Manual Pages for UNIX Darwin command on man ntp-genkeys
MyWebUniversity

Manual Pages for UNIX Darwin command on man ntp-genkeys

NTPGENKEYS(8) BSD System Manager's Manual NTPGENKEYS(8)



NAME
     nnttpp-ggeennkkeeyyss - generate public and private keys



SYNOPSIS
     nnttpp-ggeennkkeeyyss [-ddffhhllnntt] [-cc conffile] [-gg target] [-kk keyfile]



DESCRIPTION
     The nnttpp-ggeennkkeeyyss utility generates random keys used by either or both the

     NTPv3/NTPv4 symmetric key or the NTPv4 public key (Autokey) cryptographic
     authentication schemes.

     The following options are available:


     -cc conffile

             Location of ntp.conf(8) file.


     -dd      enable debug messages (can be used multiple times)



     -ff      force installation of generated keys.



     -gg -ttaarrggeett

             Generate file or files indicated by the characters in the target
             string:


             d  Generate D-H parameter file.


             m  Generate MD5 key file.

             r  Generate RSA keys.


     -hh      Build keys here (current directory).  Implies -ll.



     -kk keyfile

             Location of key file.


     -ll      Do not make the symlinks.



     -nn      Do not actually do anything, just say what would be done.



     -tt      Trash the (old) files at the end of symlink.



     By default the program generates the ntp.keys(5) file containing 16 ran-

     dom symmetric keys.  In addition, if the rsaref20 package is configured
     for the software build, the program generates cryptographic values used
     by the Autokey scheme.  These values are incorporated as a set of three
     files, ntpkey containing the RSA private key, ntpkeyhost containing the
     RSA public key, where host is the DNS name of the generating machine, and

     ntpkeydh containing the parameters for the Diffie-Hellman key-agreement

     algorithm.  All files and are in printable ASCII format.  A timestamp in
     NTP seconds is appended to each.  Since the algorithms are seeded by the
     system clock, each run of this program produces a different file and file
     name.


     The ntp.keys(5) file contains 16 MD5 keys.  Each key consists of 16 char-

     acters randomized over the ASCII 95-character printing subset.  The file

     is read by the daemon at the location specified by the kkeeyyss configuration
     file command and made visible only to root.  An additional key consisting
     of an easily remembered password should be added by hand for use with the
     ntpq(8) and ntpdc(8) programs.  The file must be distributed by secure
     means to other servers and clients sharing the same security compartment.
     While the key identifiers for MD5 and DES keys must be in the range

     1-65534, inclusive, the nnttpp-ggeennkkeeyyss utility uses only the identifiers

     from 1 to 16.  The key identifier for each association is specified as
     the key argument in the sseerrvveerr or ppeeeerr configuration file command.

     The ntpkey file contains the RSA private key.  It is read by the daemon

     at the location specified by the privatekey argument of the ccrryyppttoo con-

     figuration file command and made visible only to root.  This file is use-

     ful only to the machine that generated it and never shared with any other
     daemon or application program.

     The ntpkeyhost file contains the RSA public key, where host is the DNS
     name of the host that generated it.  The file is read by the daemon at
     the location specified by the publickey argument to the sseerrvveerr or ppeeeerr
     configuration file command.  This file can be widely distributed and
     stored without using secure means, since the data are public values.


     The ntpdh file contains two Diffie-Hellman parameters: the prime modulus

     and the generator.  The file is read by the daemon at the location speci-

     fied by the dhparams argument of the ccrryyppttoo configuration file command.
     The file can be distributed by insecure means to other servers and
     clients sharing the same key agreement compartment, since the data are
     public values.


     The file formats begin with two lines, the first containing the generat-

     ing system DNS name and the second the datestamp.  Lines beginning with

     `#' are considered comments and ignored by the daemon.  In the

     ntp.keys(5) file, the next 16 lines contain the MD5 keys in order.  If

     necessary, this file can be further customized by an ordinary text edi-

     tor.  The format is described in the following section.  In the ntpkey
     and ntpkeyhost files, the next line contains the modulus length in bits
     followed by the key as a PEM encoded string.  In the ntpkeydh file, the
     next line contains the prime length in bytes followed by the prime as a
     PEM encoded string, and the next and final line contains the generator
     length in bytes followed by the generator as a PEM encoded string.


     Note: See the file ./source/rsaref.h in the rsaref20 package for explana-

     tion of return values, if necessary.


SEE ALSO
     ntp.keys(5), ntpdc(8), ntpq(8)


BUGS
     It can take quite a while to generate the RSA public/private key pair and

     Diffie-Hellman parameters, from a few seconds on a modern workstation to

     several minutes on older machines.

BSD                             August 2, 2001                             BSD



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™