1.\" 2.\" $FreeBSD$ 3.\" 4.Dd January 13, 2000 5.Dt NTP.KEYS 5 6.Os 7.Sh NAME 8.Nm ntp.keys 9.Nd NTP daemon key file format 10.Sh SYNOPSIS 11.Nm /etc/ntp.keys 12.Sh DESCRIPTION 13Following is a description of the format of NTP key files. 14For a description of the use of these files, see the 15.Qq Authentication Support 16section of the 17.Xr ntp.conf 5 18page. 19.Pp 20In the case of DES, the keys are 56 bits long with, 21depending on type, a parity check on each byte. 22In the case of MD5, the keys are 64 bits (8 bytes). 23.Xr ntpd 8 24reads its keys from a file specified using the 25.Fl k 26command line option or the 27.Ic keys 28statement in the configuration file. 29While key number 0 is fixed by the NTP standard 30(as 56 zero bits) 31and may not be changed, 32one or more of the keys numbered 1 through 15 33may be arbitrarily set in the keys file. 34.Pp 35The key file uses the same comment conventions 36as the configuration file. 37Key entries use a fixed format of the form 38.Pp 39.D1 Ar keyno type key 40.Pp 41where 42.Ar keyno 43is a positive integer, 44.Ar type 45is a single character which defines the key format, 46and 47.Ar key 48is the key itself. 49.Pp 50The 51.Ar key 52may be given in one of four different formats, 53controlled by the 54.Ar type 55character. 56The four key types, and corresponding formats, 57are listed following. 58.Bl -tag -width X 59.It Li S 60The key is a 64-bit hexadecimal number in the format 61specified in the DES specification; 62that is, the high order seven bits of each octet are used 63to form the 56-bit key 64while the low order bit of each octet is given a value 65such that odd parity is maintained for the octet. 66Leading zeroes must be specified 67(i.e., the key must be exactly 16 hex digits long) 68and odd parity must be maintained. 69Hence a zero key, in standard format, would be given as 70.Ql 0101010101010101 . 71.It Li N 72The key is a 64-bit hexadecimal number in the format 73specified in the NTP standard. 74This is the same as the DES format, 75except the bits in each octet have been rotated one bit right 76so that the parity bit is now the high order bit of the octet. 77Leading zeroes must be specified and odd parity must be maintained. 78A zero key in NTP format would be specified as 79.Ql 8080808080808080 . 80.It Li A 81The key is a 1-to-8 character ASCII string. 82A key is formed from this by using the low order 7 bits 83of each ASCII character in the string, 84with zeroes added on the right 85when necessary to form a full width 56-bit key, 86in the same way that encryption keys are formed from 87.Ux 88passwords. 89.It Li M 90The key is a 1-to-8 character ASCII string, 91using the MD5 authentication scheme. 92Note that both the keys and the authentication schemes (DES or MD5) 93must be identical between a set of peers sharing the same key number. 94.El 95.Pp 96Note that the keys used by the 97.Xr ntpq 8 98and 99.Xr ntpdc 8 100programs are checked against passwords 101requested by the programs and entered by hand, 102so it is generally appropriate to specify these keys in ASCII format. 103.Sh FILES 104.Bl -tag -width /etc/ntp.drift -compact 105.It Pa /etc/ntp.keys 106the default name of the configuration file 107.El 108.Sh SEE ALSO 109.Xr ntp.conf 5 , 110.Xr ntpd 8 , 111.Xr ntpdate 8 , 112.Xr ntpdc 8 113.Sh BUGS 114.Xr ntpd 8 115has gotten rather fat. 116While not huge, it has gotten larger than might 117be desirable for an elevated-priority daemon running on a workstation, 118particularly since many of the fancy features which consume the space 119were designed more with a busy primary server, rather than a high 120stratum workstation, in mind. 121