ntp.keys.html revision 330141
184533Syar<html lang="en"> 284533Syar<head> 384533Syar<title>NTP Symmetric Key</title> 484533Syar<meta http-equiv="Content-Type" content="text/html"> 584533Syar<meta name="description" content="NTP Symmetric Key"> 684533Syar<meta name="generator" content="makeinfo 4.7"> 784533Syar<link title="Top" rel="top" href="#Top"> 884533Syar<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage"> 984533Syar<meta http-equiv="Content-Style-Type" content="text/css"> 1084533Syar<style type="text/css"><!-- 1184533Syar pre.display { font-family:inherit } 1284533Syar pre.format { font-family:inherit } 1384533Syar pre.smalldisplay { font-family:inherit; font-size:smaller } 1484533Syar pre.smallformat { font-family:inherit; font-size:smaller } 1584533Syar pre.smallexample { font-size:smaller } 1684533Syar pre.smalllisp { font-size:smaller } 1784533Syar span.sc { font-variant:small-caps } 1884533Syar span.roman { font-family: serif; font-weight: normal; } 1984533Syar--></style> 2084533Syar</head> 2184533Syar<body> 2284533Syar<h1 class="settitle">NTP Symmetric Key</h1> 2384533Syar<div class="node"> 2484533Syar<p><hr> 2584533Syar<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-Description">ntp.keys Description</a>, 2684533SyarPrevious: <a rel="previous" accesskey="p" href="#dir">(dir)</a>, 27174018SremkoUp: <a rel="up" accesskey="u" href="#dir">(dir)</a> 2884533Syar<br> 2984533Syar</div> 3084533Syar 3184533Syar<h2 class="unnumbered">NTP's Symmetric Key File User Manual</h2> 3284533Syar 3384533Syar<p>This document describes the symmetric key file for the NTP Project's 3484533Syar<code>ntpd</code> program. 3584533Syar 3684533Syar <p>This document applies to version 4.2.8p11 of <code>ntp.keys</code>. 3784533Syar 3884533Syar <div class="shortcontents"> 3984533Syar<h2>Short Contents</h2> 40153574Sbrueffer<ul> 41153574Sbrueffer<a href="#Top">NTP's Symmetric Key File User Manual</a> 42153574Sbrueffer</ul> 43153574Sbrueffer</div> 44153574Sbrueffer 45153574Sbrueffer<ul class="menu"> 46153574Sbrueffer<li><a accesskey="1" href="#ntp_002ekeys-Description">ntp.keys Description</a> 47153574Sbrueffer<li><a accesskey="2" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 48153574Sbrueffer</ul> 49153574Sbrueffer 50153574Sbrueffer<div class="node"> 51174018Sremko<p><hr> 52153574Sbrueffer<a name="ntp_002ekeys-Description"></a>Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>, 53155774SbruefferUp: <a rel="up" accesskey="u" href="#Top">Top</a> 54153574Sbrueffer<br> 55153574Sbrueffer</div> 56153574Sbrueffer 57153574Sbrueffer<!-- node-name, next, previous, up --> 58153574Sbrueffer<h3 class="section">Description</h3> 59153574Sbrueffer 6084533Syar<p>The name and location of the symmetric key file for <code>ntpd</code> can 6184533Syarbe specified in a configuration file, by default <code>/etc/ntp.keys</code>. 6284533Syar 6384533Syar<div class="node"> 6484533Syar<p><hr> 65153574Sbrueffer<a name="ntp_002ekeys-Notes"></a> 6684533Syar<br> 67114959Shmp</div> 68114959Shmp 69114959Shmp<h3 class="section">Notes about ntp.keys</h3> 70114959Shmp 71114959Shmp<p><a name="index-ntp_002ekeys-1"></a><a name="index-NTP-symmetric-key-file-format-2"></a> 72114959Shmp 73119893Sru <p>This document describes the format of an NTP symmetric key file. 74115186SruFor a description of the use of this type of file, see the 75115186Sru"Authentication Support" 76114959Shmpsection of the 77114959Shmp<code>ntp.conf(5)</code> 78114959Shmppage. 79114959Shmp 80114959Shmp <p><code>ntpd(8)</code> 81114959Shmpreads its keys from a file specified using the 82114959Shmp<code>-k</code> 83231564Sedcommand line option or the 84231564Sed<code>keys</code> 85114959Shmpstatement in the configuration file. 86114959ShmpWhile key number 0 is fixed by the NTP standard 87114959Shmp(as 56 zero bits) 88114959Shmpand may not be changed, 89114959Shmpone or more keys numbered between 1 and 65534 90114959Shmpmay be arbitrarily set in the keys file. 91114959Shmp 92115186Sru <p>The key file uses the same comment conventions 93114959Shmpas the configuration file. 94114959ShmpKey entries use a fixed format of the form 95114959Shmp 96114959Shmp<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd> 97115186Sru</pre> 98114959Shmp <p>where 99114959Shmp<kbd>keyno</kbd> 100114959Shmpis a positive integer (between 1 and 65534), 101115186Sru<kbd>type</kbd> 102114959Shmpis the message digest algorithm, 103114959Shmp<kbd>key</kbd> 104114959Shmpis the key itself, and 105114959Shmp<kbd>opt_IP_list</kbd> 106114959Shmpis an optional comma-separated list of IPs 107114959Shmpwhere the 108231564Sed<kbd>keyno</kbd> 109114959Shmpshould be trusted. 110114959Shmpthat are allowed to serve time. 111114959ShmpEach IP in 112114959Shmp<kbd>opt_IP_list</kbd> 113119893Srumay contain an optional 114115186Sru<code>/subnetbits</code> 115114959Shmpspecification which identifies the number of bits for 116114959Shmpthe desired subnet of trust. 117114959ShmpIf 118114959Shmp<kbd>opt_IP_list</kbd> 119114959Shmpis empty, 120114959Shmpany properly-authenticated message will be 121114959Shmpaccepted. 122114959Shmp 123231564Sed <p>The 124231564Sed<kbd>key</kbd> 125115186Srumay be given in a format 126114959Shmpcontrolled by the 127114959Shmp<kbd>type</kbd> 128114959Shmpfield. 129114959ShmpThe 130114959Shmp<kbd>type</kbd> 131114959Shmp<code>MD5</code> 132115186Sruis always supported. 133114959ShmpIf 134115186Sru<code>ntpd</code> 135114959Shmpwas built with the OpenSSL library 136114959Shmpthen any digest library supported by that library may be specified. 137114959ShmpHowever, if compliance with FIPS 140-2 is required the 138114959Shmp<kbd>type</kbd> 139114959Shmpmust be either 140114959Shmp<code>SHA</code> 141114959Shmpor 142114959Shmp<code>SHA1</code>. 143114959Shmp 144114959Shmp <p>What follows are some key types, and corresponding formats: 145114959Shmp 146114959Shmp <dl> 147114959Shmp<dt><code>MD5</code><dd>The key is 1 to 16 printable characters terminated by 148114959Shmpan EOL, 149115186Sruwhitespace, 150115186Sruor 151115186Srua 152114959Shmp<code>#</code> 153114959Shmp(which is the "start of comment" character). 154114959Shmp 155114959Shmp <br><dt><code>SHA</code><br><dt><code>SHA1</code><br><dt><code>RMD160</code><dd>The key is a hex-encoded ASCII string of 40 characters, 156114959Shmpwhich is truncated as necessary. 157115186Sru</dl> 158114959Shmp 159114959Shmp <p>Note that the keys used by the 160114959Shmp<code>ntpq(8)</code> 161114959Shmpand 162231564Sed<code>ntpdc(8)</code> 163114959Shmpprograms are checked against passwords 164114959Shmprequested by the programs and entered by hand, 165115186Sruso it is generally appropriate to specify these keys in ASCII format. 16684533Syar 16784533Syar <p>This section was generated by <strong>AutoGen</strong>, 16884533Syarusing the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program. 16984834SyarThis software is released under the NTP license, <http://ntp.org/license>. 17084533Syar 17184533Syar<ul class="menu"> 172148011Sbrueffer<li><a accesskey="1" href="#ntp_002ekeys-Files">ntp.keys Files</a>: Files 17384533Syar<li><a accesskey="2" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>: See Also 17484533Syar<li><a accesskey="3" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>: Notes 17584533Syar</ul> 17684533Syar 17784533Syar<div class="node"> 178<p><hr> 179<a name="ntp_002ekeys-Files"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>, 180Up: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 181<br> 182</div> 183 184<h4 class="subsection">ntp.keys Files</h4> 185 186 <dl> 187<dt><span class="file">/etc/ntp.keys</span><dd>the default name of the configuration file 188</dl> 189<div class="node"> 190<p><hr> 191<a name="ntp_002ekeys-See-Also"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>, 192Previous: <a rel="previous" accesskey="p" href="#ntp_002ekeys-Files">ntp.keys Files</a>, 193Up: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 194<br> 195</div> 196 197<h4 class="subsection">ntp.keys See Also</h4> 198 199<p><code>ntp.conf(5)</code>, 200<code>ntpd(1ntpdmdoc)</code>, 201<code>ntpdate(1ntpdatemdoc)</code>, 202<code>ntpdc(1ntpdcmdoc)</code>, 203<code>sntp(1sntpmdoc)</code> 204<div class="node"> 205<p><hr> 206<a name="ntp_002ekeys-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>, 207Up: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a> 208<br> 209</div> 210 211<h4 class="subsection">ntp.keys Notes</h4> 212 213<p>This document was derived from FreeBSD. 214 215</body></html> 216 217