From owner-man-jp-reviewer@jp.FreeBSD.org Sun Dec 23 17:15:44 2001
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id fBN8Fil42865;
	Sun, 23 Dec 2001 17:15:44 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id fBN8FhH42860
	for <man-jp-reviewer@jp.freebsd.org>; Sun, 23 Dec 2001 17:15:44 +0900 (JST)
	(envelope-from kuma@c9795-a.vncvr1.wa.home.com)
Received: from c9795-a.vncvr1.wa.home.com ([12.225.156.18])
          by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20011223081537.JGTW20122.rwcrmhc53.attbi.com@c9795-a.vncvr1.wa.home.com>
          for <man-jp-reviewer@jp.freebsd.org>;
          Sun, 23 Dec 2001 08:15:37 +0000
To: man-jp-reviewer@jp.FreeBSD.org
From: kumagai@attbi.com (Norihiro Kumagai)
Date: Sun, 23 Dec 2001 00:16:34 -0800
Message-ID: <5357.1009095394@c9795-a.vncvr1.wa.home.com>
Reply-To: man-jp-reviewer@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+011218
X-Sequence: man-jp-reviewer 3909
Subject: [man-jp-reviewer 3909] ntp-genkeys.8
Errors-To: owner-man-jp-reviewer@jp.FreeBSD.org
Sender: owner-man-jp-reviewer@jp.FreeBSD.org
X-Originator: kuma@c9795-a.vncvr1.wa.home.com

$B7'C+$G$9!#(B

$B<j;O$a$K!"(Bntp-genkeys.8 $B$G$9!#(B

$B<ALd$G$9$,!"(BDiffie-Hellman $B808r49%"%k%4%j%:%`$G!"(B
prime modulus $B$H(B generator $B$r2?$FLu$9$+$4B8CN$G$9$+(B?

$B$H$j$"$($:!"(Bgoogle $B$G(B Web $BD4$Y$F!"(B
WORD:	prime modulus	$BAG?t78?t(B
WORD:	generator	$B86;O:,(B
$B$H$7$F$_$^$7$?$,!"$$$^$$$A$N$h$&$J5$$,$7$^$9!#(B

--
$B7'C+(B $BE5Bg(B

--- ntp-genkeys.8-org	Wed Aug 29 07:50:56 2001
+++ ntp-genkeys.8	Sun Dec 23 00:05:13 2001
@@ -1,206 +1,177 @@
 .\"
 .\" $FreeBSD$
 .\"
+.\" WORD: private key	$BHkL)80(B
+.\" WORD: public key	$B8x3+80(B
+.\"
 .Dd August  2, 2001
 .Dt NTP_GENKEYS 8
 .Os
-.Sh NAME
+.Sh $BL>A0(B
 .Nm ntp-genkeys
-.Nd generate public and private keys
-.Sh SYNOPSIS
+.Nd $B8x3+80!"HkL)80$r@8@.$9$k(B
+.Sh $B=q<0(B
 .Nm
 .Op Fl dfhlnt
 .Op Fl c Ar conffile
 .Op Fl g Ar target
 .Op Fl k Ar keyfile
-.Sh DESCRIPTION
-This program generates random keys used by either or both the
-NTPv3/NTPv4 symmetric key or the NTPv4 public key (Autokey)
-cryptographic authentication schemes.
+.Sh $B2r@b(B
+$B$3$N%W%m%0%i%`$O(B NTPv3/NTPv4 $B$NBP>N800E9f2=G'>Z%9%-!<%`!"$^$?$O(B NTPv4
+$B$N8x3+80(B (Autokey) $B0E9f2=G'>Z%9%-!<%`$GMQ$$$i$l$k%i%s%@%`80$r(B
+$B@8@.$7$^$9!#(B
 .Pp
-The following options are available:
+$B0J2<$N%*%W%7%g%s$,MxMQ2DG=$G$9!#(B
 .Bl -tag -width indent
 .It Fl c Ar conffile
-Location of
 .Xr ntp.conf 8
-file.
+$B%U%!%$%k$N0LCV$r;XDj$7$^$9!#(B
 .It Fl d
-enable debug messages (can be used multiple times)
+$B%G%P%C%0%a%C%;!<%8=PNO$rM-8z$K$7$^$9(B ($BJ#?t2s;XDj2DG=$G$9(B)$B!#(B
 .It Fl f
-force installation of generated keys.
+$B@8@.$7$?80$r6/@)E*$K%$%s%9%H!<%k$7$^$9!#(B
 .It Fl g target
-Generate file or files indicated by the characters in the
+$BJ8;zNs(B
 .Ar target
-string:
+$B$NJ8;z$G;XDj$5$l$?%U%!%$%k$r@8@.$7$^$9!#(B
 .Bl -tag -width X
 .It Li d 
-Generate D-H parameter file.
+D-H $B%Q%i%a!<%?%U%!%$%k$r@8@.$7$^$9!#(B
 .It Li m
-Generate MD5 key file.
+MD5 $B80%U%!%$%k$r@8@.$7$^$9!#(B
 .It Li r
-Generate RSA keys.
+RSA $B80$r@8@.$7$^$9!#(B
 .El
 .It Fl h
-Build keys here (current directory).
-Implies
-.Fl l .
+$B80$r$=$N>l=j(B ($B8=:_$N%G%#%l%/%H%j(B) $B$K:n@.$7$^$9!#$3$l$O!"%*%W%7%g%s(B
+.Fl l
+$B$r4^$_$^$9!#(B
 .It Fl k Ar keyfile
-Location of key file.
+$B80%U%!%$%k$N>l=j$r;XDj$7$^$9!#(B
 .It Fl l
-Do not make the symlinks.
+$B%7%s%\%j%C%/%j%s%/$r:n$j$^$;$s!#(B
 .It Fl n
-Do not actually do anything, just say what would be done.
+$B<B:]$K$O2?$b$7$^$;$s!#2?$r$7$h$&$H$9$k$+$@$1$r=PNO$7$^$9!#(B
 .It Fl t
-Trash the (old) files at the end of symlink.
+$B%7%s%\%j%C%/%j%s%/$N@h$N(B ($B8E$$(B) $B%U%!%$%k$rKu>C$7$^$9!#(B
 .El
 .Pp
-By default the program
-generates the
+$B%G%U%)%k%H$G$O!"$3$N%W%m%0%i%`$O!"(B16$B8D$N%i%s%@%`BP>N80$r4^$`%U%!%$%k(B
 .Xr ntp.keys 5
-file containing 16 random symmetric
-keys.
-In addition, if the
-rsaref20
-package is configured
-for the software build, the program generates cryptographic values
-used by the Autokey scheme.
-These values are incorporated as a set
-of three files,
+$B$r@8@.$7$^$9!#(B
+$B2C$($F!"%=%U%H%&%(%"%S%k%I$N:]$K(B rsaref20 $B%Q%C%1!<%8$,AH$_9~$^$l$F$$$k(B
+$B>l9g!"$3$N%W%m%0%i%`$O!"(BAutokey $B%9%-!<%`$G;HMQ$9$k0E9fCM$r@8@.$7$^$9!#(B
+$B$3$l$i$NCM$O<!$N(B3$B8D$N%U%!%$%k$K$J$j$^$9!#(B
 .Pa ntpkey
-containing the RSA private key,
+$B$O!"(BRSA $BHkL)80$r4^$_$^$9!#(B
 .Pa ntpkey_ Ns Ar host
-containing the RSA public key, where
+$B$O!"(BRSA $B8x3+80$r4^$_$^$9!#$3$3$G(B
 .Ar host
-is the DNS name of the generating machine, and
+$B$O!"80$r@8@.$7$?%^%7%s$N(B DNS $BL>$G$9!#(B
 .Pa ntpkey_dh
-containing the parameters for the Diffie-Hellman
-key-agreement algorithm.
-All files and are in printable ASCII
-format.
-A timestamp in NTP seconds is appended to each.
-Since the
-algorithms are seeded by the system clock, each run of this program
-produces a different file and file name.
+$B$O!"(BDiffie-Hellman $B808r49%"%k%4%j%:%`$GMQ$$$k%Q%i%a!<%?$r4^$_$^$9!#(B
+$B$9$Y$F$N%U%!%$%k$O0u;z2DG=$J(B ASCII $B7A<0$G$9!#(BNTP $BIC$G<($7$?(B
+$B%?%$%`%9%?%s%W$,$=$l$>$l$N%U%!%$%k$KDI2C$5$l$^$9!#(B
+$B$3$N%"%k%4%j%:%`$O%7%9%F%`%/%m%C%/$rMp?t$N<o$H$7$^$9$N$G!"(B
+$B$3$N%W%m%0%i%`$O!"<B9T$9$k$4$H$K0[$J$k%U%!%$%k$H%U%!%$%kL>$r(B
+$B@8@.$7$^$9!#(B
 .Pp
-The
+$B%U%!%$%k(B
 .Xr ntp.keys 5
-file contains 16 MD5 keys.
-Each key
-consists of 16 characters randomized over the ASCII 95-character
-printing subset.
-The file is read by the daemon at the location
-specified by the
+$B$O(B 16 $B8D$N(B MD5 $B80$r4^$_$^$9!#$=$l$>$l$N80$O!"(BASCII $B$N0u;z2DG=ItJ,=89g(B
+95 $BJ8;z$+$i%i%s%@%`$KA*$s$@(B 16 $BJ8;z$+$i$J$j$^$9!#%G!<%b%s$O!"(B
+$B@_Dj%U%!%$%k%3%^%s%I(B
 .Ic keys
-configuration file command and made
-visible only to root.
-An additional key consisting of a easily
-remembered password should be added by hand for use with the
+$B$K$h$C$F;XDj$5$l$?0LCV$+$i$3$N%U%!%$%k$rFI$_9~$_$^$9!#$^$?!"(B
+$B$3$N%U%!%$%k$O%k!<%H$@$1$,8+$k$3$H$,$G$-$k$h$&$K$7$^$9!#(B
+$B%W%m%0%i%`(B
 .Xr ntpq 8
-and
+$B$d(B
 .Xr ntpdc 8
-programs.
-The file must be
-distributed by secure means to other servers and clients sharing
-the same security compartment.
-While the key identifiers for MD5
-and DES keys must be in the range 1-65534, inclusive, the
+$B$H$H$b$K;HMQ$9$k$?$a$K$O!"4JC1$K;W$$=P$;$k%Q%9%o!<%I$+$i$J$k(B
+$B80$r<j$GDI2C$7$J$1$l$P$J$j$^$;$s!#(B
+$B$3$N%U%!%$%k$rF1$80BA4$J6h2h$r6&M-$9$k%5!<%P$H%/%i%$%"%s%H$KG[I[$9$k(B
+$B:]$K$O!"0BA4$J<jCJ$GG[I[$7$J$1$l$P$J$j$^$;$s!#0lJ}!"(BMD5 $B80$H(B DES $B80$K(B
+$BBP$9$k80$N<1JL;R$O!"(B1-65534 $B$N(B ($BN>C<$r4^$`(B) $BHO0O$K4^$^$l$kI,MW$,(B
+$B$"$j$^$9$,!"%W%m%0%i%`(B
 .Nm
-program uses only the identifiers from 1 to
-16.
-The key identifier for each association is specified as the key
-argument in the
+$B$O!"(B1 $B$+$i(B 16 $B$N<1JL;R$N$_$r;HMQ$7$^$9!#3F%"%=%7%(!<%7%g%s$KBP$9$k(B
+$B80$N<1JL;R$O!"@_Dj%U%!%$%k%3%^%s%I(B
 .Ic server
-or
+$B$^$?$O(B
 .Ic peer
-configuration file command.
+$B$N800z?t$H$7$F;XDj$5$l$^$9!#(B
 .Pp
-The
+$B%U%!%$%k(B
 .Pa ntpkey
-file contains the RSA private key.
-It is
-read by the daemon at the location specified by the
-.Ar privatekey
-argument of the
+$B$O(B RSA $BHkL)80$r4^$_$^$9!#(B
+$B%G!<%b%s$O!"@_Dj%U%!%$%k%3%^%s%I(B
 .Ic crypto
-configuration
-file command and made visible only to root.
-This file is useful
-only to the machine that generated it and never shared with any
-other daemon or application program.
+$B$N0z?t(B
+.Ar privatekey
+$B$G;XDj$5$l$k0LCV$+$i$3$N%U%!%$%k$rFI$_9~$_$^$9!#$3$N%U%!%$%k$O!"(B
+$B%k!<%H$N$_$,8+$k$3$H$,$G$-$k$h$&$K$7$^$9!#(B
+$B$3$N%U%!%$%k$O!"$3$l$r@8@.$7$?%^%7%s$KBP$7$F$@$1M-8z$G$"$j!"(B
+$BB>$N%G!<%b%s$d%"%W%j%1!<%7%g%s%W%m%0%i%`$H6&M-$5$l$k$3$H$O(B
+$B7h$7$F$"$j$^$;$s!#(B
 .Pp
-The
+$B%U%!%$%k(B
 .Pa ntpkey_ Ns Ar host
-file contains the RSA public
-key, where
+$B$O(B RSA $B8x3+80$r4^$_$^$9!#$3$3$G!"(B
 .Ar host
-is the DNS name of the host that
-generated it.
-The file is read by the daemon at the location
-specified by the
-.Ar publickey
-argument to the
+$B$O!"$3$N%U%!%$%k$r@8@.$7$?%[%9%H$N(B DNS $BL>$G$9!#%G!<%b%s$O!"(B
+$B@_Dj%U%!%$%k%3%^%s%I(B
 .Ic server
-or
+$B$^$?$O!"(B
 .Ic peer
-configuration file command.
-This file can be
-widely distributed and stored without using secure means, since the
-data are public values.
+$B$N0z?t(B
+.Ar publickey
+$B$G;XDj$7$?0LCV$+$i$3$N%U%!%$%k$rFI$_9~$_$^$9!#(B
+$B$3$N%U%!%$%k$K4^$^$l$k%G!<%?$O8x3+CM$G$"$k$?$a!"$3$N%U%!%$%k$O(B
+$B0BA4$J<jCJ$K$h$i$:$H$bG[I[!"3JG<$9$k$3$H$,$G$-$^$9!#(B
 .Pp
-The
+$B%U%!%$%k(B
 .Pa ntp_dh
-file contains two Diffie-Hellman parameters:
-the prime modulus and the generator.
-The file is read by the daemon
-at the location specified by the
-.Ar dhparams
-argument of the
+$B$O!"(B2$B8D$N(B Diffie-Hellman $B%Q%i%a!<%?(B:
+$B86;O:,(B (generator) $B$HAG?t78?t(B (prime modulus)
+$B$r4^$_$^$9!#%G!<%b%s$O!"@_Dj%U%!%$%k%3%^%s%I(B
 .Ic crypto
-configuration file command.
-The file can be
-distributed by insecure means to other servers and clients sharing
-the same key agreement compartment, since the data are public
-values.
-.Pp
-The file formats begin with two lines, the first containing the
-generating system DNS name and the second the datestamp.
-Lines
-beginning with
+$B$N0z?t(B
+.Ar dhparams
+$B$K$h$j;XDj$5$l$?0LCV$+$i$3$N%U%!%$%k$rFI$_9~$_$^$9!#(B
+$B$3$N%U%!%$%k$O!"F1$8808r496h2h$r6&M-$9$kB>$N%5!<%P!"%/%i%$%"%s%H$KBP$7(B
+$B0BA4$J<jCJ$K$h$i$:$H$bG[I[$9$k$3$H$,$G$-$^$9!#(B
+.Pp
+$B%U%!%$%k7A<0$N:G=i$NItJ,$O(B2$B9T$+$i$J$j$^$9!#:G=i$N9T$O!"(B
+$B%U%!%$%k$r@8@.$7$?%7%9%F%`$N(B DNS $BL>$r4^$_!"(B2 $B9TL\$OF|IU%9%?%s%W$r(B
+$B4^$_$^$9!#(B
 .Ql #
-are considered comments and ignored by
-the daemon.
-In the 
+$B$+$i;O$^$k9T$O%3%a%s%H$H$_$J$5$l!"%G!<%b%s$O$3$N9T$rL5;k$7$^$9!#(B
+$B%U%!%$%k(B
 .Xr ntp.keys 5
-file, the next 16 lines
-contain the MD5 keys in order.
-If necessary, this file can be
-further customized by an ordinary text editor.
-The format is
-described in the following section.
-In the
+$B$NCf$G!"<!$N(B 16 $B9T$O(B MD5 $B80$r=g=xDL$j4^$_$^$9!#(B
+$BI,MW$,$"$l$P!"DL>o$N%F%-%9%H%(%G%#%?$rMQ$$$F$3$N%U%!%$%k$r$5$i$K(B
+$BJQ99$9$k$3$H$,$G$-$^$9!#<!$N%;%/%7%g%s$G$3$N7A<0$r@bL@$7$^$9!#(B
+$B%U%!%$%k(B
 .Pa ntpkey
-and
+$B$H!"(B
 .Pa ntpkey_ Ns Ar host
-files, the next line contains the
-modulus length in bits followed by the key as a PEM encoded string.
-In the
+$B$G$O!"(B
+$B<!$N9T$O78?t(B (modulus) $B$ND9$5(B ($B%S%C%HC10L(B) $B$H!"80$r(B
+PEM $B$G%3!<%I2=$7$?J8;zNs$r4^$_$^$9!#%U%!%$%k(B
 .Pa ntpkey_dh
-file, the next line contains the prime
-length in bytes followed by the prime as a PEM encoded string, and
-the next and final line contains the generator length in bytes
-followed by the generator as a PEM encoded string.
+$B$G$O!"<!$N9T$OAG?t(B (prime) $B$ND9$5(B ($B%P%$%HC10L(B) $B$H!"AG?t$r(B PEM $B$G(B
+$B%3!<%I2=$7$?J8;zNs$r4^$_$^$9!#$=$N<!$H:G8e$N9T$O86;O:,(B (generator)
+$B$ND9$5(B ($B%P%$%HC10L(B) $B$H!"86;O:,$r(B PEM $B$G%3!<%I2=$7$?J8;zNs$r4^$_$^$9!#(B
 .Pp
-Note: See the file
+$BCm0U(B: $BI,MW$,$"$l$P!"JV$7CM$N@bL@$O!"(Brsaref20 $B%Q%C%1!<%8$N%U%!%$%k(B
 .Pa ./source/rsaref.h
-in the
-rsaref20
-package for explanation of return values, if
-necessary.
-.Sh SEE ALSO
+$B$r;2>H$7$F2<$5$$!#(B
+.Sh $B4XO"9`L\(B
 .Xr ntp.keys 5 ,
 .Xr ntpdc 8 ,
 .Xr ntpq 8
-.Sh BUGS
-It can take quite a while to generate the RSA public/private key
-pair and Diffie-Hellman parameters, from a few seconds on a modern
-workstation to several minutes on older machines. 
+.Sh $B%P%0(B
+RSA $B8x3+80(B/$BHkL)80$NAH$H(B Diffie-Hellman $B%Q%i%a!<%?$r@8@.$9$k:]$K(B
+$B$+$J$j;~4V$,$+$+$k$3$H$,$"$j$^$9!#:G?7$N%o!<%/%9%F!<%7%g%s$G?tIC!"(B
+$B8E$$%^%7%s$J$i?tJ,$NHO0O$G$9!#(B
