[ntp:questions] ntp-keygen IFF
Grzegorz Daniluk
lin_g at o2.pl
Wed May 27 07:18:05 UTC 2009
Hi,
Thank you David for your patience and answers. I understand what you
wrote. However, maybe once again, here is the full procedure I'm using
to generate those parameters for IFF scheme (with full output that
ntp-keygen gives to me):
[grzegorz at rocket ~/keys]$ ntp-keygen -T -I -p serverpasswd -s hostname
Using OpenSSL version 90705f
Using host hostname group hostname
Generating RSA keys (512 bits)...
RSA 0 4 9 1 11 24 3 1 2
Generating new host file and link
ntpkey_host_hostname->ntpkey_RSAhost_hostname.3452396802
Using host key as sign key
Generating IFF keys (256 bits)...
IFF 0 31 140 1 49 135 2 1 2 3 1 4
Confirm g^(q - b) g^b = 1 mod p: yes
Confirm g^k = g^(k + b r) g^(q - b) r: yes
Generating new iffkey file and link
ntpkey_iffkey_hostname->ntpkey_IFFkey_hostname.3452396802
Generating new certificate hostname RSA-MD5
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
X509v3 Extended Key Usage: trustRoot
Generating new cert file and link
ntpkey_cert_hostname->ntpkey_RSA-MD5cert_hostname.3452396802
[grzegorz at rocket ~/keys]$ ls
ntpkey_IFFkey_hostname.3452396802 ntpkey_cert_hostname
ntpkey_RSA-MD5cert_hostname.3452396802 ntpkey_host_hostname
ntpkey_RSAhost_hostname.3452396802 ntpkey_iffkey_hostname
[grzegorz at rocket ~/keys]$ ntp-keygen -e -q serverpasswd -p clientpasswd
Using OpenSSL version 90705f
Using host rocket group rocket
Generating RSA keys (512 bits)...
RSA 0 0 209 1 11 24 3 1 2
Generating new host file and link
ntpkey_host_rocket->ntpkey_RSAhost_rocket.3452396816
Using host key as sign key
[grzegorz at rocket ~/keys]$ ls
ntpkey_IFFkey_hostname.3452396802 ntpkey_cert_hostname
ntpkey_RSA-MD5cert_hostname.3452396802 ntpkey_host_hostname
ntpkey_RSAhost_hostname.3452396802 ntpkey_host_rocket
ntpkey_RSAhost_rocket.3452396816 ntpkey_iffkey_hostname
my problem is that even if I would redirect the result of ntp-keygen -e
to the file it still does not look like exported IFF crypto parameters.
As it says (and if I understand correctly) ntp-keygen generates here new
host key for my machine 'rocket' instead of exporting IFF public values.
This result is exactly the same as if I would remove generated keys and run:
%ntp-keygen -q serverpasswd -p clientpasswd
so without '-e' parameter.
thank you very much for your advise,
best regards,
Grzegorz Daniluk
David Mills wrote:
> Grzegorz,
>
> I think this has been said before: Autokey does not work properly in the
> current release version.That version includes a mongrel of old and new
> files that are mutually incompatible. Autokey works only in the
> development version, at least until the release version catches up.
>
> Dave
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/questions
>
>
More information about the questions
mailing list