Lines Matching +full:num +full:- +full:ss +full:- +full:bits
1 /* -*- Mode: Text -*- */
7 #include autogen-version.def
9 prog-name = "ntp-keygen";
10 prog-title = "create a Network Time Protocol host key";
19 arg-type = number;
20 arg-name = imbits;
21 arg-range = '256->2048';
23 descrip = "identity modulus bits";
24 doc = <<- _EndOfDoc_
25 The number of bits in the identity modulus. The default is 512.
32 arg-type = string;
33 arg-name = scheme;
36 doc = <<- _EndOfDoc_
38 RSA-MD2, RSA-MD5, RSA-MDC2, RSA-SHA, RSA-SHA1, RSA-RIPEMD160,
39 DSA-SHA, or DSA-SHA1.
44 this option is RSA-MD5.
51 arg-type = string;
52 arg-name = cipher;
55 doc = <<- _EndOfDoc_
57 private keys. The default is three-key triple DES in CBC mode,
58 equivalent to "@code{-C des-ede3-cbc}". The openssl tool lists ciphers
59 available in "@code{openssl -h}" output.
63 #include debug-opt.def
67 name = id-key;
70 doc = <<- _EndOfDoc_
79 name = gq-params;
82 doc = <<- _EndOfDoc_
90 name = host-key;
93 doc = <<- _EndOfDoc_
103 doc = <<- _EndOfDoc_
113 arg-type = string;
114 arg-name = group;
116 doc = <<- _EndOfDoc_
120 provided. The group name, if specified using @code{-i/--ident} or
121 using @code{-s/--subject-name} following an '@code{@@}' character,
122 is also a part of the self-signed host certificate subject and
133 arg-type = number;
134 arg-name = lifetime;
136 doc = <<- _EndOfDoc_
144 arg-type = number;
145 arg-name = modulus;
146 arg-range = '256->2048';
149 doc = <<- _EndOfDoc_
150 The number of bits in the prime modulus. The default is 512.
158 doc = <<- _EndOfDoc_
165 name = pvt-cert;
168 doc = <<- _EndOfDoc_
176 name = password; // was: pvt-passwd;
178 arg-type = string;
179 arg-name = passwd;
181 doc = <<- _EndOfDoc_
183 DES-CBC algorithm and the specified password. The same password
192 name = export-passwd; // Was: get-pvt-passwd;
194 arg-type = string;
195 arg-name = passwd;
197 doc = <<- _EndOfDoc_
199 encrypted with the DES-CBC algorithm and the specified password.
202 --id-key (-e) for unencrypted exports.
208 name = subject-name;
209 arg-type = string;
210 arg-name = host@group;
213 doc = <<- _EndOfDoc_
219 fields. Specifying '@code{-s @@group}' is allowed, and results in
221 subject and issuer fields, as with @code{-i group}. The group name, or
229 name = sign-key;
230 arg-type = string;
231 arg-name = sign;
234 doc = <<- _EndOfDoc_
243 name = trusted-cert;
246 doc = <<- _EndOfDoc_
248 a non-trusted certificate.
254 name = mv-params;
255 arg-type = number;
256 arg-name = num;
258 descrip = "generate <num> MV parameters";
259 doc = <<- _EndOfDoc_
260 Generate parameters and keys for the Mu-Varadharajan (MV)
267 name = mv-keys;
268 arg-type = number;
269 arg-name = num;
271 descrip = "update <num> MV keys";
275 explain = <<- _END_EXPLAIN
278 doc-section = {
279 ds-type = 'DESCRIPTION';
280 ds-format = 'mdoc';
281 ds-text = <<- _END_PROG_MDOC_DESCRIP
294 All other files are in PEM-encoded printable ASCII format,
300 produces a file containing ten pseudo-random printable ASCII strings
304 hex-encoded random bit strings suitable for SHA1, AES-128-CMAC, and
367 NFS-mounted networks and cannot be changed by shared clients.
390 .Ss Running the Program
412 .Cm RSA-MD5
476 Installing the keys as root might not work in NFS-mounted
503 in NFS-mounted networks.
513 are permitted root read/write-only;
586 This of course creates a chicken-and-egg problem
589 should be set by some other means, such as eyeball-and-wristwatch, at
592 certificate should be re-generated.
595 .Dq Autokey Public-Key Authentication
622 .Ss Trusted Hosts and Groups
637 First, configure a NTP subnet including one or more low-stratum
680 .Cm DSA Ns -signed
710 .Ss Identity Schemes
747 .Pa ntpkey Ns _ Cm RSA-MD5 _ Pa cert_alice. Ar filestamp ,
883 .Ss Command Line Options
884 .Bl -tag -width indent
885 .It Fl b Fl -imbits Ns = Ar modulus
886 Set the number of bits in the identity modulus for generating identity keys to
888 bits.
889 The number of bits in the identity modulus defaults to 256, but can be set to
893 .It Fl c Fl -certificate Ns = Ar scheme
898 .Cm RSA-MD2 , RSA-MD5 , RSA-MDC2 , RSA-SHA , RSA-SHA1 , RSA-RIPEMD160 , DSA-SHA ,
900 .Cm DSA-SHA1 .
911 .Cm RSA-MD5 .
912 If compatibility with FIPS 140-2 is required, either the
913 .Cm DSA-SHA
915 .Cm DSA-SHA1
917 .It Fl C Fl -cipher Ns = Ar cipher
919 The default without this option is three-key triple DES in CBC mode,
920 .Cm des-ede3-cbc .
924 .It Fl d Fl -debug-level
926 This option displays the cryptographic data produced in eye-friendly billboards.
927 .It Fl D Fl -set-debug-level Ns = Ar level
930 This option displays the cryptographic data produced in eye-friendly billboards.
931 .It Fl e Fl -id-key
942 .It Fl G Fl -gq-params
945 parameters and key file for the Guillou-Quisquater (GQ) identity scheme.
951 .It Fl H Fl -host-key
955 .It Fl I Fl -iffkey
964 .It Fl i Fl -ident Ns = Ar group
986 .It Fl l Fl -lifetime Ns = Ar days
990 .It Fl m Fl -modulus Ns = Ar bits
991 Set the number of bits in the prime modulus for generating files to
992 .Ar bits .
996 .It Fl M Fl -md5key
1009 .It Fl p Fl -password Ns = Ar passwd
1016 .It Fl P Fl -pvt-cert
1022 .It Fl q Fl -export-passwd Ns = Ar passwd
1037 .It Fl s Fl -subject-key Ns = Ar Oo host Oc Op @@ Ar group
1061 .It Fl S Fl -sign-key Ns = Op Cm RSA | DSA
1064 If compatibility with FIPS 140-2 is required, the sign key type must be
1066 .It Fl T Fl -trusted-cert
1068 By default, the program generates a non-trusted certificate.
1069 .It Fl V Fl -mv-params Ar nkeys
1072 encrypted server keys and parameters for the Mu-Varadharajan (MV)
1082 .Ss Random Seed File
1085 the internal pseudo-random number generator used
1098 can be used to do this and some systems have built-in entropy sources.
1141 .Ss Cryptographic Data Files
1172 rules, then encrypted if necessary, and finally written in PEM-encoded
1180 .Bd -literal -unfilled -offset center
1192 9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
1213 is a positive integer in the range 1-65535;
1221 however, if compatibility with FIPS 140-2 is required,
1239 An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which
1275 doc-section = {
1276 ds-type = 'USAGE';
1277 ds-format = 'mdoc';
1278 ds-text = <<- _END_MDOC_USAGE
1282 doc-section = {
1283 ds-type = 'NOTES';
1284 ds-format = 'mdoc';
1285 ds-text = <<- _END_MDOC_NOTES
1290 doc-section = {
1291 ds-type = 'BUGS';
1292 ds-format = 'mdoc';
1293 ds-text = <<- _END_MDOC_BUGS