1@node ntp-keygen Invocation 2@section Invoking ntp-keygen 3@pindex ntp-keygen 4@cindex Create a NTP host key 5@ignore 6# 7# EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.texi) 8# 9# It has been AutoGen-ed December 10, 2009 at 05:08:36 AM by AutoGen 5.10 10# From the definitions ntp-keygen-opts.def 11# and the template file aginfo.tpl 12@end ignore 13This program has no explanation. 14 15If there is no new host key, look for an existing one. 16If one is not found, create it. 17 18This section was generated by @strong{AutoGen}, 19the aginfo template and the option descriptions for the @command{ntp-keygen} program. It documents the ntp-keygen usage text and option meanings. 20 21This software is released under a specialized copyright license. 22 23@menu 24* ntp-keygen usage:: ntp-keygen usage help (-?) 25* ntp-keygen certificate:: certificate option (-c) 26* ntp-keygen debug-level:: debug-level option (-d) 27* ntp-keygen get-pvt-passwd:: get-pvt-passwd option (-q) 28* ntp-keygen gq-params:: gq-params option (-G) 29* ntp-keygen host-key:: host-key option (-H) 30* ntp-keygen id-key:: id-key option (-e) 31* ntp-keygen iffkey:: iffkey option (-I) 32* ntp-keygen issuer-name:: issuer-name option (-i) 33* ntp-keygen md5key:: md5key option (-M) 34* ntp-keygen modulus:: modulus option (-m) 35* ntp-keygen mv-keys:: mv-keys option (-v) 36* ntp-keygen mv-params:: mv-params option (-V) 37* ntp-keygen pvt-cert:: pvt-cert option (-P) 38* ntp-keygen pvt-passwd:: pvt-passwd option (-p) 39* ntp-keygen set-debug-level:: set-debug-level option (-D) 40* ntp-keygen sign-key:: sign-key option (-S) 41* ntp-keygen subject-name:: subject-name option (-s) 42* ntp-keygen trusted-cert:: trusted-cert option (-T) 43@end menu 44 45@node ntp-keygen usage 46@subsection ntp-keygen usage help (-?) 47@cindex ntp-keygen usage 48 49This is the automatically generated usage text for ntp-keygen: 50 51@exampleindent 0 52@example 53Using OpenSSL version 90704f 54ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.6 55USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... 56 Flg Arg Option-Name Description 57 -c Str certificate certificate scheme 58 -d no debug-level Increase output debug message level 59 - may appear multiple times 60 -D Str set-debug-level Set the output debug message level 61 - may appear multiple times 62 -e no id-key Write IFF or GQ identity keys 63 -G no gq-params Generate GQ parameters and keys 64 -H no host-key generate RSA host key 65 -I no iffkey generate IFF parameters 66 -i Str issuer-name set issuer name 67 -M no md5key generate MD5 keys 68 -m Num modulus modulus 69 - it must be: 256 to 2048 70 -P no pvt-cert generate PC private certificate 71 -p Str pvt-passwd output private password 72 -q Str get-pvt-passwd input private password 73 -S Str sign-key generate sign key (RSA or DSA) 74 -s Str subject-name set subject name 75 -T no trusted-cert trusted certificate (TC scheme) 76 -V Num mv-params generate <num> MV parameters 77 -v Num mv-keys update <num> MV keys 78 opt version Output version information and exit 79 -? no help Display extended usage information and exit 80 -! no more-help Extended usage information passed thru pager 81 -> opt save-opts Save the option state to a config file 82 -< Str load-opts Load options from a config file 83 - disabled as --no-load-opts 84 - may appear multiple times 85 86Options are specified by doubled hyphens and their name 87or by a single hyphen and the flag character. 88 89The following option preset mechanisms are supported: 90 - reading file /users/stenn/.ntprc 91 - reading file /deacon/backroom/snaps/ntp-stable/util/.ntprc 92 - examining environment variables named NTP_KEYGEN_* 93 94If there is no new host key, look for an existing one. 95If one is not found, create it. 96 97please send bug reports to: http://bugs.ntp.org, bugs@@ntp.org 98@end example 99@exampleindent 4 100 101@node ntp-keygen certificate 102@subsection certificate option (-c) 103@cindex ntp-keygen-certificate 104 105This is the ``certificate scheme'' option. 106 107This option has some usage constraints. It: 108@itemize @bullet 109@item 110must be compiled in by defining @code{OPENSSL} during the compilation. 111@end itemize 112 113scheme is one of 114RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160, 115DSA-SHA, or DSA-SHA1. 116 117Select the certificate message digest/signature encryption scheme. 118Note that RSA schemes must be used with a RSA sign key and DSA 119schemes must be used with a DSA sign key. The default without 120this option is RSA-MD5. 121 122@node ntp-keygen debug-level 123@subsection debug-level option (-d) 124@cindex ntp-keygen-debug-level 125 126This is the ``increase output debug message level'' option. 127 128This option has some usage constraints. It: 129@itemize @bullet 130@item 131may appear an unlimited number of times. 132@end itemize 133 134Increase the debugging message output level. 135 136@node ntp-keygen set-debug-level 137@subsection set-debug-level option (-D) 138@cindex ntp-keygen-set-debug-level 139 140This is the ``set the output debug message level'' option. 141 142This option has some usage constraints. It: 143@itemize @bullet 144@item 145may appear an unlimited number of times. 146@end itemize 147 148Set the output debugging level. Can be supplied multiple times, 149but each overrides the previous value(s). 150 151@node ntp-keygen id-key 152@subsection id-key option (-e) 153@cindex ntp-keygen-id-key 154 155This is the ``write iff or gq identity keys'' option. 156 157This option has some usage constraints. It: 158@itemize @bullet 159@item 160must be compiled in by defining @code{OPENSSL} during the compilation. 161@end itemize 162 163Write the IFF or GQ client keys to the standard output. This is 164intended for automatic key distribution by mail. 165 166@node ntp-keygen gq-params 167@subsection gq-params option (-G) 168@cindex ntp-keygen-gq-params 169 170This is the ``generate gq parameters and keys'' option. 171 172This option has some usage constraints. It: 173@itemize @bullet 174@item 175must be compiled in by defining @code{OPENSSL} during the compilation. 176@end itemize 177 178Generate parameters and keys for the GQ identification scheme, 179obsoleting any that may exist. 180 181@node ntp-keygen host-key 182@subsection host-key option (-H) 183@cindex ntp-keygen-host-key 184 185This is the ``generate rsa host key'' option. 186 187This option has some usage constraints. It: 188@itemize @bullet 189@item 190must be compiled in by defining @code{OPENSSL} during the compilation. 191@end itemize 192 193Generate new host keys, obsoleting any that may exist. 194 195@node ntp-keygen iffkey 196@subsection iffkey option (-I) 197@cindex ntp-keygen-iffkey 198 199This is the ``generate iff parameters'' option. 200 201This option has some usage constraints. It: 202@itemize @bullet 203@item 204must be compiled in by defining @code{OPENSSL} during the compilation. 205@end itemize 206 207Generate parameters for the IFF identification scheme, obsoleting 208any that may exist. 209 210@node ntp-keygen issuer-name 211@subsection issuer-name option (-i) 212@cindex ntp-keygen-issuer-name 213 214This is the ``set issuer name'' option. 215 216This option has some usage constraints. It: 217@itemize @bullet 218@item 219must be compiled in by defining @code{OPENSSL} during the compilation. 220@end itemize 221 222Set the suject name to name. This is used as the subject field 223in certificates and in the file name for host and sign keys. 224 225@node ntp-keygen md5key 226@subsection md5key option (-M) 227@cindex ntp-keygen-md5key 228 229This is the ``generate md5 keys'' option. 230Generate MD5 keys, obsoleting any that may exist. 231 232@node ntp-keygen modulus 233@subsection modulus option (-m) 234@cindex ntp-keygen-modulus 235 236This is the ``modulus'' option. 237 238This option has some usage constraints. It: 239@itemize @bullet 240@item 241must be compiled in by defining @code{OPENSSL} during the compilation. 242@end itemize 243 244The number of bits in the prime modulus. The default is 512. 245 246@node ntp-keygen pvt-cert 247@subsection pvt-cert option (-P) 248@cindex ntp-keygen-pvt-cert 249 250This is the ``generate pc private certificate'' option. 251 252This option has some usage constraints. It: 253@itemize @bullet 254@item 255must be compiled in by defining @code{OPENSSL} during the compilation. 256@end itemize 257 258Generate a private certificate. By default, the program generates 259public certificates. 260 261@node ntp-keygen pvt-passwd 262@subsection pvt-passwd option (-p) 263@cindex ntp-keygen-pvt-passwd 264 265This is the ``output private password'' option. 266 267This option has some usage constraints. It: 268@itemize @bullet 269@item 270must be compiled in by defining @code{OPENSSL} during the compilation. 271@end itemize 272 273Encrypt generated files containing private data with the specified 274password and the DES-CBC algorithm. 275 276@node ntp-keygen get-pvt-passwd 277@subsection get-pvt-passwd option (-q) 278@cindex ntp-keygen-get-pvt-passwd 279 280This is the ``input private password'' option. 281 282This option has some usage constraints. It: 283@itemize @bullet 284@item 285must be compiled in by defining @code{OPENSSL} during the compilation. 286@end itemize 287 288Set the password for reading files to the specified password. 289 290@node ntp-keygen sign-key 291@subsection sign-key option (-S) 292@cindex ntp-keygen-sign-key 293 294This is the ``generate sign key (rsa or dsa)'' option. 295 296This option has some usage constraints. It: 297@itemize @bullet 298@item 299must be compiled in by defining @code{OPENSSL} during the compilation. 300@end itemize 301 302Generate a new sign key of the designated type, obsoleting any 303that may exist. By default, the program uses the host key as the 304sign key. 305 306@node ntp-keygen subject-name 307@subsection subject-name option (-s) 308@cindex ntp-keygen-subject-name 309 310This is the ``set subject name'' option. 311 312This option has some usage constraints. It: 313@itemize @bullet 314@item 315must be compiled in by defining @code{OPENSSL} during the compilation. 316@end itemize 317 318Set the issuer name to name. This is used for the issuer field 319in certificates and in the file name for identity files. 320 321@node ntp-keygen trusted-cert 322@subsection trusted-cert option (-T) 323@cindex ntp-keygen-trusted-cert 324 325This is the ``trusted certificate (tc scheme)'' option. 326 327This option has some usage constraints. It: 328@itemize @bullet 329@item 330must be compiled in by defining @code{OPENSSL} during the compilation. 331@end itemize 332 333Generate a trusted certificate. By default, the program generates 334a non-trusted certificate. 335 336@node ntp-keygen mv-params 337@subsection mv-params option (-V) 338@cindex ntp-keygen-mv-params 339 340This is the ``generate <num> mv parameters'' option. 341 342This option has some usage constraints. It: 343@itemize @bullet 344@item 345must be compiled in by defining @code{OPENSSL} during the compilation. 346@end itemize 347 348Generate parameters and keys for the Mu-Varadharajan (MV) 349identification scheme. 350 351@node ntp-keygen mv-keys 352@subsection mv-keys option (-v) 353@cindex ntp-keygen-mv-keys 354 355This is the ``update <num> mv keys'' option. 356 357This option has some usage constraints. It: 358@itemize @bullet 359@item 360must be compiled in by defining @code{OPENSSL} during the compilation. 361@end itemize 362 363This option has no @samp{doc} documentation. 364