Example Security Association file as specified by the sa_file directive. See the file, ptp4l.8, for additional information.

[security_association]
#
# spp is valid from [0-255] inclusive, the port spp value should match
# for each port this security association is to be enforced.
#
spp 0
#
# allow_mutable allows for mutable correction fields if on path
# authentication tlv support is not possible. This option is NOT
# recommended as it leaves the correction field unprotected.
#
allow_mutable 1
#
# key lines should be in the format: id type length value
# - id:     Must be in the range of 1 to 2^32-1, inclusive.
# - type:   Allowed are SHA256-128, SHA256, AES128, AES256.
# - length: Optional verification key length in octets. Used to
#           verify the key value is of the length specified.
# - value:  Can be read as ASCII characters with the "ASCII:" prefix,
#           as a hexadecimal number with the "HEX:" prefix or as a
#           Base64 encoded string with the "B64:" prefix. If no
#           prefix is included, ASCII is assumed. Key values should
#           be randomally generated if possible. Ciphers (AES)
#           require the key length to match the cipher length
#           (ie AES-128 requires key of 128 bits or 16 bytes).
#
# Key ID 1 with 'SHA256-128' and 256 bits key, written in hexadecimal
1 SHA256-128 HEX:F8ADC6B8B8E9AA709106BA42481EC9E29607334DE2C3C737A11A12931DB27F8C
# Key ID 2 with 'SHA256' and 256 bits key, written in hexadecimal
# and specify the key octet length of 32
2 SHA256 32 HEX:EE91D469B3A8ADC6AC8EB28E21794C706E08FDE48863828A7B0281AFCA81B17D

[security_association]
spp 1
#
# seqid_window defines how far sequence id of an incoming sync/follow_up
# message can advance from the last successfully processed sync/follow_up
# before being considered a replayed message.
#
seqid_window 20
# Key ID 1 with 'AES128' and 128 bits key, written in hexadecimal
1 AES128 HEX:FAF48EBA01E7C5966A76CB787AED4E7B
# Key ID 2 with 'AES256' and 256 bits key, written in Base64
2 AES256 B64:PKTF9VQz94qPaoAzW4eE3JtFoQ8Ov1OTQSojalWyMbs=
# Key ID 3 with 'SHA256' and 208 bits key, written in ASCII
# and specify the key octet length of 26
3 SHA256 26 abcdefghijklmnopqrstuvwxyz