| blob | 6fce2e8f5629f435e5b47c8e50872c07acfac9a0 |
1 @node ntp-keygen Invocation
2 @section Invoking ntp-keygen
3 @pindex ntp-keygen
4 @cindex Create a NTP host key
5 @ignore
6 #
7 # EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.texi)
8 #
9 # It has been AutoGen-ed December 10, 2009 at 05:08:36 AM by AutoGen 5.10
10 # From the definitions ntp-keygen-opts.def
11 # and the template file aginfo.tpl
12 @end ignore
13 This program has no explanation.
15 If there is no new host key, look for an existing one.
16 If one is not found, create it.
18 This section was generated by @strong{AutoGen},
19 the aginfo template and the option descriptions for the @command{ntp-keygen} program. It documents the ntp-keygen usage text and option meanings.
21 This software is released under a specialized copyright license.
23 @menu
24 * ntp-keygen usage:: ntp-keygen usage help (-?)
25 * ntp-keygen certificate:: certificate option (-c)
26 * ntp-keygen debug-level:: debug-level option (-d)
27 * ntp-keygen get-pvt-passwd:: get-pvt-passwd option (-q)
28 * ntp-keygen gq-params:: gq-params option (-G)
29 * ntp-keygen host-key:: host-key option (-H)
30 * ntp-keygen id-key:: id-key option (-e)
31 * ntp-keygen iffkey:: iffkey option (-I)
32 * ntp-keygen issuer-name:: issuer-name option (-i)
33 * ntp-keygen md5key:: md5key option (-M)
34 * ntp-keygen modulus:: modulus option (-m)
35 * ntp-keygen mv-keys:: mv-keys option (-v)
36 * ntp-keygen mv-params:: mv-params option (-V)
37 * ntp-keygen pvt-cert:: pvt-cert option (-P)
38 * ntp-keygen pvt-passwd:: pvt-passwd option (-p)
39 * ntp-keygen set-debug-level:: set-debug-level option (-D)
40 * ntp-keygen sign-key:: sign-key option (-S)
41 * ntp-keygen subject-name:: subject-name option (-s)
42 * ntp-keygen trusted-cert:: trusted-cert option (-T)
43 @end menu
45 @node ntp-keygen usage
46 @subsection ntp-keygen usage help (-?)
47 @cindex ntp-keygen usage
49 This is the automatically generated usage text for ntp-keygen:
51 @exampleindent 0
52 @example
53 Using OpenSSL version 90704f
54 ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.6
55 USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
56 Flg Arg Option-Name Description
57 -c Str certificate certificate scheme
58 -d no debug-level Increase output debug message level
59 - may appear multiple times
60 -D Str set-debug-level Set the output debug message level
61 - may appear multiple times
62 -e no id-key Write IFF or GQ identity keys
63 -G no gq-params Generate GQ parameters and keys
64 -H no host-key generate RSA host key
65 -I no iffkey generate IFF parameters
66 -i Str issuer-name set issuer name
67 -M no md5key generate MD5 keys
68 -m Num modulus modulus
69 - it must be: 256 to 2048
70 -P no pvt-cert generate PC private certificate
71 -p Str pvt-passwd output private password
72 -q Str get-pvt-passwd input private password
73 -S Str sign-key generate sign key (RSA or DSA)
74 -s Str subject-name set subject name
75 -T no trusted-cert trusted certificate (TC scheme)
76 -V Num mv-params generate <num> MV parameters
77 -v Num mv-keys update <num> MV keys
78 opt version Output version information and exit
79 -? no help Display extended usage information and exit
80 -! no more-help Extended usage information passed thru pager
81 -> opt save-opts Save the option state to a config file
82 -< Str load-opts Load options from a config file
83 - disabled as --no-load-opts
84 - may appear multiple times
86 Options are specified by doubled hyphens and their name
87 or by a single hyphen and the flag character.
89 The following option preset mechanisms are supported:
90 - reading file /users/stenn/.ntprc
91 - reading file /deacon/backroom/snaps/ntp-stable/util/.ntprc
92 - examining environment variables named NTP_KEYGEN_*
94 If there is no new host key, look for an existing one.
95 If one is not found, create it.
97 please send bug reports to: http://bugs.ntp.org, bugs@@ntp.org
98 @end example
99 @exampleindent 4
101 @node ntp-keygen certificate
102 @subsection certificate option (-c)
103 @cindex ntp-keygen-certificate
105 This is the ``certificate scheme'' option.
107 This option has some usage constraints. It:
108 @itemize @bullet
109 @item
110 must be compiled in by defining @code{OPENSSL} during the compilation.
111 @end itemize
113 scheme is one of
114 RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160,
115 DSA-SHA, or DSA-SHA1.
117 Select the certificate message digest/signature encryption scheme.
118 Note that RSA schemes must be used with a RSA sign key and DSA
119 schemes must be used with a DSA sign key. The default without
120 this option is RSA-MD5.
122 @node ntp-keygen debug-level
123 @subsection debug-level option (-d)
124 @cindex ntp-keygen-debug-level
126 This is the ``increase output debug message level'' option.
128 This option has some usage constraints. It:
129 @itemize @bullet
130 @item
131 may appear an unlimited number of times.
132 @end itemize
134 Increase the debugging message output level.
136 @node ntp-keygen set-debug-level
137 @subsection set-debug-level option (-D)
138 @cindex ntp-keygen-set-debug-level
140 This is the ``set the output debug message level'' option.
142 This option has some usage constraints. It:
143 @itemize @bullet
144 @item
145 may appear an unlimited number of times.
146 @end itemize
148 Set the output debugging level. Can be supplied multiple times,
149 but each overrides the previous value(s).
151 @node ntp-keygen id-key
152 @subsection id-key option (-e)
153 @cindex ntp-keygen-id-key
155 This is the ``write iff or gq identity keys'' option.
157 This option has some usage constraints. It:
158 @itemize @bullet
159 @item
160 must be compiled in by defining @code{OPENSSL} during the compilation.
161 @end itemize
163 Write the IFF or GQ client keys to the standard output. This is
164 intended for automatic key distribution by mail.
166 @node ntp-keygen gq-params
167 @subsection gq-params option (-G)
168 @cindex ntp-keygen-gq-params
170 This is the ``generate gq parameters and keys'' option.
172 This option has some usage constraints. It:
173 @itemize @bullet
174 @item
175 must be compiled in by defining @code{OPENSSL} during the compilation.
176 @end itemize
178 Generate parameters and keys for the GQ identification scheme,
179 obsoleting any that may exist.
181 @node ntp-keygen host-key
182 @subsection host-key option (-H)
183 @cindex ntp-keygen-host-key
185 This is the ``generate rsa host key'' option.
187 This option has some usage constraints. It:
188 @itemize @bullet
189 @item
190 must be compiled in by defining @code{OPENSSL} during the compilation.
191 @end itemize
193 Generate new host keys, obsoleting any that may exist.
195 @node ntp-keygen iffkey
196 @subsection iffkey option (-I)
197 @cindex ntp-keygen-iffkey
199 This is the ``generate iff parameters'' option.
201 This option has some usage constraints. It:
202 @itemize @bullet
203 @item
204 must be compiled in by defining @code{OPENSSL} during the compilation.
205 @end itemize
207 Generate parameters for the IFF identification scheme, obsoleting
208 any that may exist.
210 @node ntp-keygen issuer-name
211 @subsection issuer-name option (-i)
212 @cindex ntp-keygen-issuer-name
214 This is the ``set issuer name'' option.
216 This option has some usage constraints. It:
217 @itemize @bullet
218 @item
219 must be compiled in by defining @code{OPENSSL} during the compilation.
220 @end itemize
222 Set the suject name to name. This is used as the subject field
223 in certificates and in the file name for host and sign keys.
225 @node ntp-keygen md5key
226 @subsection md5key option (-M)
227 @cindex ntp-keygen-md5key
229 This is the ``generate md5 keys'' option.
230 Generate MD5 keys, obsoleting any that may exist.
232 @node ntp-keygen modulus
233 @subsection modulus option (-m)
234 @cindex ntp-keygen-modulus
236 This is the ``modulus'' option.
238 This option has some usage constraints. It:
239 @itemize @bullet
240 @item
241 must be compiled in by defining @code{OPENSSL} during the compilation.
242 @end itemize
244 The number of bits in the prime modulus. The default is 512.
246 @node ntp-keygen pvt-cert
247 @subsection pvt-cert option (-P)
248 @cindex ntp-keygen-pvt-cert
250 This is the ``generate pc private certificate'' option.
252 This option has some usage constraints. It:
253 @itemize @bullet
254 @item
255 must be compiled in by defining @code{OPENSSL} during the compilation.
256 @end itemize
258 Generate a private certificate. By default, the program generates
259 public certificates.
261 @node ntp-keygen pvt-passwd
262 @subsection pvt-passwd option (-p)
263 @cindex ntp-keygen-pvt-passwd
265 This is the ``output private password'' option.
267 This option has some usage constraints. It:
268 @itemize @bullet
269 @item
270 must be compiled in by defining @code{OPENSSL} during the compilation.
271 @end itemize
273 Encrypt generated files containing private data with the specified
274 password and the DES-CBC algorithm.
276 @node ntp-keygen get-pvt-passwd
277 @subsection get-pvt-passwd option (-q)
278 @cindex ntp-keygen-get-pvt-passwd
280 This is the ``input private password'' option.
282 This option has some usage constraints. It:
283 @itemize @bullet
284 @item
285 must be compiled in by defining @code{OPENSSL} during the compilation.
286 @end itemize
288 Set the password for reading files to the specified password.
290 @node ntp-keygen sign-key
291 @subsection sign-key option (-S)
292 @cindex ntp-keygen-sign-key
294 This is the ``generate sign key (rsa or dsa)'' option.
296 This option has some usage constraints. It:
297 @itemize @bullet
298 @item
299 must be compiled in by defining @code{OPENSSL} during the compilation.
300 @end itemize
302 Generate a new sign key of the designated type, obsoleting any
303 that may exist. By default, the program uses the host key as the
304 sign key.
306 @node ntp-keygen subject-name
307 @subsection subject-name option (-s)
308 @cindex ntp-keygen-subject-name
310 This is the ``set subject name'' option.
312 This option has some usage constraints. It:
313 @itemize @bullet
314 @item
315 must be compiled in by defining @code{OPENSSL} during the compilation.
316 @end itemize
318 Set the issuer name to name. This is used for the issuer field
319 in certificates and in the file name for identity files.
321 @node ntp-keygen trusted-cert
322 @subsection trusted-cert option (-T)
323 @cindex ntp-keygen-trusted-cert
325 This is the ``trusted certificate (tc scheme)'' option.
327 This option has some usage constraints. It:
328 @itemize @bullet
329 @item
330 must be compiled in by defining @code{OPENSSL} during the compilation.
331 @end itemize
333 Generate a trusted certificate. By default, the program generates
334 a non-trusted certificate.
336 @node ntp-keygen mv-params
337 @subsection mv-params option (-V)
338 @cindex ntp-keygen-mv-params
340 This is the ``generate <num> mv parameters'' option.
342 This option has some usage constraints. It:
343 @itemize @bullet
344 @item
345 must be compiled in by defining @code{OPENSSL} during the compilation.
346 @end itemize
348 Generate parameters and keys for the Mu-Varadharajan (MV)
349 identification scheme.
351 @node ntp-keygen mv-keys
352 @subsection mv-keys option (-v)
353 @cindex ntp-keygen-mv-keys
355 This is the ``update <num> mv keys'' option.
357 This option has some usage constraints. It:
358 @itemize @bullet
359 @item
360 must be compiled in by defining @code{OPENSSL} during the compilation.
361 @end itemize
363 This option has no @samp{doc} documentation.