The cryptographic values used by the autokey scheme are incorporated as a set of four files generated by the ntp_genkeys program, including ntp.keys containing the DES/MD5 private keys, ntpkey containing the RSA private key, ntpkey_host containing the RSA public key, where host is the DNS name of the generating machine, and ntpkey_dh containing the parameters for the Diffie-Hellman key- agreement algorithm. The files contain cryptographic values generated by the algorithms of the rsaref20 package and are in printable ASCII format. Since the algorythms are seeded by the system clock, each run of this program will produce a different outcome. There are no options or frills of any sort, although a number of options would seem to be appropriate.
The ntp.keys file contains 16 MD5 keys. Each key consists of 16 characters randomized over the ASCII 95-character printing subset. The file is read by the daemon at the location specified by the keys configuration file command and made visible only to root. An additional key consisting of a easily remembered password should be added by hand for use with the ntpq and ntpdc programs. The file must be distributed by secure means to other servers and clients sharing the same security compartment. While the key identifiers for MD5 and DES keys must be in the range 1-65534, inclusive, the ntp_genkeys program uses only the identifiers from 1 to 16. The key identifier for each association is specified as the key argument in the server or peer configuration file command.
The ntpkey file contains the RSA private key. It is read by the daemon at the location specified by the privatekey argument of the crypto configuration file command and made visible only to root. This file is useful only to the machine that generated it and never shared with any other daemon or application program.
The ntpkey_host file contains the RSA public key, where host is the DNS name of the host that generated it. The file is read by the daemon at the location specified by the publickey argument to the server or peer configuration file command. This file can be widely distributed and stored without using secure means, since the data are public values.
The ntp_dh file contains two Diffie-Hellman parameters: the prime modulus and the generator. The file is read by the daemon at the location specified by the dhparams argument of the crypto configuration file command. The file can be distributed by insecure means to other servers and clients sharing the same key agreement compartment, since the data are public values.
The file formats begin with two lines, the first containing the generating system DNS name and the second the datestamp. Lines beginning with # are considered comments and ignored by the daemon. In the ntp.keys file, the next 16 lines contain the MD5 keys in order. If necessary, this file can be further customized by an ordinary text editor. The format is described in the following section. In the ntpkey and ntpkey_host files, the next line contains the modulus length in bits followed by the key as a PEM encoded string. In the ntpkey_dh file, the next line contains the prime length in bytes followed by the prime as a PEM encoded string, and the next and final line contains the generator length in bytes followed by the generator as a PEM encoded string.
Note: See the file ./source/rsaref.h in the rsaref20 package for explanation of return values, if necessary.
The key file uses the same comment conventions as the configuration file. Key entries use a fixed format of the form
keyno type key
where keyno is a positive integer, type is a single character which defines the key format, and key is the key itself.
The key may be given in one of three different formats, controlled by the type character. The three key types, and corresponding formats, are listed following.
Note that the keys used by the ntpq and ntpdc programs are checked against passwords requested by the programs and entered by hand, so it is generally appropriate to specify these keys in ASCII format.