From: Harlan Stenn Date: Fri, 13 Apr 2007 06:10:55 +0000 (-0400) Subject: [Bug 810] Fix ntp-keygen documentation X-Git-Tag: NTP_4_2_5P22~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae2c2ee15b5f3ef39785fdcebf4c90a55182eec6;p=thirdparty%2Fntp.git [Bug 810] Fix ntp-keygen documentation bk: 461f1eefDGAQ7zF_qESnItRGpn7Pfg --- diff --git a/ChangeLog b/ChangeLog index 2ff266f1e..890df9419 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +* [Bug 810] Fix ntp-keygen documentation. * [Bug 789] Fix multicast client crypto authentication and make sure arriving multicast packets do not disturb the autokey dance. * [Bug 787] Bug fixes for 64-bit time_t on Windows. diff --git a/util/ntp-keygen-opts.c b/util/ntp-keygen-opts.c index b87dea6d7..8bcab198b 100644 --- a/util/ntp-keygen-opts.c +++ b/util/ntp-keygen-opts.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (ntp-keygen-opts.c) * - * It has been AutoGen-ed Thursday April 12, 2007 at 08:18:48 AM EDT + * It has been AutoGen-ed Friday April 13, 2007 at 02:00:08 AM EDT * From the definitions ntp-keygen-opts.def * and the template file options * diff --git a/util/ntp-keygen-opts.def b/util/ntp-keygen-opts.def index 3f44e1e48..fff81ede6 100644 --- a/util/ntp-keygen-opts.def +++ b/util/ntp-keygen-opts.def @@ -22,7 +22,14 @@ flag = { ifdef = OPENSSL; descrip = "certificate scheme"; doc = <<- _EndOfDoc_ - Just some descriptive text. + scheme is one of + RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160, + DSA-SHA, or DSA-SHA1. + + Select the certificate message digest/signature encryption scheme. + Note that RSA schemes must be used with a RSA sign key and DSA + schemes must be used with a DSA sign key. The default without + this option is RSA-MD5. _EndOfDoc_; }; @@ -34,7 +41,8 @@ flag = { ifdef = OPENSSL; descrip = "Write identity keys"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Write the IFF client keys to the standard output. This is + intended for automatic key distribution by mail. _EndOfDoc_; }; @@ -44,7 +52,8 @@ flag = { ifdef = OPENSSL; descrip = "Generate GQ parameters and keys"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate parameters and keys for the GQ identification scheme, + obsoleting any that may exist. _EndOfDoc_; }; @@ -54,7 +63,9 @@ flag = { ifdef = OPENSSL; descrip = "update GQ keys"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate keys for the GQ identification scheme using the existing + GQ parameters. If the GQ parameters do not yet exist, create + them first. _EndOfDoc_; }; @@ -64,7 +75,7 @@ flag = { ifdef = OPENSSL; descrip = "generate RSA host key"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate new host keys, obsoleting any that may exist. _EndOfDoc_; }; @@ -74,7 +85,8 @@ flag = { ifdef = OPENSSL; descrip = "generate IFF parameters"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate parameters for the IFF identification scheme, obsoleting + any that may exist. _EndOfDoc_; }; @@ -84,7 +96,8 @@ flag = { ifdef = OPENSSL; descrip = "set issuer name"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Set the suject name to name. This is used as the subject field + in certificates and in the file name for host and sign keys. _EndOfDoc_; }; @@ -93,7 +106,7 @@ flag = { value = M; descrip = "generate MD5 keys"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate MD5 keys, obsoleting any that may exist. _EndOfDoc_; }; @@ -106,7 +119,7 @@ flag = { ifdef = OPENSSL; descrip = "modulus"; doc = <<- _EndOfDoc_ - Just some descriptive text. + The number of bits in the prime modulus. The default is 512. _EndOfDoc_; }; @@ -116,7 +129,8 @@ flag = { ifdef = OPENSSL; descrip = "generate PC private certificate"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate a private certificate. By default, the program generates + public certificates. _EndOfDoc_; }; @@ -128,7 +142,8 @@ flag = { arg-name = passwd; descrip = "output private password"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Encrypt generated files containing private data with the specified + password and the DES-CBC algorithm. _EndOfDoc_; }; @@ -140,7 +155,7 @@ flag = { arg-name = passwd; descrip = "input private password"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Set the password for reading files to the specified password. _EndOfDoc_; }; @@ -152,7 +167,9 @@ flag = { ifdef = OPENSSL; descrip = "generate sign key (RSA or DSA)"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate a new sign key of the designated type, obsoleting any + that may exist. By default, the program uses the host key as the + sign key. _EndOfDoc_; }; @@ -164,8 +181,9 @@ flag = { ifdef = OPENSSL; descrip = "set subject name"; doc = <<- _EndOfDoc_ - Just some descriptive text. - _EndOfDoc_; + Set the issuer name to name. This is used for the issuer field + in certificates and in the file name for identity files. + _EndOfDoc_; }; flag = { @@ -174,7 +192,8 @@ flag = { ifdef = OPENSSL; descrip = "trusted certificate (TC scheme)"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate a trusted certificate. By default, the program generates + a non-trusted certificate. _EndOfDoc_; }; @@ -186,7 +205,8 @@ flag = { ifdef = OPENSSL; descrip = "generate MV parameters"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate parameters and keys for the Mu-Varadharajan (MV) + identification scheme. _EndOfDoc_; }; @@ -197,9 +217,6 @@ flag = { arg-name = num; ifdef = OPENSSL; descrip = "update MV keys"; - doc = <<- _EndOfDoc_ - Just some descriptive text. - _EndOfDoc_; }; detail = <<- _EODetail_ diff --git a/util/ntp-keygen-opts.h b/util/ntp-keygen-opts.h index e46dce6a9..01d4c4947 100644 --- a/util/ntp-keygen-opts.h +++ b/util/ntp-keygen-opts.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (ntp-keygen-opts.h) * - * It has been AutoGen-ed Thursday April 12, 2007 at 08:18:47 AM EDT + * It has been AutoGen-ed Friday April 13, 2007 at 02:00:07 AM EDT * From the definitions ntp-keygen-opts.def * and the template file options * diff --git a/util/ntp-keygen-opts.texi b/util/ntp-keygen-opts.texi index a0818d5bb..c5d95a91b 100644 --- a/util/ntp-keygen-opts.texi +++ b/util/ntp-keygen-opts.texi @@ -7,7 +7,7 @@ # # DO NOT EDIT THIS FILE (ntp-keygen-opts.texi) # -# It has been AutoGen-ed Thursday April 12, 2007 at 08:18:51 AM EDT +# It has been AutoGen-ed Friday April 13, 2007 at 02:00:10 AM EDT # From the definitions ntp-keygen-opts.def # and the template file aginfo.tpl @end ignore @@ -91,7 +91,7 @@ or by a single hyphen and the flag character. The following option preset mechanisms are supported: - reading file /users/stenn/.ntprc - - reading file /deacon/backroom/snaps/ntp-dev/util/.ntprc + - reading file /deacon/backroom/ntp-dev/util/.ntprc - examining environment variables named NTP_KEYGEN_* If there is no new host key, look for an existing one. @@ -113,7 +113,14 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +scheme is one of +RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160, +DSA-SHA, or DSA-SHA1. + +Select the certificate message digest/signature encryption scheme. +Note that RSA schemes must be used with a RSA sign key and DSA +schemes must be used with a DSA sign key. The default without +this option is RSA-MD5. @node ntp-keygen debug-level @subsection debug-level option (-d) @@ -160,7 +167,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Write the IFF client keys to the standard output. This is +intended for automatic key distribution by mail. @node ntp-keygen gq-params @subsection gq-params option (-G) @@ -174,7 +182,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate parameters and keys for the GQ identification scheme, +obsoleting any that may exist. @node ntp-keygen gq-keys @subsection gq-keys option (-g) @@ -188,7 +197,9 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate keys for the GQ identification scheme using the existing +GQ parameters. If the GQ parameters do not yet exist, create +them first. @node ntp-keygen host-key @subsection host-key option (-H) @@ -202,7 +213,7 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate new host keys, obsoleting any that may exist. @node ntp-keygen iffkey @subsection iffkey option (-I) @@ -216,7 +227,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate parameters for the IFF identification scheme, obsoleting +any that may exist. @node ntp-keygen issuer-name @subsection issuer-name option (-i) @@ -230,14 +242,15 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Set the suject name to name. This is used as the subject field +in certificates and in the file name for host and sign keys. @node ntp-keygen md5key @subsection md5key option (-M) @cindex ntp-keygen-md5key This is the ``generate md5 keys'' option. -Just some descriptive text. +Generate MD5 keys, obsoleting any that may exist. @node ntp-keygen modulus @subsection modulus option (-m) @@ -251,7 +264,7 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +The number of bits in the prime modulus. The default is 512. @node ntp-keygen pvt-cert @subsection pvt-cert option (-P) @@ -265,7 +278,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate a private certificate. By default, the program generates +public certificates. @node ntp-keygen pvt-passwd @subsection pvt-passwd option (-p) @@ -279,7 +293,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Encrypt generated files containing private data with the specified +password and the DES-CBC algorithm. @node ntp-keygen get-pvt-passwd @subsection get-pvt-passwd option (-q) @@ -293,7 +308,7 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Set the password for reading files to the specified password. @node ntp-keygen sign-key @subsection sign-key option (-S) @@ -307,7 +322,9 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate a new sign key of the designated type, obsoleting any +that may exist. By default, the program uses the host key as the +sign key. @node ntp-keygen subject-name @subsection subject-name option (-s) @@ -321,7 +338,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Set the issuer name to name. This is used for the issuer field +in certificates and in the file name for identity files. @node ntp-keygen trusted-cert @subsection trusted-cert option (-T) @@ -335,7 +353,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate a trusted certificate. By default, the program generates +a non-trusted certificate. @node ntp-keygen mv-params @subsection mv-params option (-V) @@ -349,7 +368,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate parameters and keys for the Mu-Varadharajan (MV) +identification scheme. @node ntp-keygen mv-keys @subsection mv-keys option (-v) @@ -363,4 +383,4 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +This option has no @samp{doc} documentation. diff --git a/util/ntp-keygen.1 b/util/ntp-keygen.1 index 2060109a0..68ae5ef88 100644 --- a/util/ntp-keygen.1 +++ b/util/ntp-keygen.1 @@ -1,7 +1,7 @@ -.TH NTP-KEYGEN 1 2007-04-12 "(ntp 4.2.5p21)" "Programmer's Manual" +.TH NTP-KEYGEN 1 2007-04-13 "(ntp 4.2.5p21)" "Programmer's Manual" .\" DO NOT EDIT THIS FILE (ntp-keygen.1) .\" -.\" It has been AutoGen-ed Thursday April 12, 2007 at 08:18:49 AM EDT +.\" It has been AutoGen-ed Friday April 13, 2007 at 02:00:09 AM EDT .\" From the definitions ntp-keygen-opts.def .\" and the template file agman1.tpl .\" @@ -22,7 +22,14 @@ If one is not found, create it. .BR \-c " \fIscheme\fP, " \--certificate "=" \fIscheme\fP certificate scheme. .sp -Just some descriptive text. +scheme is one of +RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160, +DSA-SHA, or DSA-SHA1. + +Select the certificate message digest/signature encryption scheme. +Note that RSA schemes must be used with a RSA sign key and DSA +schemes must be used with a DSA sign key. The default without +this option is RSA-MD5. .TP .BR \-d ", " \--debug-level Increase output debug message level. @@ -40,37 +47,43 @@ but each overrides the previous value(s). .BR \-e ", " \--id-key Write identity keys. .sp -Just some descriptive text. +Write the IFF client keys to the standard output. This is +intended for automatic key distribution by mail. .TP .BR \-G ", " \--gq-params Generate GQ parameters and keys. .sp -Just some descriptive text. +Generate parameters and keys for the GQ identification scheme, +obsoleting any that may exist. .TP .BR \-g ", " \--gq-keys update GQ keys. .sp -Just some descriptive text. +Generate keys for the GQ identification scheme using the existing +GQ parameters. If the GQ parameters do not yet exist, create +them first. .TP .BR \-H ", " \--host-key generate RSA host key. .sp -Just some descriptive text. +Generate new host keys, obsoleting any that may exist. .TP .BR \-I ", " \--iffkey generate IFF parameters. .sp -Just some descriptive text. +Generate parameters for the IFF identification scheme, obsoleting +any that may exist. .TP .BR \-i ", " \--issuer-name set issuer name. .sp -Just some descriptive text. +Set the suject name to name. This is used as the subject field +in certificates and in the file name for host and sign keys. .TP .BR \-M ", " \--md5key generate MD5 keys. .sp -Just some descriptive text. +Generate MD5 keys, obsoleting any that may exist. .TP .BR \-m " \fImodulus\fP, " \--modulus "=" \fImodulus\fP modulus. @@ -83,49 +96,56 @@ in the range 256 through 2048 .fi .in -4 .sp -Just some descriptive text. +The number of bits in the prime modulus. The default is 512. .TP .BR \-P ", " \--pvt-cert generate PC private certificate. .sp -Just some descriptive text. +Generate a private certificate. By default, the program generates +public certificates. .TP .BR \-p " \fIpasswd\fP, " \--pvt-passwd "=" \fIpasswd\fP output private password. .sp -Just some descriptive text. +Encrypt generated files containing private data with the specified +password and the DES-CBC algorithm. .TP .BR \-q " \fIpasswd\fP, " \--get-pvt-passwd "=" \fIpasswd\fP input private password. .sp -Just some descriptive text. +Set the password for reading files to the specified password. .TP .BR \-S " \fIsign\fP, " \--sign-key "=" \fIsign\fP generate sign key (RSA or DSA). .sp -Just some descriptive text. +Generate a new sign key of the designated type, obsoleting any +that may exist. By default, the program uses the host key as the +sign key. .TP .BR \-s " \fIhost\fP, " \--subject-name "=" \fIhost\fP set subject name. .sp -Just some descriptive text. +Set the issuer name to name. This is used for the issuer field +in certificates and in the file name for identity files. .TP .BR \-T ", " \--trusted-cert trusted certificate (TC scheme). .sp -Just some descriptive text. +Generate a trusted certificate. By default, the program generates +a non-trusted certificate. .TP .BR \-V " \fInum\fP, " \--mv-params "=" \fInum\fP generate MV parameters. This option takes an integer number as its argument. .sp -Just some descriptive text. +Generate parameters and keys for the Mu-Varadharajan (MV) +identification scheme. .TP .BR \-v " \fInum\fP, " \--mv-keys "=" \fInum\fP update MV keys. This option takes an integer number as its argument. .sp -Just some descriptive text. +This option has not been fully documented. .TP .BR \-? , " \--help" Display usage information and exit.