1ntp-keygen(8) System Manager's Manual ntp-keygen(8)
2
6 ntp-keygen - generate public and private keys
7
10 ntp-keygen [ -deGHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 |
11 RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i group ] [ -m
12 modulus ] [ -p passwd2 ] [ -q passwd1 ] [ -S [ RSA | DSA ] ] [ -s host
13 ] [ -V nkeys ]
14
17 This program generates cryptographic data files used by the NTPv4
18 authentication and identity schemes. It can generate message digest
19 keys used in symmetric key cryptography and, if the OpenSSL software
20 library has been installed, it can generate host keys, sign keys, cer‐
21 tificates and identity keys used by the Autokey public key cryptogra‐
22 phy. The message digest keys file is generated in a format compatible
23 with NTPv3. All other files are in PEM-encoded printable ASCII format
24 so they can be embedded as MIME attachments in mail to other sites.
25 When used to generate message digest keys, the program produces a file
27 containing ten pseudo-random printable ASCII strings suitable for the
28 MD5 message digest algorithm included in the distribution. If the
29 OpenSSL library is installed, it produces an additional ten hex-encoded
30 random bit strings suitable for the SHA1 and other message digest algo‐
31 rithms. Printable ASCII keys can have length from one to 20 characters,
32 inclusive. Bit string keys have length 20 octets (40 hex characters).
33 All keys are 160 bits in length.
34 The file can be edited later with purpose-chosen passwords for the
36 ntpq and ntpdc programs. Each line of the file contains three fields,
37 first an integer between 1 and 65534, inclusive, representing the key
38 identifier used in the server and peer configuration commands. Next is
39 the key type for the message digest algorithm, which in the absence of
40 the OpenSSL library should be the string MD5 to designate the MD5 mes‐
41 sage digest algorithm. If the OpenSSL library is installed, the key
42 type can be any message digest algorithm supported by that library.
43 However, if compatibility with FIPS 140-2 is required, the key type
44 must be either SHA or SHA1.Finally is the key itself as a printable
45 ASCII string excluding the space and # characters. If not greater than
46 20 characters in length, the string is the key itself; otherwise, it is
47 interpreted as a hex-encoded bit string. As is custom, # and the
48 remaining characters on the line are ignored. Later, this file can be
49 edited to include the passwords for the ntpq and ntpdc utilities. If
50 this is the only need, run ntp-keygen with the -M option and disregard
51 the remainder of this page.
52 The remaining generated files are compatible with other OpenSSL appli‐
54 cations and other Public Key Infrastructure (PKI) resources. Certifi‐
55 cates generated by this program should be compatible with extant indus‐
56 try practice, although some users might find the interpretation of
57 X509v3 extension fields somewhat liberal. However, the identity keys
58 are probably not compatible with anything other than Autokey.
59 Most files used by this program are encrypted using a private password.
61 The -p option specifies the password for local files and the -q option
62 the password for files sent to remote sites. If no local password is
63 specified, the host name returned by the Unix gethostname() function,
64 normally the DNS name of the host, is used. If no remote password is
65 specified, the local password is used.
66 The pw option of the crypto configuration command specifies the read
68 password for previously encrypted files. This must match the local
69 password used by this program. If not specified, the host name is used.
70 Thus, if files are generated by this program without password, they can
71 be read back by ntpd without password, but only on the same host.
72 All files and links are usually installed in the directory
74 /etc/ntp/crypto, which is normally in a shared filesystem in NFS-
75 mounted networks and cannot be changed by shared clients. The location
76 of the keys directory can be changed by the keysdir configuration com‐
77 mand in such cases. Normally, encrypted files for each host are gener‐
78 ated by that host and used only by that host, although exceptions exist
79 as noted later on this page.
80 This program directs commentary and error messages to the standard
82 error stream stderr and remote files to the standard output stream std‐
83 out where they can be piped to other applications or redirected to a
84 file. The names used for generated files and links all begin with the
85 string ntpkey and include the file type, generating host and filestamp,
86 as described in the Cryptographic Data Files section below
87
90 To test and gain experience with Autokey concepts, log in as root and
91 change to the keys directory, usually /etc/ntp/crypto. When run for the
92 first time, or if all files with names beginning ntpkey have been
93 removed, use the ntp-keygen command without arguments to generate a
94 default RSA host key and matching RSA-MD5 certificate with expiration
95 date one year hence. If run again, the program uses the existing keys
96 and parameters and generates only a new certificate with new expiration
97 date one year hence; however, the certificate is not generated if the
98 -e or -q options are present.
99 Run the command on as many hosts as necessary. Designate one of them as
101 the trusted host (TH) using ntp-keygen with the -T option and configure
102 it to synchronize from reliable Internet servers. Then configure the
103 other hosts to synchronize to the TH directly or indirectly. A certifi‐
104 cate trail is created when Autokey asks the immediately ascendant host
105 towards the TH to sign its certificate, which is then provided to the
106 immediately descendant host on request. All group hosts should have
107 acyclic certificate trails ending on the TH.
108 The host key is used to encrypt the cookie when required and so must be
110 RSA type. By default, the host key is also the sign key used to encrypt
111 signatures. A different sign key can be assigned using the -S option
112 and this can be either RSA or DSA type. By default, the signature mes‐
113 sage digest type is MD5, but any combination of sign key type and sign
114 digest type supported by the OpenSSL library can be specified using the
115 -c option. At the moment, legacy considerations require the NTP packet
116 header digest type to be MD5.
117
120 As described on the Authentication Options page, an NTP secure group
121 consists of one or more low-stratum THs as the root from which all
122 other group hosts derive synchronization directly or indirectly. For
123 authentication purposes all hosts in a group must have the same group
124 name specified by the -i option and matching the ident option of the
125 crypto configuration command. The group name is used in the subject and
126 issuer fields of trusted, self-signed certificates and when construct‐
127 ing the file names for identity keys. All hosts must have different
128 host names, either the default host name or as specified by the -s
129 option and matching the host option of the crypto configuration com‐
130 mand. Most installations need not specify the -i option nor the host
131 option. Host names are used in the subject and issuer fields of self-
132 signed, nontrusted certificates and when constructing the file names
133 for host and sign keys and certificates. Host and group names are used
134 only for authentication purposes and have nothing to do with DNS names.
135
138 As described on the Authentication Options page, there are five iden‐
139 tity schemes, three of which - IFF, GQ and MV - require identity keys
140 specific to each scheme. There are two types of files for each scheme,
141 an encrypted keys file and a nonencrypted parameters file, which usu‐
142 ally contains a subset of the keys file. In general, NTP secondary
143 servers operating as certificate signing authorities (CSA) use the keys
144 file and clients use the parameters file. Both files are generated by
145 the TA operating as a certificate authority (CA) on behalf of all
146 servers and clients in the group.
147 The parameters files are public; they can be stored in a public place
149 and sent in the clear. The keys files are encrypted with the local
150 password. To retrieve the keys file, a host can send a mail request to
151 the TA including its local password. The TA encrypts the keys file with
152 this password and returns it as an attachment. The attachment is then
153 copied intact to the keys directory with name given in the first line
154 of the file, but all in lower case and with the filestamp deleted.
155 Alternatively, the parameters file can be retrieved from a secure web
156 site.
157 For example, the TA generates default host key, IFF keys and trusted
159 certificate using the command
160 ntp-keygen -p local_passwd -T -I -igroup_name
162 Each group host generates default host keys and nontrusted certificate
164 use the same command line but omitting the -i option. Once these media
165 have been generated, the TA can then generate the public parameters
166 using the command
167 ntp-keygen -p local_passwd -e >parameters_file
169 where the -e option redirects the unencrypted parameters to the stan‐
171 dard output stream for a mail application or stored locally for later
172 distribution. In a similar fashion the -q option redirects the
173 encrypted server keys to the standard output stream.
174
177 -c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160
178 | DSA-SHA | DSA-SHA1 ]
179 Select certificate and message digest/signature encryption
180 scheme. Note that RSA schemes must be used with a RSA sign key
181 and DSA schemes must be used with a DSA sign key. The default
182 without this option is RSA-MD5. If compatibility with FIPS
183 140-2 is required, either the DSA-SHA or DSA-SHA1 scheme must
184 be used.
185 -d Enable debugging. This option displays the cryptographic data
187 produced for eye-friendly billboards.
188 -e Extract the IFF or GQ public parameters from the IFFkey or
190 GQkey keys file previously specified. Send the unencrypted data
191 to the standard output stream stdout. While the IFF parameters
192 do not reveal the private group key, the GQ parameters should
193 be used with caution, as they include the group key. Use the -q
194 option with password instead. Note: a new certificate is not
195 generated when this option is present. This allows multiple
196 commands with this option but without disturbing existing
197 media.
198 -G Generate a new encrypted GQ key file and link for the Guillou-
200 Quisquater (GQ) identity scheme.
201 -H Generate a new encrypted RSA public/private host key file and
203 link. Note that if the sign key is the same as the host key,
204 generating a new host key invalidates all certificates signed
205 with the old host key.
206 -i group
208 Set the group name to group. This is used in the identity file
209 names. It must match the group name specified in the ident
210 option of the crypto configuration command.
211 -I Generate a new encrypted IFF key file and link for the Schnorr
213 (IFF) identity scheme.
214 -m modulus
216 Set the modulus for generating files to modulus bits. The modu‐
217 lus defaults to 512, but can be set from 256 (32 octets) to
218 2048 (256 octets).
219 -M Generate a new MD5 key file containing 16, 128-bit pseudo-ran‐
221 dom keys for symmetric cryptography..
222 -P Generate a new private certificate used by the PC identity
224 scheme. By default, the program generates public certificates.
225 Note: the PC identity scheme is not recommended for new instal‐
226 lations.
227 -p passwd
229 Set the password for reading and writing encrypted files to
230 passwd. By default, the password is the host name.
231 -q passwd
233 Extract the encrypted IFF or GQ server keys from the IFFkey or
234 GQkey key file previously generated. The data are sent to the
235 standard output stream stdout. Set the password for writing the
236 data, which is also the password to read the data file in
237 another host. By default, the password is the host name. Note:
238 a new certificate is not generated when this option is present.
239 This allows multiple commands with this option but without dis‐
240 turbing existing media.
241 -S [ RSA | DSA ]
243 Generate a new sign key of the specified type. By default, the
244 sign key is the host key and has the same type. If compatibly
245 with FIPS 140-2 is required, the sign key type must be DSA.
246 Note that generating a new sign key invalidates all certifi‐
247 cates signed with the old sign key.
248 -s host Set the host name to host. This is used in the host and sign
250 key file names. It must match the host name specified in the
251 host option of the crypto configuration command.
252 -T Generate a trusted certificate. By default, the program gener‐
254 ates nontrusted certificates.
255 -V nkeys
257 Generate server parameters MV and nkeys client keys for the Mu-
258 Varadharajan (MV) identity scheme. Note: support for this
259 option should be considered a work in progress.
260
263 All cryptographically sound key generation schemes must have means to
264 randomize the entropy seed used to initialize the internal pseudo-ran‐
265 dom number generator used by the OpenSSL library routines. If a site
266 supports ssh, it is very likely that means to do this are already
267 available. The entropy seed used by the OpenSSL library is contained in
268 a file, usually called .rnd, which must be available when starting the
269 ntp-keygen program or ntpd daemon.
270 The OpenSSL library looks for the file using the path specified by the
272 RANDFILE environment variable in the user home directory, whether root
273 or some other user. If the RANDFILE environment variable is not
274 present, the library looks for the .rnd file in the user home direc‐
275 tory. Since both the ntp-keygen program and ntpd daemon must run as
276 root, the logical place to put this file is in /.rnd or /root/.rnd. If
277 the file is not available or cannot be written, the program exits with
278 a message to the system log.
279 On systems that provide /dev/urandom, the randomness device is used
281 instead and the file specified by the randfile subcommand or the RAND‐
282 FILE environment variable is ignored.
283
286 File and link names are in the form ntpkey_key_name.fstamp, where key
287 is the key or parameter type, name is the host or group name and fstamp
288 is the filestamp (NTP seconds) when the file was created). By conven‐
289 tion, key fields in generated file names include both upper and lower
290 case alphanumeric characters, while key fields in generated link names
291 include only lower case characters. The filestamp is not used in gener‐
292 ated link names.
293 The key type is a string defining the cryptographic function. Key types
295 include public/private keys host and sign, certificate cert and several
296 challenge/response key types. By convention, files used for challenges
297 have a par subtype, as in the IFF challenge IFFpar, while files for
298 responses have a key subtype, as in the GQ response GQkey.
299 All files begin with two nonencrypted lines. The first line contains
301 the file name in the format ntpkey_key_host.fstamp. The second line
302 contains the datestamp in conventional Unix date format. Lines begin‐
303 ning with # are ignored.
304 The remainder of the file contains cryptographic data encoded first
306 using ASN.1 rules, then encrypted using the DES-CBC algorithm and given
307 password and finally written in PEM-encoded printable ASCII text pre‐
308 ceded and followed by MIME content identifier lines.
309 The format of the symmetric keys file is somewhat different than the
311 other files in the interest of backward compatibility. Since DES-CBC is
312 deprecated in NTPv4, the only key format of interest is MD5 alphanu‐
313 meric strings. Following the header the keys are entered one per line
314 in the format
315 keyno type key
317 where keyno is a positive integer in the range 1-65,535, type is the
319 string MD5 defining the key format and key is the key itself, which is
320 a printable ASCII string 16 characters or less in length. Each charac‐
321 ter is chosen from the 93 printable characters in the range 0x21
322 through 0x7f excluding space and the '#' character.
323 Note that the keys used by the ntpq and ntpdc programs are checked
325 against passwords requested by the programs and entered by hand, so it
326 is generally appropriate to specify these keys in human readable ASCII
327 format.
328 The ntp-keygen program generates a MD5 symmetric keys file ntp‐
330 key_MD5key_hostname.filestamp. Since the file contains private shared
331 keys, it should be visible only to root and distributed by secure means
332 to other subnet hosts. The NTP daemon loads the file ntp.keys, so ntp-
333 keygen installs a soft link from this name to the generated file. Sub‐
334 sequently, similar soft links must be installed by manual or automated
335 means on the other subnet hosts. While this file is not used with the
336 Autokey Version 2 protocol, it is needed to authenticate some remote
337 configuration commands used by the ntpq and ntpdc utilities.
338
341 It can take quite a while to generate some cryptographic values, from
342 one to several minutes with modern architectures such as UltraSPARC and
343 up to tens of minutes to an hour with older architectures such as SPARC
344 IPC.
345
348 ntpd(8), ntp_auth(5)
349 HTML documentation in ntp-doc package.
351 This file was automatically generated from HTML source.
353 ntp-keygen(8)