aboutsummaryrefslogtreecommitdiff
path: root/contrib/ntp/util/ntp-keygen.man.in
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ntp/util/ntp-keygen.man.in')
-rw-r--r--contrib/ntp/util/ntp-keygen.man.in1372
1 files changed, 1372 insertions, 0 deletions
diff --git a/contrib/ntp/util/ntp-keygen.man.in b/contrib/ntp/util/ntp-keygen.man.in
new file mode 100644
index 000000000000..284d52409bcb
--- /dev/null
+++ b/contrib/ntp/util/ntp-keygen.man.in
@@ -0,0 +1,1372 @@
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntp-keygen @NTP_KEYGEN_MS@ "25 May 2024" "ntp (4.2.8p18)" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (in-mem file)
+.\"
+.\" It has been AutoGen-ed May 25, 2024 at 12:04:51 AM by AutoGen 5.18.16
+.\" From the definitions ntp-keygen-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntp-keygen\fP
+\- Create a NTP host key
+.SH SYNOPSIS
+\f\*[B-Font]ntp-keygen\fP
+.\" Mixture of short (flag) options and long options
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+.sp \n(Ppu
+.ne 2
+
+All arguments must be options.
+.sp \n(Ppu
+.ne 2
+
+.SH DESCRIPTION
+This program generates cryptographic data files used by the NTPv4
+authentication and identification schemes.
+It can generate message digest keys used in symmetric key cryptography and,
+if the OpenSSL software library has been installed, it can generate host keys,
+signing keys, certificates, and identity keys and parameters used in Autokey
+public key cryptography.
+These files are used for cookie encryption,
+digital signature, and challenge/response identification algorithms
+compatible with the Internet standard security infrastructure.
+.sp \n(Ppu
+.ne 2
+
+The message digest symmetric keys file is generated in a format
+compatible with NTPv3.
+All other files are in PEM-encoded printable ASCII format,
+so they can be embedded as MIME attachments in email to other sites
+and certificate authorities.
+By default, files are not encrypted.
+.sp \n(Ppu
+.ne 2
+
+When used to generate message digest symmetric keys, the program
+produces a file containing ten pseudo-random printable ASCII strings
+suitable for the MD5 message digest algorithm included in the
+distribution.
+If the OpenSSL library is installed, it produces an additional ten
+hex-encoded random bit strings suitable for SHA1, AES-128-CMAC, and
+other message digest algorithms.
+The message digest symmetric keys file must be distributed and stored
+using secure means beyond the scope of NTP itself.
+Besides the keys used for ordinary NTP associations, additional keys
+can be defined as passwords for the
+\fCntpq\f[]\fR(@NTPQ_MS@)\f[]
+and
+\fCntpdc\f[]\fR(@NTPDC_MS@)\f[]
+utility programs.
+.sp \n(Ppu
+.ne 2
+
+The remaining generated files are compatible with other OpenSSL
+applications and other Public Key Infrastructure (PKI) resources.
+Certificates generated by this program are compatible with extant
+industry practice, although some users might find the interpretation of
+X509v3 extension fields somewhat liberal.
+However, the identity keys are probably not compatible with anything
+other than Autokey.
+.sp \n(Ppu
+.ne 2
+
+Some files used by this program are encrypted using a private password.
+The
+\f\*[B-Font]\-p\f[]
+option specifies the read password for local encrypted files and the
+\f\*[B-Font]\-q\f[]
+option the write password for encrypted files sent to remote sites.
+If no password is specified, the host name returned by the Unix
+\fChostname\f[]\fR(1)\f[]
+command, normally the DNS name of the host, is used as the the default read
+password, for convenience.
+The
+\f\*[B-Font]ntp-keygen\fP
+program prompts for the password if it reads an encrypted file
+and the password is missing or incorrect.
+If an encrypted file is read successfully and
+no write password is specified, the read password is used
+as the write password by default.
+.sp \n(Ppu
+.ne 2
+
+The
+\f\*[B-Font]pw\f[]
+option of the
+\f\*[B-Font]crypto\f[]
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+configuration command specifies the read
+password for previously encrypted local files.
+This must match the local read password used by this program.
+If not specified, the host name is used.
+Thus, if files are generated by this program without an explicit password,
+they can be read back by
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+without specifying an explicit password but only on the same host.
+If the write password used for encryption is specified as the host name,
+these files can be read by that host with no explicit password.
+.sp \n(Ppu
+.ne 2
+
+Normally, encrypted files for each host are generated by that host and
+used only by that host, although exceptions exist as noted later on
+this page.
+The symmetric keys file, normally called
+\fIntp.keys\f[],
+is usually installed in
+\fI/etc\f[].
+Other files and links are usually installed in
+\fI/usr/local/etc\f[],
+which is normally in a shared filesystem in
+NFS-mounted networks and cannot be changed by shared clients.
+In these cases, NFS clients can specify the files in another
+directory such as
+\fI/etc\f[]
+using the
+\f\*[B-Font]keysdir\f[]
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+configuration file command.
+.sp \n(Ppu
+.ne 2
+
+This program directs commentary and error messages to the standard
+error stream
+\fIstderr\f[]
+and remote files to the standard output stream
+\fIstdout\f[]
+where they can be piped to other applications or redirected to files.
+The names used for generated files and links all begin with the
+string
+\fIntpkey\&*\f[]
+and include the file type, generating host and filestamp,
+as described in the
+\fICryptographic Data Files\f[]
+section below.
+.SS Running the Program
+The safest way to run the
+\f\*[B-Font]ntp-keygen\fP
+program is logged in directly as root.
+The recommended procedure is change to the
+\f\*[I-Font]keys\f[]
+directory, usually
+\fI/usr/local/etc\f[],
+then run the program.
+.sp \n(Ppu
+.ne 2
+
+To test and gain experience with Autokey concepts, log in as root and
+change to the
+\f\*[I-Font]keys\f[]
+directory, usually
+\fI/usr/local/etc\f[].
+When run for the first time, or if all files with names beginning with
+\fIntpkey\&*\f[]
+have been removed, use the
+\f\*[B-Font]ntp-keygen\fP
+command without arguments to generate a default
+\f\*[B-Font]RSA\f[]
+host key and matching
+\f\*[B-Font]RSA-MD5\f[]
+certificate file with expiration date one year hence,
+which is all that is necessary in many cases.
+The program also generates soft links from the generic names
+to the respective files.
+If run again without options, the program uses the
+existing keys and parameters and generates a new certificate file with
+new expiration date one year hence, and soft link.
+.sp \n(Ppu
+.ne 2
+
+The host key is used to encrypt the cookie when required and so must be
+\f\*[B-Font]RSA\f[]
+type.
+By default, the host key is also the sign key used to encrypt signatures.
+When necessary, a different sign key can be specified and this can be
+either
+\f\*[B-Font]RSA\f[]
+or
+\f\*[B-Font]DSA\f[]
+type.
+By default, the message digest type is
+\f\*[B-Font]MD5\f[],
+but any combination
+of sign key type and message digest type supported by the OpenSSL library
+can be specified, including those using the
+\f\*[B-Font]AES128CMAC\f[], \f\*[B-Font]MD2\f[], \f\*[B-Font]MD5\f[], \f\*[B-Font]MDC2\f[], \f\*[B-Font]SHA\f[], \f\*[B-Font]SHA1\f[]
+and
+\f\*[B-Font]RIPE160\f[]
+message digest algorithms.
+However, the scheme specified in the certificate must be compatible
+with the sign key.
+Certificates using any digest algorithm are compatible with
+\f\*[B-Font]RSA\f[]
+sign keys;
+however, only
+\f\*[B-Font]SHA\f[]
+and
+\f\*[B-Font]SHA1\f[]
+certificates are compatible with
+\f\*[B-Font]DSA\f[]
+sign keys.
+.sp \n(Ppu
+.ne 2
+
+Private/public key files and certificates are compatible with
+other OpenSSL applications and very likely other libraries as well.
+Certificates or certificate requests derived from them should be compatible
+with extant industry practice, although some users might find
+the interpretation of X509v3 extension fields somewhat liberal.
+However, the identification parameter files, although encoded
+as the other files, are probably not compatible with anything other than Autokey.
+.sp \n(Ppu
+.ne 2
+
+Running the program as other than root and using the Unix
+\fCsu\f[]\fR(1)\f[]
+command
+to assume root may not work properly, since by default the OpenSSL library
+looks for the random seed file
+\fI.rnd\f[]
+in the user home directory.
+However, there should be only one
+\fI.rnd\f[],
+most conveniently
+in the root directory, so it is convenient to define the
+RANDFILE
+environment variable used by the OpenSSL library as the path to
+\fI.rnd\f[].
+.sp \n(Ppu
+.ne 2
+
+Installing the keys as root might not work in NFS-mounted
+shared file systems, as NFS clients may not be able to write
+to the shared keys directory, even as root.
+In this case, NFS clients can specify the files in another
+directory such as
+\fI/etc\f[]
+using the
+\f\*[B-Font]keysdir\f[]
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+configuration file command.
+There is no need for one client to read the keys and certificates
+of other clients or servers, as these data are obtained automatically
+by the Autokey protocol.
+.sp \n(Ppu
+.ne 2
+
+Ordinarily, cryptographic files are generated by the host that uses them,
+but it is possible for a trusted agent (TA) to generate these files
+for other hosts; however, in such cases files should always be encrypted.
+The subject name and trusted name default to the hostname
+of the host generating the files, but can be changed by command line options.
+It is convenient to designate the owner name and trusted name
+as the subject and issuer fields, respectively, of the certificate.
+The owner name is also used for the host and sign key files,
+while the trusted name is used for the identity files.
+.sp \n(Ppu
+.ne 2
+
+All files are installed by default in the keys directory
+\fI/usr/local/etc\f[],
+which is normally in a shared filesystem
+in NFS-mounted networks.
+The actual location of the keys directory
+and each file can be overridden by configuration commands,
+but this is not recommended.
+Normally, the files for each host are generated by that host
+and used only by that host, although exceptions exist
+as noted later on this page.
+.sp \n(Ppu
+.ne 2
+
+Normally, files containing private values,
+including the host key, sign key and identification parameters,
+are permitted root read/write-only;
+while others containing public values are permitted world readable.
+Alternatively, files containing private values can be encrypted
+and these files permitted world readable,
+which simplifies maintenance in shared file systems.
+Since uniqueness is insured by the
+\f\*[I-Font]hostname\f[]
+and
+\f\*[I-Font]filestamp\f[]
+file name extensions, the files for an NTP server and
+dependent clients can all be installed in the same shared directory.
+.sp \n(Ppu
+.ne 2
+
+The recommended practice is to keep the file name extensions
+when installing a file and to install a soft link
+from the generic names specified elsewhere on this page
+to the generated files.
+This allows new file generations to be activated simply
+by changing the link.
+If a link is present,
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+follows it to the file name to extract the
+\f\*[I-Font]filestamp\f[].
+If a link is not present,
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+extracts the
+\f\*[I-Font]filestamp\f[]
+from the file itself.
+This allows clients to verify that the file and generation times
+are always current.
+The
+\f\*[B-Font]ntp-keygen\fP
+program uses the same
+\f\*[I-Font]filestamp\f[]
+extension for all files generated
+at one time, so each generation is distinct and can be readily
+recognized in monitoring data.
+.sp \n(Ppu
+.ne 2
+
+Run the command on as many hosts as necessary.
+Designate one of them as the trusted host (TH) using
+\f\*[B-Font]ntp-keygen\fP
+with the
+\f\*[B-Font]\-T\f[]
+option and configure it to synchronize from reliable Internet servers.
+Then configure the other hosts to synchronize to the TH directly or
+indirectly.
+A certificate trail is created when Autokey asks the immediately
+ascendant host towards the TH to sign its certificate, which is then
+provided to the immediately descendant host on request.
+All group hosts should have acyclic certificate trails ending on the TH.
+.sp \n(Ppu
+.ne 2
+
+The host key is used to encrypt the cookie when required and so must be
+RSA type.
+By default, the host key is also the sign key used to encrypt
+signatures.
+A different sign key can be assigned using the
+\f\*[B-Font]\-S\f[]
+option and this can be either
+\f\*[B-Font]RSA\f[]
+or
+\f\*[B-Font]DSA\f[]
+type.
+By default, the signature
+message digest type is
+\f\*[B-Font]MD5\f[],
+but any combination of sign key type and
+message digest type supported by the OpenSSL library can be specified
+using the
+\f\*[B-Font]\-c\f[]
+option.
+.sp \n(Ppu
+.ne 2
+
+The rules say cryptographic media should be generated with proventic
+filestamps, which means the host should already be synchronized before
+this program is run.
+This of course creates a chicken-and-egg problem
+when the host is started for the first time.
+Accordingly, the host time
+should be set by some other means, such as eyeball-and-wristwatch, at
+least so that the certificate lifetime is within the current year.
+After that and when the host is synchronized to a proventic source, the
+certificate should be re-generated.
+.sp \n(Ppu
+.ne 2
+
+Additional information on trusted groups and identity schemes is on the
+\*[Lq]Autokey Public-Key Authentication\*[Rq]
+page.
+.sp \n(Ppu
+.ne 2
+
+File names begin with the prefix
+\fIntpkey\f[]_
+and end with the suffix
+\fI_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[],
+where
+\f\*[I-Font]hostname\f[]
+is the owner name, usually the string returned
+by the Unix
+\fChostname\f[]\fR(1)\f[]
+command, and
+\f\*[I-Font]filestamp\f[]
+is the NTP seconds when the file was generated, in decimal digits.
+This both guarantees uniqueness and simplifies maintenance
+procedures, since all files can be quickly removed
+by a
+\f\*[B-Font]rm\f[] \fIntpkey\&*\f[]
+command or all files generated
+at a specific time can be removed by a
+\f\*[B-Font]rm\f[] \fI\&*\f[]\f\*[I-Font]filestamp\f[]
+command.
+To further reduce the risk of misconfiguration,
+the first two lines of a file contain the file name
+and generation date and time as comments.
+.SS Trusted Hosts and Groups
+Each cryptographic configuration involves selection of a signature scheme
+and identification scheme, called a cryptotype,
+as explained in the
+\fIAuthentication\f[] \fIOptions\f[]
+section of
+\fCntp.conf\f[]\fR(5)\f[].
+The default cryptotype uses
+\f\*[B-Font]RSA\f[]
+encryption,
+\f\*[B-Font]MD5\f[]
+message digest
+and
+\f\*[B-Font]TC\f[]
+identification.
+First, configure a NTP subnet including one or more low-stratum
+trusted hosts from which all other hosts derive synchronization
+directly or indirectly.
+Trusted hosts have trusted certificates;
+all other hosts have nontrusted certificates.
+These hosts will automatically and dynamically build authoritative
+certificate trails to one or more trusted hosts.
+A trusted group is the set of all hosts that have, directly or indirectly,
+a certificate trail ending at a trusted host.
+The trail is defined by static configuration file entries
+or dynamic means described on the
+\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
+section of
+\fCntp.conf\f[]\fR(5)\f[].
+.sp \n(Ppu
+.ne 2
+
+On each trusted host as root, change to the keys directory.
+To insure a fresh fileset, remove all
+\fIntpkey\f[]
+files.
+Then run
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
+to generate keys and a trusted certificate.
+On all other hosts do the same, but leave off the
+\f\*[B-Font]\-T\f[]
+flag to generate keys and nontrusted certificates.
+When complete, start the NTP daemons beginning at the lowest stratum
+and working up the tree.
+It may take some time for Autokey to instantiate the certificate trails
+throughout the subnet, but setting up the environment is completely automatic.
+.sp \n(Ppu
+.ne 2
+
+If it is necessary to use a different sign key or different digest/signature
+scheme than the default, run
+\f\*[B-Font]ntp-keygen\fP
+with the
+\f\*[B-Font]\-S\f[] \f\*[I-Font]type\f[]
+option, where
+\f\*[I-Font]type\f[]
+is either
+\f\*[B-Font]RSA\f[]
+or
+\f\*[B-Font]DSA\f[].
+The most frequent need to do this is when a
+\f\*[B-Font]DSA\f[]\-signed
+certificate is used.
+If it is necessary to use a different certificate scheme than the default,
+run
+\f\*[B-Font]ntp-keygen\fP
+with the
+\f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[]
+option and selected
+\f\*[I-Font]scheme\f[]
+as needed.
+If
+\f\*[B-Font]ntp-keygen\fP
+is run again without these options, it generates a new certificate
+using the same scheme and sign key, and soft link.
+.sp \n(Ppu
+.ne 2
+
+After setting up the environment it is advisable to update certificates
+from time to time, if only to extend the validity interval.
+Simply run
+\f\*[B-Font]ntp-keygen\fP
+with the same flags as before to generate new certificates
+using existing keys, and soft links.
+However, if the host or sign key is changed,
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+should be restarted.
+When
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+is restarted, it loads any new files and restarts the protocol.
+Other dependent hosts will continue as usual until signatures are refreshed,
+at which time the protocol is restarted.
+.SS Identity Schemes
+As mentioned on the Autonomous Authentication page,
+the default
+\f\*[B-Font]TC\f[]
+identity scheme is vulnerable to a middleman attack.
+However, there are more secure identity schemes available,
+including
+\f\*[B-Font]PC\f[], \f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[]
+and
+\f\*[B-Font]MV\f[]
+schemes described below.
+These schemes are based on a TA, one or more trusted hosts
+and some number of nontrusted hosts.
+Trusted hosts prove identity using values provided by the TA,
+while the remaining hosts prove identity using values provided
+by a trusted host and certificate trails that end on that host.
+The name of a trusted host is also the name of its sugroup
+and also the subject and issuer name on its trusted certificate.
+The TA is not necessarily a trusted host in this sense, but often is.
+.sp \n(Ppu
+.ne 2
+
+In some schemes there are separate keys for servers and clients.
+A server can also be a client of another server,
+but a client can never be a server for another client.
+In general, trusted hosts and nontrusted hosts that operate
+as both server and client have parameter files that contain
+both server and client keys.
+Hosts that operate
+only as clients have key files that contain only client keys.
+.sp \n(Ppu
+.ne 2
+
+The PC scheme supports only one trusted host in the group.
+On trusted host alice run
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-P\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
+to generate the host key file
+\fIntpkey\f[]_ \f\*[B-Font]RSA\f[] \fIkey_alice.\f[] \f\*[I-Font]filestamp\f[]
+and trusted private certificate file
+\fIntpkey\f[]_ \f\*[B-Font]RSA-MD5\f[] \f\*[B-Font]_\f[] \fIcert_alice.\f[] \f\*[I-Font]filestamp\f[],
+and soft links.
+Copy both files to all group hosts;
+they replace the files which would be generated in other schemes.
+On each host
+\f\*[I-Font]bob\f[]
+install a soft link from the generic name
+\fIntpkey_host_\f[]\f\*[I-Font]bob\f[]
+to the host key file and soft link
+\fIntpkey_cert_\f[]\f\*[I-Font]bob\f[]
+to the private certificate file.
+Note the generic links are on bob, but point to files generated
+by trusted host alice.
+In this scheme it is not possible to refresh
+either the keys or certificates without copying them
+to all other hosts in the group, and recreating the soft links.
+.sp \n(Ppu
+.ne 2
+
+For the
+\f\*[B-Font]IFF\f[]
+scheme proceed as in the
+\f\*[B-Font]TC\f[]
+scheme to generate keys
+and certificates for all group hosts, then for every trusted host in the group,
+generate the
+\f\*[B-Font]IFF\f[]
+parameter file.
+On trusted host alice run
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
+\f\*[B-Font]\-I\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
+to produce her parameter file
+\fIntpkey_IFFpar_alice.\f[]\f\*[I-Font]filestamp\f[],
+which includes both server and client keys.
+Copy this file to all group hosts that operate as both servers
+and clients and install a soft link from the generic
+\fIntpkey_iff_alice\f[]
+to this file.
+If there are no hosts restricted to operate only as clients,
+there is nothing further to do.
+As the
+\f\*[B-Font]IFF\f[]
+scheme is independent
+of keys and certificates, these files can be refreshed as needed.
+.sp \n(Ppu
+.ne 2
+
+If a rogue client has the parameter file, it could masquerade
+as a legitimate server and present a middleman threat.
+To eliminate this threat, the client keys can be extracted
+from the parameter file and distributed to all restricted clients.
+After generating the parameter file, on alice run
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-e\f[]
+and pipe the output to a file or email program.
+Copy or email this file to all restricted clients.
+On these clients install a soft link from the generic
+\fIntpkey_iff_alice\f[]
+to this file.
+To further protect the integrity of the keys,
+each file can be encrypted with a secret password.
+.sp \n(Ppu
+.ne 2
+
+For the
+\f\*[B-Font]GQ\f[]
+scheme proceed as in the
+\f\*[B-Font]TC\f[]
+scheme to generate keys
+and certificates for all group hosts, then for every trusted host
+in the group, generate the
+\f\*[B-Font]IFF\f[]
+parameter file.
+On trusted host alice run
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
+\f\*[B-Font]\-G\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
+to produce her parameter file
+\fIntpkey_GQpar_alice.\f[]\f\*[I-Font]filestamp\f[],
+which includes both server and client keys.
+Copy this file to all group hosts and install a soft link
+from the generic
+\fIntpkey_gq_alice\f[]
+to this file.
+In addition, on each host
+\f\*[I-Font]bob\f[]
+install a soft link
+from generic
+\fIntpkey_gq_\f[]\f\*[I-Font]bob\f[]
+to this file.
+As the
+\f\*[B-Font]GQ\f[]
+scheme updates the
+\f\*[B-Font]GQ\f[]
+parameters file and certificate
+at the same time, keys and certificates can be regenerated as needed.
+.sp \n(Ppu
+.ne 2
+
+For the
+\f\*[B-Font]MV\f[]
+scheme, proceed as in the
+\f\*[B-Font]TC\f[]
+scheme to generate keys
+and certificates for all group hosts.
+For illustration assume trish is the TA, alice one of several trusted hosts
+and bob one of her clients.
+On TA trish run
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-V\f[] \f\*[I-Font]n\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[],
+where
+\f\*[I-Font]n\f[]
+is the number of revokable keys (typically 5) to produce
+the parameter file
+\fIntpkeys_MVpar_trish.\f[]\f\*[I-Font]filestamp\f[]
+and client key files
+\fIntpkeys_MVkey\f[]\f\*[I-Font]d\f[] \f\*[I-Font]_\f[] \fItrish.\f[] \f\*[I-Font]filestamp\f[]
+where
+\f\*[I-Font]d\f[]
+is the key number (0 \&<
+\f\*[I-Font]d\f[]
+\&<
+\f\*[I-Font]n\f[]).
+Copy the parameter file to alice and install a soft link
+from the generic
+\fIntpkey_mv_alice\f[]
+to this file.
+Copy one of the client key files to alice for later distribution
+to her clients.
+It does not matter which client key file goes to alice,
+since they all work the same way.
+Alice copies the client key file to all of her clients.
+On client bob install a soft link from generic
+\fIntpkey_mvkey_bob\f[]
+to the client key file.
+As the
+\f\*[B-Font]MV\f[]
+scheme is independent of keys and certificates,
+these files can be refreshed as needed.
+.SS Command Line Options
+.TP 7
+.NOP \f\*[B-Font]\-b\f[] \f\*[B-Font]\-\-imbits\f[]= \f\*[I-Font]modulus\f[]
+Set the number of bits in the identity modulus for generating identity keys to
+\f\*[I-Font]modulus\f[]
+bits.
+The number of bits in the identity modulus defaults to 256, but can be set to
+values from 256 to 2048 (32 to 256 octets).
+Use the larger moduli with caution, as this can consume considerable computing
+resources and increases the size of authenticated packets.
+.TP 7
+.NOP \f\*[B-Font]\-c\f[] \f\*[B-Font]\-\-certificate\f[]= \f\*[I-Font]scheme\f[]
+Select certificate signature encryption/message digest scheme.
+The
+\f\*[I-Font]scheme\f[]
+can be one of the following:
+\f\*[B-Font]RSA-MD2\f[], \f\*[B-Font]RSA-MD5\f[], \f\*[B-Font]RSA-MDC2\f[], \f\*[B-Font]RSA-SHA\f[], \f\*[B-Font]RSA-SHA1\f[], \f\*[B-Font]RSA-RIPEMD160\f[], \f\*[B-Font]DSA-SHA\f[],
+or
+\f\*[B-Font]DSA-SHA1\f[].
+Note that
+\f\*[B-Font]RSA\f[]
+schemes must be used with an
+\f\*[B-Font]RSA\f[]
+sign key and
+\f\*[B-Font]DSA\f[]
+schemes must be used with a
+\f\*[B-Font]DSA\f[]
+sign key.
+The default without this option is
+\f\*[B-Font]RSA-MD5\f[].
+If compatibility with FIPS 140-2 is required, either the
+\f\*[B-Font]DSA-SHA\f[]
+or
+\f\*[B-Font]DSA-SHA1\f[]
+scheme must be used.
+.TP 7
+.NOP \f\*[B-Font]\-C\f[] \f\*[B-Font]\-\-cipher\f[]= \f\*[I-Font]cipher\f[]
+Select the OpenSSL cipher to encrypt the files containing private keys.
+The default without this option is three-key triple DES in CBC mode,
+\f\*[B-Font]des-ede3-cbc\f[].
+The
+\f\*[B-Font]openssl\f[] \f\*[B-Font]\-h\f[]
+command provided with OpenSSL displays available ciphers.
+.TP 7
+.NOP \f\*[B-Font]\-d\f[] \f\*[B-Font]\-\-debug-level\f[]
+Increase debugging verbosity level.
+This option displays the cryptographic data produced in eye-friendly billboards.
+.TP 7
+.NOP \f\*[B-Font]\-D\f[] \f\*[B-Font]\-\-set-debug-level\f[]= \f\*[I-Font]level\f[]
+Set the debugging verbosity to
+\f\*[I-Font]level\f[].
+This option displays the cryptographic data produced in eye-friendly billboards.
+.TP 7
+.NOP \f\*[B-Font]\-e\f[] \f\*[B-Font]\-\-id-key\f[]
+Write the
+\f\*[B-Font]IFF\f[]
+or
+\f\*[B-Font]GQ\f[]
+public parameters from the
+\f\*[I-Font]IFFkey\f[] \f\*[I-Font]or\f[] \f\*[I-Font]GQkey\f[]
+client keys file previously specified
+as unencrypted data to the standard output stream
+\fIstdout\f[].
+This is intended for automatic key distribution by email.
+.TP 7
+.NOP \f\*[B-Font]\-G\f[] \f\*[B-Font]\-\-gq-params\f[]
+Generate a new encrypted
+\f\*[B-Font]GQ\f[]
+parameters and key file for the Guillou-Quisquater (GQ) identity scheme.
+This option is mutually exclusive with the
+\f\*[B-Font]\-I\f[]
+and
+\f\*[B-Font]\-V\f[]
+options.
+.TP 7
+.NOP \f\*[B-Font]\-H\f[] \f\*[B-Font]\-\-host-key\f[]
+Generate a new encrypted
+\f\*[B-Font]RSA\f[]
+public/private host key file.
+.TP 7
+.NOP \f\*[B-Font]\-I\f[] \f\*[B-Font]\-\-iffkey\f[]
+Generate a new encrypted
+\f\*[B-Font]IFF\f[]
+key file for the Schnorr (IFF) identity scheme.
+This option is mutually exclusive with the
+\f\*[B-Font]\-G\f[]
+and
+Fl V
+options.
+.TP 7
+.NOP \f\*[B-Font]\-i\f[] \f\*[B-Font]\-\-ident\f[]= \f\*[I-Font]group\f[]
+Set the optional Autokey group name to
+\f\*[I-Font]group\f[].
+This is used in the identity scheme parameter file names of
+\f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[],
+and
+\f\*[B-Font]MV\f[]
+client parameters files.
+In that role, the default is the host name if no group is provided.
+The group name, if specified using
+\f\*[B-Font]\-i\f[]
+or
+\f\*[B-Font]\-s\f[]
+following an
+\[oq]@@\[cq]
+character, is also used in certificate subject and issuer names in the form
+\f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[]
+and should match the group specified via
+\f\*[B-Font]crypto\f[] \f\*[B-Font]ident\f[]
+or
+\f\*[B-Font]server\f[] \f\*[B-Font]ident\f[]
+in the ntpd configuration file.
+.TP 7
+.NOP \f\*[B-Font]\-l\f[] \f\*[B-Font]\-\-lifetime\f[]= \f\*[I-Font]days\f[]
+Set the lifetime for certificate expiration to
+\f\*[I-Font]days\f[].
+The default lifetime is one year (365 days).
+.TP 7
+.NOP \f\*[B-Font]\-m\f[] \f\*[B-Font]\-\-modulus\f[]= \f\*[I-Font]bits\f[]
+Set the number of bits in the prime modulus for generating files to
+\f\*[I-Font]bits\f[].
+The modulus defaults to 512, but can be set from 256 to 2048 (32 to 256 octets).
+Use the larger moduli with caution, as this can consume considerable computing
+resources and increases the size of authenticated packets.
+.TP 7
+.NOP \f\*[B-Font]\-M\f[] \f\*[B-Font]\-\-md5key\f[]
+Generate a new symmetric keys file containing 10
+\f\*[B-Font]MD5\f[]
+keys, and if OpenSSL is available, 10
+\f\*[B-Font]SHA\f[]
+keys.
+An
+\f\*[B-Font]MD5\f[]
+key is a string of 20 random printable ASCII characters, while a
+\f\*[B-Font]SHA\f[]
+key is a string of 40 random hex digits.
+The file can be edited using a text editor to change the key type or key content.
+This option is mutually exclusive with all other options.
+.TP 7
+.NOP \f\*[B-Font]\-p\f[] \f\*[B-Font]\-\-password\f[]= \f\*[I-Font]passwd\f[]
+Set the password for reading and writing encrypted files to
+\f\*[I-Font]passwd\f[].
+These include the host, sign and identify key files.
+By default, the password is the string returned by the Unix
+\f\*[B-Font]hostname\f[]
+command.
+.TP 7
+.NOP \f\*[B-Font]\-P\f[] \f\*[B-Font]\-\-pvt-cert\f[]
+Generate a new private certificate used by the
+\f\*[B-Font]PC\f[]
+identity scheme.
+By default, the program generates public certificates.
+Note: the PC identity scheme is not recommended for new installations.
+.TP 7
+.NOP \f\*[B-Font]\-q\f[] \f\*[B-Font]\-\-export-passwd\f[]= \f\*[I-Font]passwd\f[]
+Set the password for writing encrypted
+\f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[] \f\*[B-Font]and\f[] \f\*[B-Font]MV\f[]
+identity files redirected to
+\fIstdout\f[]
+to
+\f\*[I-Font]passwd\f[].
+In effect, these files are decrypted with the
+\f\*[B-Font]\-p\f[]
+password, then encrypted with the
+\f\*[B-Font]\-q\f[]
+password.
+By default, the password is the string returned by the Unix
+\f\*[B-Font]hostname\f[]
+command.
+.TP 7
+.NOP \f\*[B-Font]\-s\f[] \f\*[B-Font]\-\-subject-key\f[]= [host] [@@ \f\*[I-Font]group\f[]]
+Specify the Autokey host name, where
+\f\*[I-Font]host\f[]
+is the optional host name and
+\f\*[I-Font]group\f[]
+is the optional group name.
+The host name, and if provided, group name are used in
+\f\*[I-Font]host\f[] \f\*[I-Font]@@\f[] \f\*[I-Font]group\f[]
+form as certificate subject and issuer.
+Specifying
+\f\*[B-Font]\-s\f[] \f\*[B-Font]\-@@\f[] \f\*[I-Font]group\f[]
+is allowed, and results in leaving the host name unchanged, as with
+\f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[].
+The group name, or if no group is provided, the host name are also used in the
+file names of
+\f\*[B-Font]IFF\f[], \f\*[B-Font]GQ\f[],
+and
+\f\*[B-Font]MV\f[]
+identity scheme client parameter files.
+If
+\f\*[I-Font]host\f[]
+is not specified, the default host name is the string returned by the Unix
+\f\*[B-Font]hostname\f[]
+command.
+.TP 7
+.NOP \f\*[B-Font]\-S\f[] \f\*[B-Font]\-\-sign-key\f[]= [\f\*[B-Font]RSA\f[] | \f\*[B-Font]DSA\f[]]
+Generate a new encrypted public/private sign key file of the specified type.
+By default, the sign key is the host key and has the same type.
+If compatibility with FIPS 140-2 is required, the sign key type must be
+\f\*[B-Font]DSA\f[].
+.TP 7
+.NOP \f\*[B-Font]\-T\f[] \f\*[B-Font]\-\-trusted-cert\f[]
+Generate a trusted certificate.
+By default, the program generates a non-trusted certificate.
+.TP 7
+.NOP \f\*[B-Font]\-V\f[] \f\*[B-Font]\-\-mv-params\f[] \f\*[I-Font]nkeys\f[]
+Generate
+\f\*[I-Font]nkeys\f[]
+encrypted server keys and parameters for the Mu-Varadharajan (MV)
+identity scheme.
+This option is mutually exclusive with the
+\f\*[B-Font]\-I\f[]
+and
+\f\*[B-Font]\-G\f[]
+options.
+Note: support for this option should be considered a work in progress.
+.PP
+.SS Random Seed File
+All cryptographically sound key generation schemes must have means
+to randomize the entropy seed used to initialize
+the internal pseudo-random number generator used
+by the library routines.
+The OpenSSL library uses a designated random seed file for this purpose.
+The file must be available when starting the NTP daemon and
+\f\*[B-Font]ntp-keygen\fP
+program.
+If a site supports OpenSSL or its companion OpenSSH,
+it is very likely that means to do this are already available.
+.sp \n(Ppu
+.ne 2
+
+It is important to understand that entropy must be evolved
+for each generation, for otherwise the random number sequence
+would be predictable.
+Various means dependent on external events, such as keystroke intervals,
+can be used to do this and some systems have built-in entropy sources.
+Suitable means are described in the OpenSSL software documentation,
+but are outside the scope of this page.
+.sp \n(Ppu
+.ne 2
+
+The entropy seed used by the OpenSSL library is contained in a file,
+usually called
+\fI.rnd\f[],
+which must be available when starting the NTP daemon
+or the
+\f\*[B-Font]ntp-keygen\fP
+program.
+The NTP daemon will first look for the file
+using the path specified by the
+\f\*[B-Font]randfile\f[]
+subcommand of the
+\f\*[B-Font]crypto\f[]
+configuration command.
+If not specified in this way, or when starting the
+\f\*[B-Font]ntp-keygen\fP
+program,
+the OpenSSL library will look for the file using the path specified
+by the
+RANDFILE
+environment variable in the user home directory,
+whether root or some other user.
+If the
+RANDFILE
+environment variable is not present,
+the library will look for the
+\fI.rnd\f[]
+file in the user home directory.
+Since both the
+\f\*[B-Font]ntp-keygen\fP
+program and
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+daemon must run as root, the logical place to put this file is in
+\fI/.rnd\f[]
+or
+\fI/root/.rnd\f[].
+If the file is not available or cannot be written,
+the daemon exits with a message to the system log and the program
+exits with a suitable error message.
+.SS Cryptographic Data Files
+All file formats begin with two nonencrypted lines.
+The first line contains the file name, including the generated host name
+and filestamp, in the format
+\fIntpkey_\f[]\f\*[I-Font]key\f[] \f\*[I-Font]_\f[] \f\*[I-Font]name\f[]. \f\*[I-Font]filestamp\f[],
+where
+\f\*[I-Font]key\f[]
+is the key or parameter type,
+\f\*[I-Font]name\f[]
+is the host or group name and
+\f\*[I-Font]filestamp\f[]
+is the filestamp (NTP seconds) when the file was created.
+By convention,
+\f\*[I-Font]key\f[]
+names in generated file names include both upper and lower case
+characters, while
+\f\*[I-Font]key\f[]
+names in generated link names include only lower case characters.
+The filestamp is not used in generated link names.
+The second line contains the datestamp in conventional Unix
+\fIdate\f[]
+format.
+Lines beginning with
+\[oq]#\[cq]
+are considered comments and ignored by the
+\f\*[B-Font]ntp-keygen\fP
+program and
+\fCntpd\f[]\fR(@NTPD_MS@)\f[]
+daemon.
+.sp \n(Ppu
+.ne 2
+
+The remainder of the file contains cryptographic data, encoded first using ASN.1
+rules, then encrypted if necessary, and finally written in PEM-encoded
+printable ASCII text, preceded and followed by MIME content identifier lines.
+.sp \n(Ppu
+.ne 2
+
+The format of the symmetric keys file, ordinarily named
+\fIntp.keys\f[],
+is somewhat different than the other files in the interest of backward compatibility.
+Ordinarily, the file is generated by this program, but it can be constructed
+and edited using an ordinary text editor.
+.br
+.in +4
+.nf
+# ntpkey_MD5key_bk.ntp.org.3595864945
+# Thu Dec 12 19:22:25 2013
+1 MD5 L";Nw<\`.I<f4U0)247"i # MD5 key
+2 MD5 &>l0%XXK9O'51VwV<xq~ # MD5 key
+3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
+4 MD5 Yue:tL[+vR)M\`n~bY,'? # MD5 key
+5 MD5 B;fx'Kgr/&4ZTbL6=RxA # MD5 key
+6 MD5 4eYwa\`o}3i@@@@V@@..R9!l # MD5 key
+7 MD5 \`A.([h+;wTQ|xfi%Sn_! # MD5 key
+8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
+9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
+10 MD5 2late4Me # MD5 key
+11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
+12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
+13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
+14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
+15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
+16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
+17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
+18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
+19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
+20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
+.in -4
+.fi
+.in +4
+Figure 1. Typical Symmetric Key File
+.in -4
+.sp \n(Ppu
+.ne 2
+
+Figure 1 shows a typical symmetric keys file used by the reference
+implementation.
+Following the header the keys are entered one per line in the format
+.in +4
+\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
+.in -4
+where
+\f\*[I-Font]keyno\f[]
+is a positive integer in the range 1-65535;
+\f\*[I-Font]type\f[]
+is the key type for the message digest algorithm, which in the absence of the
+OpenSSL library must be
+\f\*[B-Font]MD5\f[]
+to designate the MD5 message digest algorithm;
+if the OpenSSL library is installed, the key type can be any
+message digest algorithm supported by that library;
+however, if compatibility with FIPS 140-2 is required,
+the key type must be either
+\f\*[B-Font]SHA\f[]
+or
+\f\*[B-Font]SHA1\f[];
+\f\*[I-Font]key\f[]
+is the key itself,
+which is a printable ASCII string 20 characters or less in length:
+each character is chosen from the 93 printable characters
+in the range 0x21 through 0x7e (
+\[oq]\[cq]!
+through
+\[oq]~\[cq]
+\&) excluding space and the
+\[oq]#\[cq]
+character, and terminated by whitespace or a
+\[oq]#\[cq]
+character.
+An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which
+is truncated as necessary.
+.sp \n(Ppu
+.ne 2
+
+Note that the keys used by the
+\fCntpq\f[]\fR(@NTPQ_MS@)\f[]
+and
+\fCntpdc\f[]\fR(@NTPDC_MS@)\f[]
+programs
+are checked against passwords requested by the programs
+and entered by hand, so it is generally appropriate to specify these keys
+in human readable ASCII format.
+.sp \n(Ppu
+.ne 2
+
+The
+\f\*[B-Font]ntp-keygen\fP
+program generates a symmetric keys file
+\fIntpkey_MD5key_\f[]\f\*[I-Font]hostname\f[]. \f\*[I-Font]filestamp\f[].
+Since the file contains private shared keys,
+it should be visible only to root and distributed by secure means
+to other subnet hosts.
+The NTP daemon loads the file
+\fIntp.keys\f[],
+so
+\f\*[B-Font]ntp-keygen\fP
+installs a soft link from this name to the generated file.
+Subsequently, similar soft links must be installed by manual
+or automated means on the other subnet hosts.
+While this file is not used with the Autokey Version 2 protocol,
+it is needed to authenticate some remote configuration commands
+used by the
+\fCntpq\f[]\fR(@NTPQ_MS@)\f[]
+and
+\fCntpdc\f[]\fR(@NTPDC_MS@)\f[]
+utilities.
+.SH "OPTIONS"
+.TP
+.NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]imbits\f[], \f\*[B-Font]\-\-imbits\f[]=\f\*[I-Font]imbits\f[]
+identity modulus bits.
+This option takes an integer number as its argument.
+The value of
+\f\*[I-Font]imbits\f[]
+is constrained to being:
+.in +4
+.nf
+.na
+in the range 256 through 2048
+.fi
+.in -4
+.sp
+The number of bits in the identity modulus. The default is 512.
+.TP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[], \f\*[B-Font]\-\-certificate\f[]=\f\*[I-Font]scheme\f[]
+certificate scheme.
+.sp
+scheme is one of
+RSA-MD2, RSA-MD5, RSA-MDC2, RSA-SHA, RSA-SHA1, RSA-RIPEMD160,
+DSA-SHA, or DSA-SHA1.
+.sp
+Select the certificate signature encryption/message digest scheme.
+Note that RSA schemes must be used with a RSA sign key and DSA
+schemes must be used with a DSA sign key. The default without
+this option is RSA-MD5.
+.TP
+.NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]cipher\f[], \f\*[B-Font]\-\-cipher\f[]=\f\*[I-Font]cipher\f[]
+privatekey cipher.
+.sp
+Select the cipher which is used to encrypt the files containing
+private keys. The default is three-key triple DES in CBC mode,
+equivalent to "\fB-C des-ede3-cbc\fP". The openssl tool lists ciphers
+available in "\fBopenssl \-h\fP" output.
+.TP
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
+Increase debug verbosity level.
+This option may appear an unlimited number of times.
+.sp
+.TP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
+Set the debug verbosity level.
+This option may appear an unlimited number of times.
+This option takes an integer number as its argument.
+.sp
+.TP
+.NOP \f\*[B-Font]\-e\f[], \f\*[B-Font]\-\-id\-key\f[]
+Write IFF or GQ identity keys.
+.sp
+Write the public parameters from the IFF or GQ client keys to
+the standard output.
+This is intended for automatic key distribution by email.
+.TP
+.NOP \f\*[B-Font]\-G\f[], \f\*[B-Font]\-\-gq\-params\f[]
+Generate GQ parameters and keys.
+.sp
+Generate parameters and keys for the GQ identification scheme,
+obsoleting any that may exist.
+.TP
+.NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-host\-key\f[]
+generate RSA host key.
+.sp
+Generate new host keys, obsoleting any that may exist.
+.TP
+.NOP \f\*[B-Font]\-I\f[], \f\*[B-Font]\-\-iffkey\f[]
+generate IFF parameters.
+.sp
+Generate parameters for the IFF identification scheme, obsoleting
+any that may exist.
+.TP
+.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[], \f\*[B-Font]\-\-ident\f[]=\f\*[I-Font]group\f[]
+set Autokey group name.
+.sp
+Set the optional Autokey group name to name. This is used in
+the file name of IFF, GQ, and MV client parameters files. In
+that role, the default is the host name if this option is not
+provided. The group name, if specified using \fB-i/--ident\fP or
+using \fB-s/--subject-name\fP following an '\fB@@\fP' character,
+is also a part of the self-signed host certificate subject and
+issuer names in the form \fBhost@@group\fP and should match the
+'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in the
+\fBntpd\fP configuration file.
+.TP
+.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]lifetime\f[], \f\*[B-Font]\-\-lifetime\f[]=\f\*[I-Font]lifetime\f[]
+set certificate lifetime.
+This option takes an integer number as its argument.
+.sp
+Set the certificate expiration to lifetime days from now.
+.TP
+.NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]modulus\f[], \f\*[B-Font]\-\-modulus\f[]=\f\*[I-Font]modulus\f[]
+prime modulus.
+This option takes an integer number as its argument.
+The value of
+\f\*[I-Font]modulus\f[]
+is constrained to being:
+.in +4
+.nf
+.na
+in the range 256 through 2048
+.fi
+.in -4
+.sp
+The number of bits in the prime modulus. The default is 512.
+.TP
+.NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-md5key\f[]
+generate symmetric keys.
+.sp
+Generate symmetric keys, obsoleting any that may exist.
+.TP
+.NOP \f\*[B-Font]\-P\f[], \f\*[B-Font]\-\-pvt\-cert\f[]
+generate PC private certificate.
+.sp
+Generate a private certificate. By default, the program generates
+public certificates.
+.TP
+.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-password\f[]=\f\*[I-Font]passwd\f[]
+local private password.
+.sp
+Local files containing private data are encrypted with the
+DES-CBC algorithm and the specified password. The same password
+must be specified to the local ntpd via the "crypto pw password"
+configuration command. The default password is the local
+hostname.
+.TP
+.NOP \f\*[B-Font]\-q\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-export\-passwd\f[]=\f\*[I-Font]passwd\f[]
+export IFF or GQ group keys with password.
+.sp
+Export IFF or GQ identity group keys to the standard output,
+encrypted with the DES-CBC algorithm and the specified password.
+The same password must be specified to the remote ntpd via the
+"crypto pw password" configuration command. See also the option
+--id-key (-e) for unencrypted exports.
+.TP
+.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]host@group\f[], \f\*[B-Font]\-\-subject\-name\f[]=\f\*[I-Font]host@group\f[]
+set host and optionally group name.
+.sp
+Set the Autokey host name, and optionally, group name specified
+following an '\fB@@\fP' character. The host name is used in the file
+name of generated host and signing certificates, without the
+group name. The host name, and if provided, group name are used
+in \fBhost@@group\fP form for the host certificate subject and issuer
+fields. Specifying '\fB-s @@group\fP' is allowed, and results in
+leaving the host name unchanged while appending \fB@@group\fP to the
+subject and issuer fields, as with \fB-i group\fP. The group name, or
+if not provided, the host name are also used in the file names
+of IFF, GQ, and MV client parameter files.
+.TP
+.NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]sign\f[], \f\*[B-Font]\-\-sign\-key\f[]=\f\*[I-Font]sign\f[]
+generate sign key (RSA or DSA).
+.sp
+Generate a new sign key of the designated type, obsoleting any
+that may exist. By default, the program uses the host key as the
+sign key.
+.TP
+.NOP \f\*[B-Font]\-T\f[], \f\*[B-Font]\-\-trusted\-cert\f[]
+trusted certificate (TC scheme).
+.sp
+Generate a trusted certificate. By default, the program generates
+a non-trusted certificate.
+.TP
+.NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-params\f[]=\f\*[I-Font]num\f[]
+generate <num> MV parameters.
+This option takes an integer number as its argument.
+.sp
+Generate parameters and keys for the Mu-Varadharajan (MV)
+identification scheme.
+.TP
+.NOP \f\*[B-Font]\-v\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-keys\f[]=\f\*[I-Font]num\f[]
+update <num> MV keys.
+This option takes an integer number as its argument.
+.sp
+This option has not been fully documented.
+.TP
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
+Display usage information and exit.
+.TP
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
+Pass the extended usage information through a pager.
+.TP
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
+Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
+configuration file listed in the \fBOPTION PRESETS\fP section, below.
+The command will exit after updating the config file.
+.TP
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
+Load options from \fIcfgfile\fP.
+The \fIno-load-opts\fP form will disable the loading
+of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
+out of order.
+.TP
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
+Output version of program and exit. The default mode is `v', a simple
+version. The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.PP
+.SH "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from configuration ("RC" or ".INI") file(s) and values from
+environment variables named:
+.nf
+ \fBNTP_KEYGEN_<option-name>\fP or \fBNTP_KEYGEN\fP
+.fi
+.ad
+The environmental presets take precedence (are processed later than)
+the configuration files.
+The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
+If any of these are directories, then the file \fI.ntprc\fP
+is searched for within those directories.
+.SH USAGE
+.SH "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
+.SH "FILES"
+See \fBOPTION PRESETS\fP for configuration files.
+.SH "EXIT STATUS"
+One of the following exit values will be returned:
+.TP
+.NOP 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.TP
+.NOP 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.TP
+.NOP 66 " (EX_NOINPUT)"
+A specified configuration file could not be loaded.
+.TP
+.NOP 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
+.SH "AUTHORS"
+The University of Delaware and Network Time Foundation
+.SH "COPYRIGHT"
+Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.SH BUGS
+It can take quite a while to generate some cryptographic values.
+.sp \n(Ppu
+.ne 2
+
+Please report bugs to http://bugs.ntp.org .
+.sp \n(Ppu
+.ne 2
+
+Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org
+.SH NOTES
+Portions of this document came from FreeBSD.
+.sp \n(Ppu
+.ne 2
+
+This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP
+option definitions.
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-20 09:11:15 +0000