client: add CMAC support to keygen command

Allow a CMAC cipher to be specified in the keygen command. Ignore the specified length as the key length is determined by the cipher.
2025-12-07 04:55:06 -05:00 · 2019-09-19 13:17:20 +02:00
parent 57957ab6cf
commit 510aa8b050
3 changed files with 26 additions and 13 deletions
--- a/doc/chronyc.adoc
+++ b/doc/chronyc.adoc
@@ -1188,10 +1188,10 @@ generated from the _/dev/urandom_ device and it is printed to standard output.
 +
 The command has three optional arguments. The first argument is the key number
 (by default 1), which will be specified with the *key* option of the *server*
-or *peer* directives in the configuration file. The second argument is the hash
-function (by default SHA1 or MD5 if SHA1 is not available) and the third
-argument is the number of bits the key should have, between 80 and 4096 bits
-(by default 160 bits).
+or *peer* directives in the configuration file. The second argument is the name
+of the hash function or cipher (by default SHA1, or MD5 if SHA1 is not
+available). The third argument is the length of the key in bits if a hash
+function was selected, between 80 and 4096 bits (by default 160 bits).
 +
 An example is:
 +