[ntp:hackers] SHA1 for symmetric keys?

Hal Murray hmurray at megapathdsl.net
Thu Dec 10 07:11:27 UTC 2015

brian.utterback at oracle.com said:
> Does ntpd support SHA1 for symmetric keys? Looking at the docs it suggests
> that the ntp.keys file should be generated with ntp-keygen rather than by
> manual editing. Running ntp-keygen creates a file with both MD5 and SHA1
> keys, but when I try to use them ntpd says "invalid key type" for all of the
> SHA1 keys. Not to mention I never heard anyone say not to edit the ntp.keys
> file by hand. Am I misunderstanding the whole thing? 

I don't know of any reason why you can't edit your keys file by hand.  (There 
are plenty of ways to screw it up, but that's a different issue.)

SHA1symmetric keys  do work, but it requires a library.  I have a test case 
working after configuring with --with-crypto

If you don't have the library available when you build ntp-keygen, it won't 
make any SHA1 keys.  If it does make SHA1 keys, the library is installed on 
your system and I think all you have to do is find the right options when 
configuring to make ntpd.

These are my opinions.  I hate spam.

More information about the hackers mailing list