the lifetime for certificate expiration to
  724 .Ar days .
  725 The default lifetime is one year (365 days).
  726 .It Fl m Fl \-modulus Ns = Ar bits
  727 Set the number of bits in the prime modulus for generating files to
  728 .Ar bits .
  729 The modulus defaults to 512, but can be set from 256 to 2048 (32 to 256 octets).
  730 Use the larger moduli with caution, as this can consume considerable computing
  731 resources and increases the size of authenticated packets.
  732 .It Fl M Fl \-md5key
  733 Generate a new symmetric keys file containing 10
  734 .Cm MD5
  735 keys, and if OpenSSL is available, 10
  736 .Cm SHA
  737 keys.
  738 An
  739 .Cm MD5
  740 key is a string of 20 random printable ASCII characters, while a
  741 .Cm SHA
  742 key is a string of 40 random hex digits.
  743 The file can be edited using a text editor to change the key type or key content.
  744 This option is mutually exclusive with all other options.
  745 .It Fl p Fl \-password Ns = Ar passwd
  746 Set the password for reading and writing encrypted files to
  747 .Ar passwd .
  748 These include the host, sign and identify key files.
  749 By default, the password is the string returned by the Unix
  750 .Ic hostname
  751 command.
  752 .It Fl P Fl \-pvt\-cert
  753 Generate a new private certificate used by the
  754 .Cm PC
  755 identity scheme.
  756 By default, the program generates public certificates.
  757 Note: the PC identity scheme is not recommended for new installations.
  758 .It Fl q Fl \-export\-passwd Ns = Ar passwd
  759 Set the password for writing encrypted
  760 .Cm IFF , GQ and MV
  761 identity files redirected to
  762 .Pa stdout
  763 to
  764 .Ar passwd .
  765 In effect, these files are decrypted with the
  766 .Fl p
  767 password, then encrypted with the
  768 .Fl q
  769 password.
  770 By default, the password is the string returned by the Unix
  771 .Ic hostname
  772 command.
  773 .It Fl s Fl \-subject\-key Ns = Ar Oo host Oc Op @ Ar group
  774 Specify the Autokey host name, where
  775 .Ar host
  776 is the optional host name and
  777 .Ar group
  778 is the optional group name.
  779 The host name, and if provided, group name are used in
  780 .Ar host @ group
  781 form as certificate subject and issuer.
  782 Specifying
  783 .Fl s @ Ar group
  784 is allowed, and results in leaving the host name unchanged, as with
  785 .Fl i Ar group .
  786 The group name, or if no group is provided, the host name are also used in the
  787 file names of
  788 .Cm IFF , GQ ,
  789 and
  790 .Cm MV
  791 identity scheme client parameter files.
  792 If
  793 .Ar host
  794 is not specified, the default host name is the string returned by the Unix
  795 .Ic hostname
  796 command.
  797 .It Fl S Fl \-sign\-key Ns = Op Cm RSA | DSA
  798 Generate a new encrypted public/private sign key file of the specified type.
  799 By default, the sign key is the host key and has the same type.
  800 If compatibility with FIPS 140\-2 is required, the sign key type must be
  801 .Cm DSA .
  802 .It Fl T Fl \-trusted\-cert
  803 Generate a trusted certificate.
  804 By default, the program generates a non\-trusted certificate.
  805 .It Fl V Fl \-mv\-params Ar nkeys
  806 Generate
  807 .Ar nkeys
  808 encrypted server keys and parameters for the Mu\-Varadharajan (MV)
  809 identity scheme.
  810 This option is mutually exclusive with the
  811 .Fl I
  812 and
  813 .Fl G
  814 options.
  815 Note: support for this option should be considered a work in progress.
  816 .El
  817 .Ss Random Seed File
  818 All cryptographically sound key generation schemes must have means
  819 to randomize the entropy seed used to initialize
  820 the internal pseudo\-random number generator used
  821 by the library routines.
  822 The OpenSSL library uses a designated random seed file for this purpose.
  823 The file must be available when starting the NTP daemon and
  824 .Nm
  825 program.
  826 If a site supports OpenSSL or its companion OpenSSH,
  827 it is very likely that means to do this are already available.
  828 .Pp
  829 It is important to understand that entropy must be evolved
  830 for each generation, for otherwise the random number sequence
  831 would be predictable.
  832 Various means dependent on external events, such as keystroke intervals,
  833 can be used to do this and some systems have built\-in entropy sources.
  834 Suitable means are described in the OpenSSL software documentation,
  835 but are outside the scope of this page.
  836 .Pp
  837 The entropy seed used by the OpenSSL library is contained in a file,
  838 usually called
  839 .Pa .rnd ,
  840 which must be available when starting the NTP daemon
  841 or the
  842 .Nm
  843 program.
  844 The NTP daemon will first look for the file
  845 using the path specified by the
  846 .Cm randfile
  847 subcommand of the
  848 .Ic crypto
  849 configuration command.
  850 If not specified in this way, or when starting the
  851 .Nm
  852 program,
  853 the OpenSSL library will look for the file using the path specified
  854 by the
  855 .Ev RANDFILE
  856 environment variable in the user home directory,
  857 whether root or some other user.
  858 If the
  859 .Ev RANDFILE
  860 environment variable is not present,
  861 the library will look for the
  862 .Pa .rnd
  863 file in the user home directory.
  864 Since both the
  865 .Nm
  866 program and
  867 .Xr ntpd 1ntpdmdoc
  868 daemon must run as root, the logical place to put this file is in
  869 .Pa /.rnd
  870 or
  871 .Pa /root/.rnd .
  872 If the file is not available or cannot be written,
  873 the daemon exits with a message to the system log and the program
  874 exits with a suitable error message.
  875 .Ss Cryptographic Data Files
  876 All file formats begin with two nonencrypted lines.
  877 The first line contains the file name, including the generated host name
  878 and filestamp, in the format
  879 .Pa ntpkey_ Ns Ar key _ Ar name . Ar filestamp ,
  880 where
  881 .Ar key
  882 is the key or parameter type,
  883 .Ar name
  884 is the host or group name and
  885 .Ar filestamp
  886 is the filestamp (NTP seconds) when the file was created.
  887 By convention,
  888 .Ar key
  889 names in generated file names include both upper and lower case
  890 characters, while
  891 .Ar key
  892 names in generated link names include only lower case characters.
  893 The filestamp is not used in generated link names.
  894 The second line contains the datestamp in conventional Unix
  895 .Pa date
  896 format.
  897 Lines beginning with
  898 .Ql #
  899 are considered comments and ignored by the
  900 .Nm
  901 program and
  902 .Xr ntpd 1ntpdmdoc
  903 daemon.
  904 .Pp
  905 The remainder of the file contains cryptographic data, encoded first using ASN.1
  906 rules, then encrypted if necessary, and finally written in PEM\-encoded
  907 printable ASCII text, preceded and followed by MIME content identifier lines.
  908 .Pp
  909 The format of the symmetric keys file, ordinarily named
  910 .Pa ntp.keys ,
  911 is somewhat different than the other files in the interest of backward compatibility.
  912 Ordinarily, the file is generated by this program, but it can be constructed
  913 and edited using an ordinary text editor.
  914 .Bd -literal -unfilled -offset center
  915 # ntpkey_MD5key_bk.ntp.org.3595864945
  916 # Thu Dec 12 19:22:25 2013
  917 1  MD5 L";Nw<\`.I<f4U0)247"i  # MD5 key
  918 2  MD5 &>l0%XXK9O'51VwV<xq~  # MD5 key
  919 3  MD5 lb4zLW~d^!K:]RsD'qb6  # MD5 key
  920 4  MD5 Yue:tL[+vR)M\`n~bY,'?  # MD5 key
  921 5  MD5 B;fx'Kgr/&4ZTbL6=RxA  # MD5 key
  922 6  MD5 4eYwa\`o}3i@@V@..R9!l  # MD5 key
  923 7  MD5 \`A.([h+;wTQ|xfi%Sn_!  # MD5 key
  924 8  MD5 45:V,r4]l6y^JH6"Sh?F  # MD5 key
  925 9  MD5 3\-5vcn*6l29DS?Xdsg)*  # MD5 key
  926 10 MD5 2late4Me              # MD5 key
  927 11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c  # SHA1 key
  928 12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74  # SHA1 key
  929 13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9  # SHA1 key
  930 14 SHA  a5332809c8878dd3a5b918819108a111509aeceb  # SHA  key
  931 15 MD2  2fe16c88c760ff2f16d4267e36c1aa6c926e6964  # MD2  key
  932 16 MD4  b2691811dc19cfc0e2f9bcacd74213f29812183d  # MD4  key
  933 17 MD5  e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c  # MD5  key
  934 18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc  # MDC2 key
  935 19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2  # RIPEMD160 key
  936 20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878  # AES128CMAC key
  937 .Ed
  938 .D1 Figure 1. Typical Symmetric Key File
  939 .Pp
  940 Figure 1 shows a typical symmetric keys file used by the reference
  941 implementation.
  942 Following the header the keys are entered one per line in the format
  943 .D1 Ar keyno Ar type Ar key
  944 where
  945 .Ar keyno
  946 is a positive integer in the range 1\-65535;
  947 .Ar type
  948 is the key type for the message digest algorithm, which in the absence of the
  949 OpenSSL library must be
  950 .Cm MD5
  951 to designate the MD5 message digest algorithm;
  952 if the OpenSSL library is installed, the key type can be any
  953 message digest algorithm supported by that library;
  954 however, if compatibility with FIPS 140\-2 is required,
  955 the key type must be either
  956 .Cm SHA
  957 or
  958 .Cm SHA1 ;
  959 .Ar key
  960 is the key itself,
  961 which is a printable ASCII string 20 characters or less in length:
  962 each character is chosen from the 93 printable characters
  963 in the range 0x21 through 0x7e (
  964 .Ql !
  965 through
  966 .Ql ~
  967 \&) excluding space and the
  968 .Ql #
  969 character, and terminated by whitespace or a
  970 .Ql #
  971 character.
  972 An OpenSSL key consists of a hex\-encoded ASCII string of 40 characters, which
  973 is truncated as necessary.
  974 .Pp
  975 Note that the keys used by the
  976 .Xr ntpq 1ntpqmdoc
  977 and
  978 .Xr ntpdc 1ntpdcmdoc
  979 programs
  980 are checked against passwords requested by the programs
  981 and entered by hand, so it is generally appropriate to specify these keys
  982 in human readable ASCII format.
  983 .Pp
  984 The
  985 .Nm
  986 program generates a symmetric keys file
  987 .Pa ntpkey_MD5key_ Ns Ar hostname Ns . Ns Ar filestamp .
  988 Since the file contains private shared keys,
  989 it should be visible only to root and distributed by secure means
  990 to other subnet hosts.
  991 The NTP daemon loads the file
  992 .Pa ntp.keys ,
  993 so
  994 .Nm
  995 installs a soft link from this name to the generated file.
  996 Subsequently, similar soft links must be installed by manual
  997 or automated means on the other subnet hosts.
  998 While this file is not used with the Autokey Version 2 protocol,
  999 it is needed to authenticate some remote configuration commands
 1000 used by the
 1001 .Xr ntpq 1ntpqmdoc
 1002 and
 1003 .Xr ntpdc 1ntpdcmdoc
 1004 utilities.
 1005 .Sh "OPTIONS"
 1006 .Bl -tag
 1007 .It  Fl b Ar imbits , Fl \-imbits Ns = Ns Ar imbits 
 1008 identity modulus bits.
 1009 This option takes an integer number as its argument.
 1010 The value of
 1011 .Ar imbits
 1012 is constrained to being:
 1013 .in +4
 1014 .nf
 1015 .na
 1016 in the range  256 through 2048
 1017 .fi
 1018 .in -4
 1019 .sp
 1020 The number of bits in the identity modulus.  The default is 256.
 1021 .It  Fl c Ar scheme , Fl \-certificate Ns = Ns Ar scheme 
 1022 certificate scheme.
 1023 .sp
 1024 scheme is one of
 1026 DSA\-SHA, or DSA\-SHA1.
 1027 .sp
 1028 Select the certificate signature encryption/message digest scheme.
 1029 Note that RSA schemes must be used with a RSA sign key and DSA
 1030 schemes must be used with a DSA sign key.  The default without
 1031 this option is RSA\-MD5.
 1032 .It  Fl C Ar cipher , Fl \-cipher Ns = Ns Ar cipher 
 1033 privatekey cipher.
 1034 .sp
 1035 Select the cipher which is used to encrypt the files containing
 1036 private keys.  The default is three\-key triple DES in CBC mode,
 1037 equivalent to "\fB\-C des\-ede3\-cbc\fP".  The openssl tool lists ciphers
 1038 available in "\fBopenssl \-h\fP" output.
 1039 .It  Fl d , Fl \-debug\-level 
 1040 Increase debug verbosity level.
 1041 This option may appear an unlimited number of times.
 1042 .sp
 1043 .It  Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number 
 1044 Set the debug verbosity level.
 1045 This option may appear an unlimited number of times.
 1046 This option takes an integer number as its argument.
 1047 .sp
 1048 .It  Fl e , Fl \-id\-key 
 1049 Write IFF or GQ identity keys.
 1050 .sp
 1051 Write the public parameters from the IFF or GQ client keys to
 1052 the standard output.
 1053 This is intended for automatic key distribution by email.
 1054 .It  Fl G , Fl \-gq\-params 
 1055 Generate GQ parameters and keys.
 1056 .sp
 1057 Generate parameters and keys for the GQ identification scheme,
 1058 obsoleting any that may exist.
 1059 .It  Fl H , Fl \-host\-key 
 1060 generate RSA host key.
 1061 .sp
 1062 Generate new host keys, obsoleting any that may exist.
 1063 .It  Fl I , Fl \-iffkey 
 1064 generate IFF parameters.
 1065 .sp
 1066 Generate parameters for the IFF identification scheme, obsoleting
 1067 any that may exist.
 1068 .It  Fl i Ar group , Fl \-ident Ns = Ns Ar group 
 1069 set Autokey group name.
 1070 .sp
 1071 Set the optional Autokey group name to name.  This is used in
 1072 the file name of IFF, GQ, and MV client parameters files.  In
 1073 that role, the default is the host name if this option is not
 1074 provided.  The group name, if specified using \fB\-i/\-\-ident\fP or
 1075 using \fB\-s/\-\-subject\-name\fP following an '\fB@\fP' character,
 1076 is also a part of the self\-signed host certificate subject and
 1077 issuer names in the form \fBhost@group\fP and should match the
 1078 \'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in the
 1079 \fBntpd\fP configuration file.
 1080 .It  Fl l Ar lifetime , Fl \-lifetime Ns = Ns Ar lifetime 
 1081 set certificate lifetime.
 1082 This option takes an integer number as its argument.
 1083 .sp
 1084 Set the certificate expiration to lifetime days from now.
 1085 .It  Fl m Ar modulus , Fl \-modulus Ns = Ns Ar modulus 
 1086 prime modulus.
 1087 This option takes an integer number as its argument.
 1088 The value of
 1089 .Ar modulus
 1090 is constrained to being:
 1091 .in +4
 1092 .nf
 1093 .na
 1094 in the range  256 through 2048
 1095 .fi
 1096 .in -4
 1097 .sp
 1098 The number of bits in the prime modulus.  The default is 512.
 1099 .It  Fl M , Fl \-md5key 
 1100 generate symmetric keys.
 1101 .sp
 1102 Generate symmetric keys, obsoleting any that may exist.
 1103 .It  Fl P , Fl \-pvt\-cert 
 1104 generate PC private certificate.
 1105 .sp
 1106 Generate a private certificate.  By default, the program generates
 1107 public certificates.
 1108 .It  Fl p Ar passwd , Fl \-password Ns = Ns Ar passwd 
 1109 local private password.
 1110 .sp
 1111 Local files containing private data are encrypted with the
 1112 DES\-CBC algorithm and the specified password.  The same password
 1113 must be specified to the local ntpd via the "crypto pw password"
 1114 configuration command.  The default password is the local
 1115 hostname.
 1116 .It  Fl q Ar passwd , Fl \-export\-passwd Ns = Ns Ar passwd 
 1117 export IFF or GQ group keys with password.
 1118 .sp
 1119 Export IFF or GQ identity group keys to the standard output,
 1120 encrypted with the DES\-CBC algorithm and the specified password.
 1121 The same password must be specified to the remote ntpd via the
 1122 "crypto pw password" configuration command.  See also the option
 1123 -\-id\-key (\-e) for unencrypted exports.
 1124 .It  Fl s Ar host@group , Fl \-subject\-name Ns = Ns Ar host@group 
 1125 set host and optionally group name.
 1126 .sp
 1127 Set the Autokey host name, and optionally, group name specified
 1128 following an '\fB@\fP' character.  The host name is used in the file
 1129 name of generated host and signing certificates, without the
 1130 group name.  The host name, and if provided, group name are used
 1131 in \fBhost@group\fP form for the host certificate subject and issuer
 1132 fields.  Specifying '\fB\-s @group\fP' is allowed, and results in
 1133 leaving the host name unchanged while appending \fB@group\fP to the
 1134 subject and issuer fields, as with \fB\-i group\fP.  The group name, or
 1135 if not provided, the host name are also used in the file names
 1136 of IFF, GQ, and MV client parameter files.
 1137 .It  Fl S Ar sign , Fl \-sign\-key Ns = Ns Ar sign 
 1138 generate sign key (RSA or DSA).
 1139 .sp
 1140 Generate a new sign key of the designated type, obsoleting any
 1141 that may exist.  By default, the program uses the host key as the
 1142 sign key.
 1143 .It  Fl T , Fl \-trusted\-cert 
 1144 trusted certificate (TC scheme).
 1145 .sp
 1146 Generate a trusted certificate.  By default, the program generates
 1147 a non\-trusted certificate.
 1148 .It  Fl V Ar num , Fl \-mv\-params Ns = Ns Ar num 
 1149 generate <num> MV parameters.
 1150 This option takes an integer number as its argument.
 1151 .sp
 1152 Generate parameters and keys for the Mu\-Varadharajan (MV)
 1153 identification scheme.
 1154 .It  Fl v Ar num , Fl \-mv\-keys Ns = Ns Ar num 
 1155 update <num> MV keys.
 1156 This option takes an integer number as its argument.
 1157 .sp
 1158 This option has not been fully documented.
 1159 .It Fl \&? , Fl \-help
 1160 Display usage information and exit.
 1161 .It Fl \&! , Fl \-more\-help
 1162 Pass the extended usage information through a pager.
 1163 .It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
 1164 Save the option state to \fIcfgfile\fP.  The default is the \fIlast\fP
 1165 configuration file listed in the \fBOPTION PRESETS\fP section, below.
 1166 The command will exit after updating the config file.
 1167 .It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
 1168 Load options from \fIcfgfile\fP.
 1169 The \fIno\-load\-opts\fP form will disable the loading
 1170 of earlier config/rc/ini files.  \fI\-\-no\-load\-opts\fP is handled early,
 1171 out of order.
 1172 .It Fl \-version Op Brq Ar v|c|n
 1173 Output version of program and exit.  The default mode is `v', a simple
 1174 version.  The `c' mode will print copyright information and `n' will
 1175 print the full copyright notice.
 1176 .El
 1178 Any option that is not marked as \fInot presettable\fP may be preset
 1179 by loading values from configuration ("RC" or ".INI") file(s) and values from
 1180 environment variables named:
 1181 .nf
 1182   \fBNTP_KEYGEN_<option\-name>\fP or \fBNTP_KEYGEN\fP
 1183 .fi
 1184 .ad
 1185 The environmental presets take precedence (are processed later than)
 1186 the configuration files.
 1187 The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
 1188 If any of these are directories, then the file \fI.ntprc\fP
 1189 is searched for within those directories.
 1190 .Sh USAGE
 1192 See \fBOPTION PRESETS\fP for configuration environment variables.
 1193 .Sh "FILES"
 1194 See \fBOPTION PRESETS\fP for configuration files.
 1195 .Sh "EXIT STATUS"
 1196 One of the following exit values will be returned:
 1197 .Bl -tag
 1198 .It 0 " (EXIT_SUCCESS)"
 1199 Successful program execution.
 1200 .It 1 " (EXIT_FAILURE)"
 1201 The operation failed or the command syntax was not valid.
 1202 .It 66 " (EX_NOINPUT)"
 1203 A specified configuration file could not be loaded.
 1204 .It 70 " (EX_SOFTWARE)"
 1205 libopts had an internal operational error.  Please report
 1206 it to autogen\-users@lists.sourceforge.net.  Thank you.
 1207 .El
 1208 .Sh "AUTHORS"
 1209 The University of Delaware and Network Time Foundation
 1210 .Sh "COPYRIGHT"
 1211 Copyright (C) 1992\-2020 The University of Delaware and Network Time Foundation all rights reserved.
 1212 This program is released under the terms of the NTP license, <http://ntp.org/license>.
 1213 .Sh BUGS
 1214 It can take quite a while to generate some cryptographic values.
 1215 .Pp
 1216 Please report bugs to http://bugs.ntp.org .
 1217 .Pp
 1218 Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
 1219 .Sh NOTES
 1220 Portions of this document came from FreeBSD.
 1221 .Pp
 1222 This manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP
 1223 option definitions.