I have few questions on ntp.keys file and need your help.
From man page, the format of ntp keys is
`keyno type key`
where type can be md5, sha1, ripemd160, sha224, sha256 etc.
I have confusion on the format of key for above types. From the man page,
The key may be printable ASCII excluding "#" or hex encoded. Keys longer than 20 characters are assumed to be hex. The max length of a (de-hexified) key is 32 bytes. If you want to use an ASCII key longer than 20 bytes, you must hexify it.
Does this restriction is for all the key types?
Actually, I am implementing a CLI for ntp authentication which will support md5, sha1, and sha256. Before creating the final ntp.keys file , I want to make sure that key is in valid format for all the types. If a user input a wrong key format for any type then I would like return error in CLI. I did some research to find out the correct format for each type.
- For
md5 I found that the The key is 1 to 16 printable characters terminated by an EOL, whitespace, or a # (which is the "start of comment" character).
- Does this mean for md5 support in ntp, I should restrict user to not input more than 16 characters?
- What are the characters I should allow in
md5 format?
- For
SHA1 I found that, The key is a hex-encoded ASCII string of 40 characters, which is truncated as necessary.
- Does this mean that the key should be exact 40 characters?
- Do all characters need to be in hex digits?
- Can I allow user to input less then 40 characters?
- For
SHA256 I didn't get much information. I want to make sure the input key from user for SHA256 should be valid and if user given some wrong input then I should give error to him. What is the correct format for SHA256?
Overall, I want to perform validation on input key for each type so a that user can not give a wrong key string. Can anyone please tell me what is the format I should allow for each type?
