© MOBATIME
60 / 84
800847.08
8.8.1
NTP symmetric keys
A 32-bit key ID and a cryptographic 64/128-bit check sum of the packet is attached to
each NTP IP packet.
The following algorithms are used for this purpose:
Data Encryption Standard (DES)
(partly restricted in North America and no longer integrated into new NTP variants
(>V4.2))
Message Digest (MD5)
The DTS 4128 only supports the MD5 procedure.
The receiving NTP service calculates the check sum with an algorithm and compares it
with the one contained in the packet. Both NTP services must have the same
encryption key and the same corresponding key ID for this purpose.
Packets with a wrong key or wrong check sum will not be used for synchronization .
The DTS 4138 must be correspondingly configured to be able to use NTP
authentication (chapter 6.5.8 NTP server). The NTP service of the other equipment
(e.g. server, PC...) must also be configured. In the case of standard NTP, this occurs
via the ntp.conf file:
# path for key file
keys /etc/ntp/ntp.keys
trustedkey 1 2 3 4 5 6# define trusted keys
requestkey 4 # key (7) for accessing server variables
controlkey 5 # key (6) for accessing server variables
server ntp1.test.org key 2
server ntp2.test.org key 6
server 192.168.23.5 key 3
The description of the ntp.conf file can be accessed via the corresponding man-page,
or consulted at http://www.eecis.udel.edu/~mills/ntp/html/authopt.html
The authentication mode is automatically activated when a key is used and the paths
for the keys have been correspondingly configured.
trustedkey
defines all keys currently permitted
requestkey
defines the key for the ntpq help tool.
controlkey
defines the key for the ntpdc help tool.
The keys are located in the ntp.keys file defined with
keys
. This has the following
format:
1 M TestTest
2 M df2ab658
15 M I_see!
498 M NTPv4.98
The key ID is in the first column of the file, the format of the keys in the second defined
column, and the key itself in the third. There are four key formats, however, nowadays
only the MD5 is still used
M. The letter M is no longer written for new NTP variants
(>V4.2) and is only necessary for backwards compatibility.
The signs ' ', '#', '\t', '\n' and '\0' are not used in the MD5 ASCII key! Key 0 is reserved
for special purposes and should therefore not be used here.
ntp.keys: man page for ntp.keys to be noted (check the internet)