[ntp:questions] Symmetric Key samples

Dave Hart hart at ntp.org
Thu Dec 8 19:12:47 UTC 2011


On Thu, Dec 8, 2011 at 14:38, Joe Smithian <joe.smithian at gmail.com> wrote:
> A,N,S, and M keys are defined in the man ntp.keys
>
> http://www.gsp.com/cgi-bin/man.cgi?section=5&topic=ntp.keys

That's a good example of why one should be suspicious of man pages for
ntpd and friends -- the distribution docs are maintained as HTML and
any man page variant is likely to be based on out of date information.

That page describes a ntp.keys scheme where the type column is always
a single letter and it determines not only the digest algorithm, but
also the representation.  That's not how ntp.keys works today.  The
type column specifies only the digest algorithm, and only 'M' (or MD5)
is supported prior to ntp 4.2.6.  With 4.2.6 and later, the type
column can specify the name of any suitable OpenSSL-provided digest
algorithm which produces a 16-20 octet digest.

The format choice (between hexadecimal and ASCII) is driven by the
length of the key value.  If it is 20 characters or less, the ASCII is
used directly as the key value.  If it is 21 characters or longer, it
is interpreted as hexadecimal-encoded.

Cheers,
Dave Hart


More information about the questions mailing list