1ntp-keygen(8)               System Manager's Manual              ntp-keygen(8)
2
3
4

NAME

6       ntp-keygen - generate public and private keys
7
8

SYNOPSIS

10       ntp-keygen [ -deGHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 |
11       RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i  group  ]  [  -m
12       modulus  ] [ -p passwd2 ] [ -q passwd1 ] [ -S [ RSA | DSA ] ] [ -s host
13       ] [ -V nkeys ]
14
15

DESCRIPTION

17       This program generates cryptographic  data  files  used  by  the  NTPv4
18       authentication  and  identity  schemes.  It can generate message digest
19       keys used in symmetric key cryptography and, if  the  OpenSSL  software
20       library  has been installed, it can generate host keys, sign keys, cer‐
21       tificates and identity keys used by the Autokey public  key  cryptogra‐
22       phy.  The  message digest keys file is generated in a format compatible
23       with NTPv3. All other files are in PEM-encoded printable  ASCII  format
24       so they can be embedded as MIME attachments in mail to other sites.
25
26       When  used to generate message digest keys, the program produces a file
27       containing ten pseudo-random printable ASCII strings suitable  for  the
28       MD5  message  digest  algorithm  included  in  the distribution. If the
29       OpenSSL library is installed, it produces an additional ten hex-encoded
30       random bit strings suitable for the SHA1 and other message digest algo‐
31       rithms. Printable ASCII keys can have length from one to 20 characters,
32       inclusive.  Bit  string keys have length 20 octets (40 hex characters).
33       All keys are 160 bits in length.
34
35        The file can be edited later with  purpose-chosen  passwords  for  the
36       ntpq  and  ntpdc programs. Each line of the file contains three fields,
37       first an integer between 1 and 65534, inclusive, representing  the  key
38       identifier  used in the server and peer configuration commands. Next is
39       the key type for the message digest algorithm, which in the absence  of
40       the  OpenSSL library should be the string MD5 to designate the MD5 mes‐
41       sage digest algorithm. If the OpenSSL library  is  installed,  the  key
42       type  can  be  any  message digest algorithm supported by that library.
43       However, if compatibility with FIPS 140-2 is  required,  the  key  type
44       must  be  either  SHA  or SHA1.Finally is the key itself as a printable
45       ASCII string excluding the space and # characters. If not greater  than
46       20 characters in length, the string is the key itself; otherwise, it is
47       interpreted as a hex-encoded bit  string.  As  is  custom,  #  and  the
48       remaining  characters  on the line are ignored. Later, this file can be
49       edited to include the passwords for the ntpq and  ntpdc  utilities.  If
50       this  is the only need, run ntp-keygen with the -M option and disregard
51       the remainder of this page.
52
53       The remaining generated files are compatible with other OpenSSL  appli‐
54       cations  and  other Public Key Infrastructure (PKI) resources. Certifi‐
55       cates generated by this program should be compatible with extant indus‐
56       try  practice,  although  some  users  might find the interpretation of
57       X509v3 extension fields somewhat liberal. However,  the  identity  keys
58       are probably not compatible with anything other than Autokey.
59
60       Most files used by this program are encrypted using a private password.
61       The -p option specifies the password for local files and the -q  option
62       the  password  for  files sent to remote sites. If no local password is
63       specified, the host name returned by the Unix  gethostname()  function,
64       normally  the  DNS  name of the host, is used. If no remote password is
65       specified, the local password is used.
66
67       The pw option of the crypto configuration command  specifies  the  read
68       password  for  previously  encrypted  files.  This must match the local
69       password used by this program. If not specified, the host name is used.
70       Thus, if files are generated by this program without password, they can
71       be read back by ntpd without password, but only on the same host.
72
73       All  files  and  links  are  usually   installed   in   the   directory
74       /etc/ntp/crypto,  which  is  normally  in  a  shared filesystem in NFS-
75       mounted networks and cannot be changed by shared clients. The  location
76       of  the keys directory can be changed by the keysdir configuration com‐
77       mand in such cases. Normally, encrypted files for each host are  gener‐
78       ated by that host and used only by that host, although exceptions exist
79       as noted later on this page.
80
81       This program directs commentary and  error  messages  to  the  standard
82       error stream stderr and remote files to the standard output stream std‐
83       out where they can be piped to other applications or  redirected  to  a
84       file.  The  names used for generated files and links all begin with the
85       string ntpkey and include the file type, generating host and filestamp,
86       as described in the Cryptographic Data Files section below
87
88

RUNNING THE PROGRAM

90       To  test  and gain experience with Autokey concepts, log in as root and
91       change to the keys directory, usually /etc/ntp/crypto. When run for the
92       first  time,  or  if  all  files  with names beginning ntpkey have been
93       removed, use the ntp-keygen command without  arguments  to  generate  a
94       default  RSA  host key and matching RSA-MD5 certificate with expiration
95       date one year hence. If run again, the program uses the  existing  keys
96       and parameters and generates only a new certificate with new expiration
97       date one year hence; however, the certificate is not generated  if  the
98       -e or -q options are present.
99
100       Run the command on as many hosts as necessary. Designate one of them as
101       the trusted host (TH) using ntp-keygen with the -T option and configure
102       it  to  synchronize  from reliable Internet servers. Then configure the
103       other hosts to synchronize to the TH directly or indirectly. A certifi‐
104       cate  trail is created when Autokey asks the immediately ascendant host
105       towards the TH to sign its certificate, which is then provided  to  the
106       immediately  descendant  host  on  request. All group hosts should have
107       acyclic certificate trails ending on the TH.
108
109       The host key is used to encrypt the cookie when required and so must be
110       RSA type. By default, the host key is also the sign key used to encrypt
111       signatures. A different sign key can be assigned using  the  -S  option
112       and  this can be either RSA or DSA type. By default, the signature mes‐
113       sage digest type is MD5, but any combination of sign key type and  sign
114       digest type supported by the OpenSSL library can be specified using the
115       -c option. At the moment, legacy considerations require the NTP  packet
116       header digest type to be MD5.
117
118

TRUSTED HOSTS AND SECURE GROUPS

120       As  described  on  the Authentication Options page, an NTP secure group
121       consists of one or more low-stratum THs as  the  root  from  which  all
122       other  group  hosts  derive synchronization directly or indirectly. For
123       authentication purposes all hosts in a group must have the  same  group
124       name  specified  by  the -i option and matching the ident option of the
125       crypto configuration command. The group name is used in the subject and
126       issuer  fields of trusted, self-signed certificates and when construct‐
127       ing the file names for identity keys. All  hosts  must  have  different
128       host  names,  either  the  default  host name or as specified by the -s
129       option and matching the host option of the  crypto  configuration  com‐
130       mand.  Most  installations  need not specify the -i option nor the host
131       option. Host names are used in the subject and issuer fields  of  self-
132       signed,  nontrusted  certificates  and when constructing the file names
133       for host and sign keys and certificates. Host and group names are  used
134       only for authentication purposes and have nothing to do with DNS names.
135
136

IDENTITY SCHEMES

138       As  described  on the Authentication Options page, there are five iden‐
139       tity schemes, three of which - IFF, GQ and MV - require  identity  keys
140       specific  to each scheme. There are two types of files for each scheme,
141       an encrypted keys file and a nonencrypted parameters file,  which  usu‐
142       ally  contains  a  subset  of  the keys file. In general, NTP secondary
143       servers operating as certificate signing authorities (CSA) use the keys
144       file  and  clients use the parameters file. Both files are generated by
145       the TA operating as a certificate  authority  (CA)  on  behalf  of  all
146       servers and clients in the group.
147
148       The  parameters  files are public; they can be stored in a public place
149       and sent in the clear. The keys files  are  encrypted  with  the  local
150       password.  To retrieve the keys file, a host can send a mail request to
151       the TA including its local password. The TA encrypts the keys file with
152       this  password  and returns it as an attachment. The attachment is then
153       copied intact to the keys directory with name given in the  first  line
154       of  the  file,  but  all  in lower case and with the filestamp deleted.
155       Alternatively, the parameters file can be retrieved from a  secure  web
156       site.
157
158       For  example,  the  TA generates default host key, IFF keys and trusted
159       certificate using the command
160
161       ntp-keygen -p local_passwd -T -I -igroup_name
162
163       Each group host generates default host keys and nontrusted  certificate
164       use  the same command line but omitting the -i option. Once these media
165       have been generated, the TA can then  generate  the  public  parameters
166       using the command
167
168       ntp-keygen -p local_passwd -e >parameters_file
169
170       where  the  -e option redirects the unencrypted parameters to the stan‐
171       dard output stream for a mail application or stored locally  for  later
172       distribution.  In  a  similar  fashion  the  -q  option  redirects  the
173       encrypted server keys to the standard output stream.
174
175

COMMAND LINE OPTIONS

177       -c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 |  RSA-RIPEMD160
178       | DSA-SHA | DSA-SHA1 ]
179               Select  certificate  and  message  digest/signature  encryption
180               scheme. Note that RSA schemes must be used with a RSA sign  key
181               and  DSA  schemes must be used with a DSA sign key. The default
182               without this option is  RSA-MD5.  If  compatibility  with  FIPS
183               140-2  is  required, either the DSA-SHA or DSA-SHA1 scheme must
184               be used.
185
186       -d      Enable debugging. This option displays the  cryptographic  data
187               produced for eye-friendly billboards.
188
189       -e      Extract  the  IFF  or  GQ  public parameters from the IFFkey or
190               GQkey keys file previously specified. Send the unencrypted data
191               to  the standard output stream stdout. While the IFF parameters
192               do not reveal the private group key,  the GQ parameters  should
193               be used with caution, as they include the group key. Use the -q
194               option with password instead. Note: a new  certificate  is  not
195               generated  when  this  option  is present. This allows multiple
196               commands with  this  option  but  without  disturbing  existing
197               media.
198
199       -G      Generate  a new encrypted GQ key file and link for the Guillou-
200               Quisquater (GQ) identity scheme.
201
202       -H      Generate a new encrypted RSA public/private host key  file  and
203               link.  Note  that  if the sign key is the same as the host key,
204               generating a new host key invalidates all  certificates  signed
205               with the old host key.
206
207       -i group
208               Set  the group name to group. This is used in the identity file
209               names. It must match the group  name  specified  in  the  ident
210               option of the crypto configuration command.
211
212       -I      Generate  a new encrypted IFF key file and link for the Schnorr
213               (IFF) identity scheme.
214
215       -m modulus
216               Set the modulus for generating files to modulus bits. The modu‐
217               lus  defaults  to  512,  but can be set from 256 (32 octets) to
218               2048 (256 octets).
219
220       -M      Generate a new MD5 key file containing 16, 128-bit  pseudo-ran‐
221               dom keys for symmetric cryptography..
222
223       -P      Generate  a  new  private  certificate  used by the PC identity
224               scheme. By default, the program generates public  certificates.
225               Note: the PC identity scheme is not recommended for new instal‐
226               lations.
227
228       -p passwd
229               Set the password for reading and  writing  encrypted  files  to
230               passwd. By default, the password is the host name.
231
232       -q passwd
233               Extract  the encrypted IFF or GQ server keys from the IFFkey or
234               GQkey key file previously generated. The data are sent  to  the
235               standard output stream stdout. Set the password for writing the
236               data, which is also the password  to  read  the  data  file  in
237               another  host. By default, the password is the host name. Note:
238               a new certificate is not generated when this option is present.
239               This allows multiple commands with this option but without dis‐
240               turbing existing media.
241
242       -S [ RSA | DSA ]
243               Generate a new sign key of the specified type. By default,  the
244               sign  key  is the host key and has the same type. If compatibly
245               with FIPS 140-2 is required, the sign key  type  must  be  DSA.
246               Note  that  generating  a new sign key invalidates all certifi‐
247               cates signed with the old sign key.
248
249       -s host Set the host name to host. This is used in the  host  and  sign
250               key  file  names.  It must match the host name specified in the
251               host option of the crypto configuration command.
252
253       -T      Generate a trusted certificate. By default, the program  gener‐
254               ates nontrusted certificates.
255
256       -V nkeys
257               Generate server parameters MV and nkeys client keys for the Mu-
258               Varadharajan (MV)  identity  scheme.  Note:  support  for  this
259               option should be considered a work in progress.
260
261

RANDOM SEED FILE

263       All  cryptographically  sound key generation schemes must have means to
264       randomize the entropy seed used to initialize the internal  pseudo-ran‐
265       dom  number  generator  used by the OpenSSL library routines. If a site
266       supports ssh, it is very likely that  means  to  do  this  are  already
267       available. The entropy seed used by the OpenSSL library is contained in
268       a file, usually called .rnd, which must be available when starting  the
269       ntp-keygen program or ntpd daemon.
270
271       The  OpenSSL library looks for the file using the path specified by the
272       RANDFILE environment variable in the user home directory, whether  root
273       or  some  other  user.  If  the  RANDFILE  environment  variable is not
274       present, the library looks for the .rnd file in the  user  home  direc‐
275       tory.  Since  both  the  ntp-keygen program and ntpd daemon must run as
276       root, the logical place to put this file is in /.rnd or /root/.rnd.  If
277       the  file is not available or cannot be written, the program exits with
278       a message to the system log.
279
280       On systems that provide /dev/urandom, the  randomness  device  is  used
281       instead  and the file specified by the randfile subcommand or the RAND‐
282       FILE environment variable is ignored.
283
284

CRYPTOGRAPHIC DATA FILES

286       File and link names are in the form ntpkey_key_name.fstamp,  where  key
287       is the key or parameter type, name is the host or group name and fstamp
288       is the filestamp (NTP seconds) when the file was created).  By  conven‐
289       tion,  key  fields in generated file names include both upper and lower
290       case alphanumeric characters, while key fields in generated link  names
291       include only lower case characters. The filestamp is not used in gener‐
292       ated link names.
293
294       The key type is a string defining the cryptographic function. Key types
295       include public/private keys host and sign, certificate cert and several
296       challenge/response key types. By convention, files used for  challenges
297       have  a  par  subtype,  as in the IFF challenge IFFpar, while files for
298       responses have a key subtype, as in the GQ response GQkey.
299
300       All files begin with two nonencrypted lines. The  first  line  contains
301       the  file  name  in  the format ntpkey_key_host.fstamp. The second line
302       contains the datestamp in conventional Unix date format.  Lines  begin‐
303       ning with # are ignored.
304
305       The  remainder  of  the  file contains cryptographic data encoded first
306       using ASN.1 rules, then encrypted using the DES-CBC algorithm and given
307       password  and  finally written in PEM-encoded printable ASCII text pre‐
308       ceded and followed by MIME content identifier lines.
309
310       The format of the symmetric keys file is somewhat  different  than  the
311       other files in the interest of backward compatibility. Since DES-CBC is
312       deprecated in NTPv4, the only key format of interest  is  MD5  alphanu‐
313       meric  strings.  Following the header the keys are entered one per line
314       in the format
315
316       keyno type key
317
318       where keyno is a positive integer in the range 1-65,535,  type  is  the
319       string  MD5 defining the key format and key is the key itself, which is
320       a printable ASCII string 16 characters or less in length. Each  charac‐
321       ter  is  chosen  from  the  93  printable  characters in the range 0x21
322       through 0x7f excluding space and the '#' character.
323
324       Note that the keys used by the ntpq  and  ntpdc  programs  are  checked
325       against  passwords requested by the programs and entered by hand, so it
326       is generally appropriate to specify these keys in human readable  ASCII
327       format.
328
329       The  ntp-keygen  program  generates  a  MD5  symmetric  keys  file ntp‐
330       key_MD5key_hostname.filestamp. Since the file contains  private  shared
331       keys, it should be visible only to root and distributed by secure means
332       to other subnet hosts. The NTP daemon loads the file ntp.keys, so  ntp-
333       keygen  installs a soft link from this name to the generated file. Sub‐
334       sequently, similar soft links must be installed by manual or  automated
335       means  on  the other subnet hosts. While this file is not used with the
336       Autokey Version 2 protocol, it is needed to  authenticate  some  remote
337       configuration commands used by the ntpq and ntpdc utilities.
338
339

BUGS

341       It  can  take quite a while to generate some cryptographic values, from
342       one to several minutes with modern architectures such as UltraSPARC and
343       up to tens of minutes to an hour with older architectures such as SPARC
344       IPC.
345
346

SEE ALSO

348       ntpd(8), ntp_auth(5)
349
350       HTML documentation in ntp-doc package.
351
352       This file was automatically generated from HTML source.
353
354
355
356
357                                                                 ntp-keygen(8)
Impressum