ntp-genkeys - generate public and private keys
Last update: May 4, 2022 17:05 UTC (dbea9b7d4)
from Alice’s Adventures in Wonderland, Lewis Carroll
Alice holds the key.
Table of Contents
Synopsis
ntp-genkeys
Description
This program generates random keys used by either or both the NTPv3/NTPv4 symmetric key or the NTPv4 public key (Autokey) cryptographic authentication schemes. By default the program generates the ntp.keys
file containing 16 random symmetric keys. In addition, if the rsaref20
package is configured for the software build, the program generates cryptographic values used by the Autokey scheme. These values are incorporated as a set of three files, ntpkey
containing the RSA private key, ntpkey_host
containing the RSA public key, where host
is the DNS name of the generating machine, and ntpkey_dh
containing the parameters for the Diffie-Hellman key-agreement algorithm. All files and are in printable ASCII format. A timestamp in NTP seconds is appended to each. Since the algorithms are seeded by the system clock, each run of this program produces a different file and file name.
The ntp.keys
file contains 16 MD5 keys. Each key consists of 16 characters randomized over the ASCII 95-character printing subset. The file is read by the daemon at the location specified by the keys
configuration file command and made visible only to root. An additional key consisting of a easily remembered password should be added by hand for use with the ntpq
and ntpdc
programs. The file must be distributed by secure means to other servers and clients sharing the same security compartment. While the key identifiers for MD5 and DES keys must be in the range 1-65534, inclusive, the ntp-genkeys
program uses only the identifiers from 1 to 16. The key identifier for each association is specified as the key argument in the server
or peer configuration file command.
The ntpkey
file contains the RSA private key. It is read by the daemon at the location specified by the privatekey
argument of the crypto
configuration file command and made visible only to root. This file is useful only to the machine that generated it and never shared with any other daemon or application program.
The ntpkey_host
file contains the RSA public key, where host
is the DNS name of the host that generated it. The file is read by the daemon at the location specified by the publickey
argument to the server
or peer
configuration file command. This file can be widely distributed and stored without using secure means, since the data are public values.
The ntp_dh
file contains two Diffie-Hellman parameters: the prime modulus and the generator. The file is read by the daemon at the location specified by the dhparams
argument of the crypto
configuration file command. The file can be distributed by insecure means to other servers and clients sharing the same key agreement compartment, since the data are public values.
The file formats begin with two lines, the first containing the generating system DNS name and the second the datestamp. Lines beginning with #
are considered comments and ignored by the daemon. In the ntp.keys
file, the next 16 lines contain the MD5 keys in order. If necessary, this file can be further customized by an ordinary text editor. The format is described in the following section. In the ntpkey
and ntpkey_host
files, the next line contains the modulus length in bits followed by the key as a PEM encoded string. In the ntpkey_dh
file, the next line contains the prime length in bytes followed by the prime as a PEM encoded string, and the next and final line contains the generator length in bytes followed by the generator as a PEM encoded string.
Note: See the file ./source/rsaref.h
in the rsaref20
package for explanation of return values, if necessary.
In the case of DES, the keys are 56 bits long with, depending on type, a parity check on each byte. In the case of MD5, the keys are 64 bits (8 bytes). ntpd
reads its keys from a file specified using the -k
command line option or the keys
statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, one or more of the keys numbered 1 through 15 may be arbitrarily set in the keys file.
The key file uses the same comment conventions as the configuration file. Key entries use a fixed format of the form
keyno type key
where keyno
is a positive integer, type
is a single character which defines the key format, and key
is the key itself.
The key may be given in one of three different formats, controlled by the type
character. The three key types, and corresponding formats, are listed following.
S
-
The key is a 64-bit hexadecimal number in the format specified in the DES specification; that is, the high order seven bits of each octet are used to form the 56-bit key while the low order bit of each octet is given a value such that odd parity is maintained for the octet. Leading zeroes must be specified (i.e., the key must be exactly 16 hex digits long) and odd parity must be maintained. Hence a zero key, in standard format, would be given as 0101010101010101
.
N
-
The key is a 64-bit hexadecimal number in the format specified in the NTP standard. This is the same as the DES format, except the bits in each octet have been rotated one bit right so that the parity bit is now the high order bit of the octet. Leading zeroes must be specified and odd parity must be maintained. A zero key in NTP format would be specified as 8080808080808080
.
A
-
The key is a 1-to-8 character ASCII string. A key is formed from this by using the low order 7 bits of each ASCII character in the string, with zeroes added on the right when necessary to form a full width 56-bit key, in the same way that encryption keys are formed from Unix passwords.
M
-
The key is a 1-to-8 character ASCII string, using the MD5 authentication scheme.
Note that both the keys and the authentication schemes (DES or MD5) must be identical between a set of peers sharing the same key number.
Note that the keys used by the ntpq
and ntpdc
programs are checked against passwords requested by the programs and entered by hand, so it is generally appropriate to specify these keys in ASCII format.
Files
The RSA Laboratories package rsaref20
of cryptographic routines is necessary in order to build and use this program.
Bugs
It can take quite a while to generate the RSA public/private key pair and Diffie-Hellman parameters, from a few seconds on a modern workstation to several minutes on older machines.