[ntp:questions] ntp-keygen IFF

Grzegorz Daniluk lin_g at o2.pl
Wed May 27 07:18:05 UTC 2009


Hi,
Thank you David for your patience and answers. I understand what you 
wrote. However, maybe once again, here is the full procedure I'm using 
to generate those parameters for IFF scheme (with full output that 
ntp-keygen gives to me):


[grzegorz at rocket ~/keys]$ ntp-keygen -T -I -p serverpasswd -s hostname
Using OpenSSL version 90705f
Using host hostname group hostname
Generating RSA keys (512 bits)...
RSA 0 4 9       1 11 24                         3 1 2
Generating new host file and link
ntpkey_host_hostname->ntpkey_RSAhost_hostname.3452396802
Using host key as sign key
Generating IFF keys (256 bits)...
IFF 0 31 140    1 49 135        2 1 2           3 1 4
Confirm g^(q - b) g^b = 1 mod p: yes
Confirm g^k = g^(k + b r) g^(q - b) r: yes
Generating new iffkey file and link
ntpkey_iffkey_hostname->ntpkey_IFFkey_hostname.3452396802
Generating new certificate hostname RSA-MD5
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
X509v3 Extended Key Usage: trustRoot
Generating new cert file and link
ntpkey_cert_hostname->ntpkey_RSA-MD5cert_hostname.3452396802


[grzegorz at rocket ~/keys]$ ls
ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
ntpkey_RSAhost_hostname.3452396802      ntpkey_iffkey_hostname


[grzegorz at rocket ~/keys]$ ntp-keygen -e -q serverpasswd -p clientpasswd
Using OpenSSL version 90705f
Using host rocket group rocket
Generating RSA keys (512 bits)...
RSA 0 0 209     1 11 24                         3 1 2
Generating new host file and link
ntpkey_host_rocket->ntpkey_RSAhost_rocket.3452396816
Using host key as sign key


[grzegorz at rocket ~/keys]$ ls
ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
ntpkey_RSAhost_hostname.3452396802      ntpkey_host_rocket
ntpkey_RSAhost_rocket.3452396816        ntpkey_iffkey_hostname


my problem is that even if I would redirect the result of ntp-keygen -e 
to the file it still does not look like exported IFF crypto parameters. 
As it says (and if I understand correctly) ntp-keygen generates here new 
host key for my machine 'rocket' instead of exporting IFF public values. 
This result is exactly the same as if I would remove generated keys and run:
%ntp-keygen -q serverpasswd -p clientpasswd
so without '-e' parameter.

thank you very much for your advise,
best regards,
Grzegorz Daniluk


David Mills wrote:
> Grzegorz,
>
> I think this has been said before: Autokey does not work properly in the 
> current release version.That version includes a mongrel of old and new 
> files that are mutually incompatible. Autokey works only in the 
> development version, at least until the release version catches up.
>
> Dave
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/questions
>
>   




More information about the questions mailing list