After developing rkik, I realized there wasn't a standalone NTS library available, only full implementations embedded in larger projects.
I needed a simple, reusable library for secure time synchronization, so I started exploring options.
I tested several approaches, trying to extract NTS functionality from various implementations, but ran into issues with each one. Some were too tightly coupled to their parent projects, others had incomplete APIs, and many weren't designed to be used as libraries at all. After considerable trial and error, I finally found ntpd-rs from the Pendulum Project, which had solid, well-structured code that could be adapted into a standalone library.
What is NTS?
Network Time Security (NTS) is a security extension for NTP (Network Time Protocol) defined in RFC 8915. While NTP has been the backbone of internet time synchronization for decades, it was designed in an era before widespread security threats.
NTS adds three critical security features:
- Authentication: Cryptographic verification that time data comes from the expected server
- Encryption: Protection of time synchronization traffic from eavesdropping
- Replay attack resistance: Each query uses unique authentication cookies
The protocol works in two phases: an initial TLS-based key exchange (NTS-KE), followed by authenticated UDP-based NTP queries using the negotiated keys and cookies. Why rkik-nts? rkik-nts provides a simple, ergonomic API for Rust applications that need secure time synchronization without implementing the full NTS protocol themselves.
Looking for Feedback and Contributors This is a new library and I will be actively maintaining it. I'd love to hear:
- Use cases you have for NTS in your projects
- API improvements or missing features
- Bug reports and performance feedback
- Contributions welcome—whether it's code, documentation, or examples
If you're working on time-sensitive applications, embedded systems, or anything requiring secure time synchronization, give it a try and let me know how it works for you. Acknowledgments Huge thanks to the Pendulum Project and Tweede golf for ntpd-rs, which made this library possible. Their memory-safe NTP implementation provided the solid foundation I needed. The library is available on crates.io as rkik-nts and on GitHub at https://github.com/aguacero7/rkik-nts
After developing rkik, I realized there wasn't a standalone NTS library available, only full implementations embedded in larger projects.
I needed a simple, reusable library for secure time synchronization, so I started exploring options. I tested several approaches, trying to extract NTS functionality from various implementations, but ran into issues with each one. Some were too tightly coupled to their parent projects, others had incomplete APIs, and many weren't designed to be used as libraries at all. After considerable trial and error, I finally found ntpd-rs from the Pendulum Project, which had solid, well-structured code that could be adapted into a standalone library.
What is NTS? Network Time Security (NTS) is a security extension for NTP (Network Time Protocol) defined in RFC 8915. While NTP has been the backbone of internet time synchronization for decades, it was designed in an era before widespread security threats.
NTS adds three critical security features: - Authentication: Cryptographic verification that time data comes from the expected server - Encryption: Protection of time synchronization traffic from eavesdropping - Replay attack resistance: Each query uses unique authentication cookies
The protocol works in two phases: an initial TLS-based key exchange (NTS-KE), followed by authenticated UDP-based NTP queries using the negotiated keys and cookies. Why rkik-nts? rkik-nts provides a simple, ergonomic API for Rust applications that need secure time synchronization without implementing the full NTS protocol themselves.
Looking for Feedback and Contributors This is a new library and I will be actively maintaining it. I'd love to hear: - Use cases you have for NTS in your projects - API improvements or missing features - Bug reports and performance feedback - Contributions welcome—whether it's code, documentation, or examples
If you're working on time-sensitive applications, embedded systems, or anything requiring secure time synchronization, give it a try and let me know how it works for you. Acknowledgments Huge thanks to the Pendulum Project and Tweede golf for ntpd-rs, which made this library possible. Their memory-safe NTP implementation provided the solid foundation I needed. The library is available on crates.io as rkik-nts and on GitHub at https://github.com/aguacero7/rkik-nts