1@node ntp-keygen Invocation
2@section Invoking ntp-keygen
3@pindex ntp-keygen
4@cindex Create a NTP host key
5@ignore
6# 
7# EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.texi)
8# 
9# It has been AutoGen-ed  December 10, 2009 at 05:08:36 AM by AutoGen 5.10
10# From the definitions    ntp-keygen-opts.def
11# and the template file   aginfo.tpl
12@end ignore
13This program has no explanation.
14
15If there is no new host key, look for an existing one.
16If one is not found, create it.
17
18This section was generated by @strong{AutoGen},
19the aginfo template and the option descriptions for the @command{ntp-keygen} program.  It documents the ntp-keygen usage text and option meanings.
20
21This software is released under a specialized copyright license.
22
23@menu
24* ntp-keygen usage::                  ntp-keygen usage help (-?)
25* ntp-keygen certificate::            certificate option (-c)
26* ntp-keygen debug-level::            debug-level option (-d)
27* ntp-keygen get-pvt-passwd::         get-pvt-passwd option (-q)
28* ntp-keygen gq-params::              gq-params option (-G)
29* ntp-keygen host-key::               host-key option (-H)
30* ntp-keygen id-key::                 id-key option (-e)
31* ntp-keygen iffkey::                 iffkey option (-I)
32* ntp-keygen issuer-name::            issuer-name option (-i)
33* ntp-keygen md5key::                 md5key option (-M)
34* ntp-keygen modulus::                modulus option (-m)
35* ntp-keygen mv-keys::                mv-keys option (-v)
36* ntp-keygen mv-params::              mv-params option (-V)
37* ntp-keygen pvt-cert::               pvt-cert option (-P)
38* ntp-keygen pvt-passwd::             pvt-passwd option (-p)
39* ntp-keygen set-debug-level::        set-debug-level option (-D)
40* ntp-keygen sign-key::               sign-key option (-S)
41* ntp-keygen subject-name::           subject-name option (-s)
42* ntp-keygen trusted-cert::           trusted-cert option (-T)
43@end menu
44
45@node ntp-keygen usage
46@subsection ntp-keygen usage help (-?)
47@cindex ntp-keygen usage
48
49This is the automatically generated usage text for ntp-keygen:
50
51@exampleindent 0
52@example
53Using OpenSSL version 90704f
54ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.6
55USAGE:  ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
56  Flg Arg Option-Name    Description
57   -c Str certificate    certificate scheme
58   -d no  debug-level    Increase output debug message level
59                                - may appear multiple times
60   -D Str set-debug-level Set the output debug message level
61                                - may appear multiple times
62   -e no  id-key         Write IFF or GQ identity keys
63   -G no  gq-params      Generate GQ parameters and keys
64   -H no  host-key       generate RSA host key
65   -I no  iffkey         generate IFF parameters
66   -i Str issuer-name    set issuer name
67   -M no  md5key         generate MD5 keys
68   -m Num modulus        modulus
69                                - it must be:  256 to 2048
70   -P no  pvt-cert       generate PC private certificate
71   -p Str pvt-passwd     output private password
72   -q Str get-pvt-passwd input private password
73   -S Str sign-key       generate sign key (RSA or DSA)
74   -s Str subject-name   set subject name
75   -T no  trusted-cert   trusted certificate (TC scheme)
76   -V Num mv-params      generate <num> MV parameters
77   -v Num mv-keys        update <num> MV keys
78      opt version        Output version information and exit
79   -? no  help           Display extended usage information and exit
80   -! no  more-help      Extended usage information passed thru pager
81   -> opt save-opts      Save the option state to a config file
82   -< Str load-opts      Load options from a config file
83                                - disabled as --no-load-opts
84                                - may appear multiple times
85
86Options are specified by doubled hyphens and their name
87or by a single hyphen and the flag character.
88
89The following option preset mechanisms are supported:
90 - reading file /users/stenn/.ntprc
91 - reading file /deacon/backroom/snaps/ntp-stable/util/.ntprc
92 - examining environment variables named NTP_KEYGEN_*
93
94If there is no new host key, look for an existing one.
95If one is not found, create it.
96
97please send bug reports to:  http://bugs.ntp.org, bugs@@ntp.org
98@end example
99@exampleindent 4
100
101@node ntp-keygen certificate
102@subsection certificate option (-c)
103@cindex ntp-keygen-certificate
104
105This is the ``certificate scheme'' option.
106
107This option has some usage constraints.  It:
108@itemize @bullet
109@item
110must be compiled in by defining @code{OPENSSL} during the compilation.
111@end itemize
112
113scheme is one of
114RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160,
115DSA-SHA, or DSA-SHA1.
116
117Select the certificate message digest/signature encryption scheme.
118Note that RSA schemes must be used with a RSA sign key and DSA
119schemes must be used with a DSA sign key.  The default without
120this option is RSA-MD5.
121
122@node ntp-keygen debug-level
123@subsection debug-level option (-d)
124@cindex ntp-keygen-debug-level
125
126This is the ``increase output debug message level'' option.
127
128This option has some usage constraints.  It:
129@itemize @bullet
130@item
131may appear an unlimited number of times.
132@end itemize
133
134Increase the debugging message output level.
135
136@node ntp-keygen set-debug-level
137@subsection set-debug-level option (-D)
138@cindex ntp-keygen-set-debug-level
139
140This is the ``set the output debug message level'' option.
141
142This option has some usage constraints.  It:
143@itemize @bullet
144@item
145may appear an unlimited number of times.
146@end itemize
147
148Set the output debugging level.  Can be supplied multiple times,
149but each overrides the previous value(s).
150
151@node ntp-keygen id-key
152@subsection id-key option (-e)
153@cindex ntp-keygen-id-key
154
155This is the ``write iff or gq identity keys'' option.
156
157This option has some usage constraints.  It:
158@itemize @bullet
159@item
160must be compiled in by defining @code{OPENSSL} during the compilation.
161@end itemize
162
163Write the IFF or GQ client keys to the standard output.  This is
164intended for automatic key distribution by mail.
165
166@node ntp-keygen gq-params
167@subsection gq-params option (-G)
168@cindex ntp-keygen-gq-params
169
170This is the ``generate gq parameters and keys'' option.
171
172This option has some usage constraints.  It:
173@itemize @bullet
174@item
175must be compiled in by defining @code{OPENSSL} during the compilation.
176@end itemize
177
178Generate parameters and keys for the GQ identification scheme,
179obsoleting any that may exist.
180
181@node ntp-keygen host-key
182@subsection host-key option (-H)
183@cindex ntp-keygen-host-key
184
185This is the ``generate rsa host key'' option.
186
187This option has some usage constraints.  It:
188@itemize @bullet
189@item
190must be compiled in by defining @code{OPENSSL} during the compilation.
191@end itemize
192
193Generate new host keys, obsoleting any that may exist.
194
195@node ntp-keygen iffkey
196@subsection iffkey option (-I)
197@cindex ntp-keygen-iffkey
198
199This is the ``generate iff parameters'' option.
200
201This option has some usage constraints.  It:
202@itemize @bullet
203@item
204must be compiled in by defining @code{OPENSSL} during the compilation.
205@end itemize
206
207Generate parameters for the IFF identification scheme, obsoleting
208any that may exist.
209
210@node ntp-keygen issuer-name
211@subsection issuer-name option (-i)
212@cindex ntp-keygen-issuer-name
213
214This is the ``set issuer name'' option.
215
216This option has some usage constraints.  It:
217@itemize @bullet
218@item
219must be compiled in by defining @code{OPENSSL} during the compilation.
220@end itemize
221
222Set the suject name to name.  This is used as the subject field
223in certificates and in the file name for host and sign keys.
224
225@node ntp-keygen md5key
226@subsection md5key option (-M)
227@cindex ntp-keygen-md5key
228
229This is the ``generate md5 keys'' option.
230Generate MD5 keys, obsoleting any that may exist.
231
232@node ntp-keygen modulus
233@subsection modulus option (-m)
234@cindex ntp-keygen-modulus
235
236This is the ``modulus'' option.
237
238This option has some usage constraints.  It:
239@itemize @bullet
240@item
241must be compiled in by defining @code{OPENSSL} during the compilation.
242@end itemize
243
244The number of bits in the prime modulus.  The default is 512.
245
246@node ntp-keygen pvt-cert
247@subsection pvt-cert option (-P)
248@cindex ntp-keygen-pvt-cert
249
250This is the ``generate pc private certificate'' option.
251
252This option has some usage constraints.  It:
253@itemize @bullet
254@item
255must be compiled in by defining @code{OPENSSL} during the compilation.
256@end itemize
257
258Generate a private certificate.  By default, the program generates
259public certificates.
260
261@node ntp-keygen pvt-passwd
262@subsection pvt-passwd option (-p)
263@cindex ntp-keygen-pvt-passwd
264
265This is the ``output private password'' option.
266
267This option has some usage constraints.  It:
268@itemize @bullet
269@item
270must be compiled in by defining @code{OPENSSL} during the compilation.
271@end itemize
272
273Encrypt generated files containing private data with the specified
274password and the DES-CBC algorithm.
275
276@node ntp-keygen get-pvt-passwd
277@subsection get-pvt-passwd option (-q)
278@cindex ntp-keygen-get-pvt-passwd
279
280This is the ``input private password'' option.
281
282This option has some usage constraints.  It:
283@itemize @bullet
284@item
285must be compiled in by defining @code{OPENSSL} during the compilation.
286@end itemize
287
288Set the password for reading files to the specified password.
289
290@node ntp-keygen sign-key
291@subsection sign-key option (-S)
292@cindex ntp-keygen-sign-key
293
294This is the ``generate sign key (rsa or dsa)'' option.
295
296This option has some usage constraints.  It:
297@itemize @bullet
298@item
299must be compiled in by defining @code{OPENSSL} during the compilation.
300@end itemize
301
302Generate a new sign key of the designated type, obsoleting any
303that may exist.  By default, the program uses the host key as the
304sign key.
305
306@node ntp-keygen subject-name
307@subsection subject-name option (-s)
308@cindex ntp-keygen-subject-name
309
310This is the ``set subject name'' option.
311
312This option has some usage constraints.  It:
313@itemize @bullet
314@item
315must be compiled in by defining @code{OPENSSL} during the compilation.
316@end itemize
317
318Set the issuer name to name.  This is used for the issuer field
319in certificates and in the file name for identity files.
320
321@node ntp-keygen trusted-cert
322@subsection trusted-cert option (-T)
323@cindex ntp-keygen-trusted-cert
324
325This is the ``trusted certificate (tc scheme)'' option.
326
327This option has some usage constraints.  It:
328@itemize @bullet
329@item
330must be compiled in by defining @code{OPENSSL} during the compilation.
331@end itemize
332
333Generate a trusted certificate.  By default, the program generates
334a non-trusted certificate.
335
336@node ntp-keygen mv-params
337@subsection mv-params option (-V)
338@cindex ntp-keygen-mv-params
339
340This is the ``generate <num> mv parameters'' option.
341
342This option has some usage constraints.  It:
343@itemize @bullet
344@item
345must be compiled in by defining @code{OPENSSL} during the compilation.
346@end itemize
347
348Generate parameters and keys for the Mu-Varadharajan (MV)
349identification scheme.
350
351@node ntp-keygen mv-keys
352@subsection mv-keys option (-v)
353@cindex ntp-keygen-mv-keys
354
355This is the ``update <num> mv keys'' option.
356
357This option has some usage constraints.  It:
358@itemize @bullet
359@item
360must be compiled in by defining @code{OPENSSL} during the compilation.
361@end itemize
362
363This option has no @samp{doc} documentation.
364