From: Harlan Stenn Date: Thu, 29 Nov 2012 08:45:42 +0000 (-0500) Subject: [Bug 2040] Provide a command-line option for the identity key bits X-Git-Tag: NTP_4_2_7P327~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecfb4cf6688464dc479b645ba507c355f722dde7;p=thirdparty%2Fntp.git [Bug 2040] Provide a command-line option for the identity key bits bk: 50b720b67ykwE-2zexj-8LXKnX0QAg --- diff --git a/ChangeLog b/ChangeLog index 40c273916..e657ac599 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +* [Bug 2040] Provide a command-line option for the identity key bits. * Create loc/darwin for Mac OSX (4.2.7p326) 2012/11/21 Released by Harlan Stenn * [Bug 1214] 'proto: precision = ...' should be at INFO, not NOTICE. diff --git a/html/keygen.html b/html/keygen.html index e300ac2e2..28b8411bf 100644 --- a/html/keygen.html +++ b/html/keygen.html @@ -28,7 +28,7 @@

Synopsis

-

ntp-keygen [ -deGHIMPT ] [ -c [ RSA-MD2 | RSA-MD5 | RSA-SHA +

ntp-keygen [ -deGHIMPT ] [ -b modulus ] [ -c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -C cipher ] [-i group ] [ -l days] [ -m modulus ] [ -p passwd1 ] [ -q passwd2 ] @@ -50,6 +50,8 @@

Additional information on trusted groups and identity schemes is on the Autokey Public-Key Authentication page.

Command Line Options

+
-b modulus
+
Set the modulus for generating identity keys to modulus bits. The modulus defaults to 256, but can be set from 256 (32 octets) to 2048 (256 octets). Use the larger moduli with caution, as this can consume considerable computing resources and increases the size of authenticated packets.
-c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ]
Select certificate digital signature and message digest scheme. Note that RSA schemes must be used with an RSA sign key and DSA schemes must be used with a DSA sign key. The default without this option is RSA-MD5. If compatibility with FIPS 140-2 is required, either the DSA-SHA or DSA-SHA1 scheme must be used.
-C cipher
@@ -69,7 +71,7 @@
-l days
Set the lifetime for certificates to days. The default lifetime is one year (365 d).
-m modulus
-
Set the modulus for generating files to modulus bits. The modulus defaults to 512, but can be set from 256 (32 octets) to 2048 (256 octets). Use the larger moduli with caution, as this can consume considerable computing resources.
+
Set the modulus for generating files to modulus bits. The modulus defaults to 512, but can be set from 256 (32 octets) to 2048 (256 octets). Use the larger moduli with caution, as this can consume considerable computing resources and increases the size of authenticated packets.
-M
Generate a new keys file containing 10 MD5 keys and 10 SHA keys. An MD5 key is a string of 20 random printable ASCII characters, while a SHA key is a string of 40 random hex digits. The file can be edited using a text editor to change the key type or key content. This option is mutually exclusive with all other option.
-P
diff --git a/util/ntp-keygen-opts.def b/util/ntp-keygen-opts.def index dc072cb3b..190432568 100644 --- a/util/ntp-keygen-opts.def +++ b/util/ntp-keygen-opts.def @@ -15,6 +15,19 @@ test-main; include = '#include '; #include version.def +flag = { + value = b; + name = imbits; + arg-type = number; + arg-name = imbits; + arg-range = '256->2048'; + ifdef = AUTOKEY; + descrip = "identity modulus bits"; + doc = <<- _EndOfDoc_ + The number of bits in the identity modulus. The default is 256. + _EndOfDoc_; +}; + flag = { value = c; name = certificate;