[ntp:hackers] SHA1 for symmetric keys?

brian utterback brian.utterback at oracle.com
Thu Dec 10 12:58:37 UTC 2015

That isn't it. I already build with OpenSSL enabled. I didn't explicitly
set "--with-crypto", but the config.log file has this:

configure:33777: checking if we will use crypto
configure:33779: result: yes

And running ntp-keygen creates the file with the SHA1 keys just fine.
But ntpd won't accept them.

On 12/10/2015 2:11 AM, Hal Murray wrote:
> brian.utterback at oracle.com said:
>> Does ntpd support SHA1 for symmetric keys? Looking at the docs it suggests
>> that the ntp.keys file should be generated with ntp-keygen rather than by
>> manual editing. Running ntp-keygen creates a file with both MD5 and SHA1
>> keys, but when I try to use them ntpd says "invalid key type" for all of the
>> SHA1 keys. Not to mention I never heard anyone say not to edit the ntp.keys
>> file by hand. Am I misunderstanding the whole thing? 
> I don't know of any reason why you can't edit your keys file by hand.  (There 
> are plenty of ways to screw it up, but that's a different issue.)
> SHA1symmetric keys  do work, but it requires a library.  I have a test case 
> working after configuring with --with-crypto
> If you don't have the library available when you build ntp-keygen, it won't 
> make any SHA1 keys.  If it does make SHA1 keys, the library is installed on 
> your system and I think all you have to do is find the right options when 
> configuring to make ntpd.

Oracle <http://www.oracle.com>
Brian Utterback | Principle Software Engineer
Phone: +1 6038973049 <tel:+1%206038973049>
Oracle Systems/RPE Solaris Network
1 Oracle Dr. | Nashua, NH 03062
All working systems eventually start to exhibit their own agenda
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
developing practices and products that help protect the environment

More information about the hackers mailing list