@node ntp-keygen Invocation
@section Invoking ntp-keygen
@pindex ntp-keygen
@cindex Create a NTP host key
@ignore
# 
# EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.texi)
# 
# It has been AutoGen-ed  December 10, 2009 at 05:08:36 AM by AutoGen 5.10
# From the definitions    ntp-keygen-opts.def
# and the template file   aginfo.tpl
@end ignore
This program has no explanation.

If there is no new host key, look for an existing one.
If one is not found, create it.

This section was generated by @strong{AutoGen},
the aginfo template and the option descriptions for the @command{ntp-keygen} program.  It documents the ntp-keygen usage text and option meanings.

This software is released under a specialized copyright license.

@menu
* ntp-keygen usage::                  ntp-keygen usage help (-?)
* ntp-keygen certificate::            certificate option (-c)
* ntp-keygen debug-level::            debug-level option (-d)
* ntp-keygen get-pvt-passwd::         get-pvt-passwd option (-q)
* ntp-keygen gq-params::              gq-params option (-G)
* ntp-keygen host-key::               host-key option (-H)
* ntp-keygen id-key::                 id-key option (-e)
* ntp-keygen iffkey::                 iffkey option (-I)
* ntp-keygen issuer-name::            issuer-name option (-i)
* ntp-keygen md5key::                 md5key option (-M)
* ntp-keygen modulus::                modulus option (-m)
* ntp-keygen mv-keys::                mv-keys option (-v)
* ntp-keygen mv-params::              mv-params option (-V)
* ntp-keygen pvt-cert::               pvt-cert option (-P)
* ntp-keygen pvt-passwd::             pvt-passwd option (-p)
* ntp-keygen set-debug-level::        set-debug-level option (-D)
* ntp-keygen sign-key::               sign-key option (-S)
* ntp-keygen subject-name::           subject-name option (-s)
* ntp-keygen trusted-cert::           trusted-cert option (-T)
@end menu

@node ntp-keygen usage
@subsection ntp-keygen usage help (-?)
@cindex ntp-keygen usage

This is the automatically generated usage text for ntp-keygen:

@exampleindent 0
@example
Using OpenSSL version 90704f
ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.6
USAGE:  ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
  Flg Arg Option-Name    Description
   -c Str certificate    certificate scheme
   -d no  debug-level    Increase output debug message level
                                - may appear multiple times
   -D Str set-debug-level Set the output debug message level
                                - may appear multiple times
   -e no  id-key         Write IFF or GQ identity keys
   -G no  gq-params      Generate GQ parameters and keys
   -H no  host-key       generate RSA host key
   -I no  iffkey         generate IFF parameters
   -i Str issuer-name    set issuer name
   -M no  md5key         generate MD5 keys
   -m Num modulus        modulus
                                - it must be:  256 to 2048
   -P no  pvt-cert       generate PC private certificate
   -p Str pvt-passwd     output private password
   -q Str get-pvt-passwd input private password
   -S Str sign-key       generate sign key (RSA or DSA)
   -s Str subject-name   set subject name
   -T no  trusted-cert   trusted certificate (TC scheme)
   -V Num mv-params      generate <num> MV parameters
   -v Num mv-keys        update <num> MV keys
      opt version        Output version information and exit
   -? no  help           Display extended usage information and exit
   -! no  more-help      Extended usage information passed thru pager
   -> opt save-opts      Save the option state to a config file
   -< Str load-opts      Load options from a config file
                                - disabled as --no-load-opts
                                - may appear multiple times

Options are specified by doubled hyphens and their name
or by a single hyphen and the flag character.

The following option preset mechanisms are supported:
 - reading file /users/stenn/.ntprc
 - reading file /deacon/backroom/snaps/ntp-stable/util/.ntprc
 - examining environment variables named NTP_KEYGEN_*

If there is no new host key, look for an existing one.
If one is not found, create it.

please send bug reports to:  http://bugs.ntp.org, bugs@@ntp.org
@end example
@exampleindent 4

@node ntp-keygen certificate
@subsection certificate option (-c)
@cindex ntp-keygen-certificate

This is the ``certificate scheme'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

scheme is one of
RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160,
DSA-SHA, or DSA-SHA1.

Select the certificate message digest/signature encryption scheme.
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key.  The default without
this option is RSA-MD5.

@node ntp-keygen debug-level
@subsection debug-level option (-d)
@cindex ntp-keygen-debug-level

This is the ``increase output debug message level'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
may appear an unlimited number of times.
@end itemize

Increase the debugging message output level.

@node ntp-keygen set-debug-level
@subsection set-debug-level option (-D)
@cindex ntp-keygen-set-debug-level

This is the ``set the output debug message level'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
may appear an unlimited number of times.
@end itemize

Set the output debugging level.  Can be supplied multiple times,
but each overrides the previous value(s).

@node ntp-keygen id-key
@subsection id-key option (-e)
@cindex ntp-keygen-id-key

This is the ``write iff or gq identity keys'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Write the IFF or GQ client keys to the standard output.  This is
intended for automatic key distribution by mail.

@node ntp-keygen gq-params
@subsection gq-params option (-G)
@cindex ntp-keygen-gq-params

This is the ``generate gq parameters and keys'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.

@node ntp-keygen host-key
@subsection host-key option (-H)
@cindex ntp-keygen-host-key

This is the ``generate rsa host key'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Generate new host keys, obsoleting any that may exist.

@node ntp-keygen iffkey
@subsection iffkey option (-I)
@cindex ntp-keygen-iffkey

This is the ``generate iff parameters'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Generate parameters for the IFF identification scheme, obsoleting
any that may exist.

@node ntp-keygen issuer-name
@subsection issuer-name option (-i)
@cindex ntp-keygen-issuer-name

This is the ``set issuer name'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Set the suject name to name.  This is used as the subject field
in certificates and in the file name for host and sign keys.

@node ntp-keygen md5key
@subsection md5key option (-M)
@cindex ntp-keygen-md5key

This is the ``generate md5 keys'' option.
Generate MD5 keys, obsoleting any that may exist.

@node ntp-keygen modulus
@subsection modulus option (-m)
@cindex ntp-keygen-modulus

This is the ``modulus'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

The number of bits in the prime modulus.  The default is 512.

@node ntp-keygen pvt-cert
@subsection pvt-cert option (-P)
@cindex ntp-keygen-pvt-cert

This is the ``generate pc private certificate'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Generate a private certificate.  By default, the program generates
public certificates.

@node ntp-keygen pvt-passwd
@subsection pvt-passwd option (-p)
@cindex ntp-keygen-pvt-passwd

This is the ``output private password'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Encrypt generated files containing private data with the specified
password and the DES-CBC algorithm.

@node ntp-keygen get-pvt-passwd
@subsection get-pvt-passwd option (-q)
@cindex ntp-keygen-get-pvt-passwd

This is the ``input private password'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Set the password for reading files to the specified password.

@node ntp-keygen sign-key
@subsection sign-key option (-S)
@cindex ntp-keygen-sign-key

This is the ``generate sign key (rsa or dsa)'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Generate a new sign key of the designated type, obsoleting any
that may exist.  By default, the program uses the host key as the
sign key.

@node ntp-keygen subject-name
@subsection subject-name option (-s)
@cindex ntp-keygen-subject-name

This is the ``set subject name'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Set the issuer name to name.  This is used for the issuer field
in certificates and in the file name for identity files.

@node ntp-keygen trusted-cert
@subsection trusted-cert option (-T)
@cindex ntp-keygen-trusted-cert

This is the ``trusted certificate (tc scheme)'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Generate a trusted certificate.  By default, the program generates
a non-trusted certificate.

@node ntp-keygen mv-params
@subsection mv-params option (-V)
@cindex ntp-keygen-mv-params

This is the ``generate <num> mv parameters'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

Generate parameters and keys for the Mu-Varadharajan (MV)
identification scheme.

@node ntp-keygen mv-keys
@subsection mv-keys option (-v)
@cindex ntp-keygen-mv-keys

This is the ``update <num> mv keys'' option.

This option has some usage constraints.  It:
@itemize @bullet
@item
must be compiled in by defining @code{OPENSSL} during the compilation.
@end itemize

This option has no @samp{doc} documentation.