[ntp:questions] ntp-keygen IFF

Grzegorz Daniluk lin_g at o2.pl
Wed Jun 10 08:35:09 UTC 2009


Hi David,
Why -e and -q options together are confusing ? As I understand correctly 
by -q we give the password to the encrypted private key to openssl to 
export the public values (which is made by -e option). When using 
standalone openssl for des parameters generation and exporting public 
values we need to provide the password since the private key is 
encrypted with des-cbc. Shouldn't they (-e and -q) cooperate ?

Best Regards,
Grzegorz Daniluk

David Mills wrote:
> Grzegorz,
>
> Using -e and -q on the same command linke is very confusing.
>
> Dave
>
> DP MPGrzegorz Daniluk wrote:
>
>   
>> I know that you wrote the autokey does not work correctly in release 
>> versions of ntp, but just to compare, please take a look what ntp-keygen 
>> v4.2.4p7 prints out when using with '-e' option:
>> %ntp-keygen -e -q serverpasswd -p clientpasswd > group.key
>> %cat group.key
>> # ntpkey_IFFkey_NTS-MAILING.3452839997
>> # Mon Jun  1 10:17:23 2009
>> -----BEGIN DSA PRIVATE KEY-----
>> Proc-Type: 4,ENCRYPTED
>> DEK-Info: DES-CBC,1D2DFBB832FEA76E
>>
>> 25WSbcAIhKY5rSIqFnfkJ0Q7UTCTJZmsRMPXqf9uiUrQTzVO0tnm93D+fxgPvBVc
>> bfyMF4YMN/U/tjgMEJFbHVwpkwuNjFab1wr2FqfK3R1Rkb3nkQaE8GMBpY+SZ2Ff
>> WSwqqWJeYpQ5EuK5P3MZTEpWVjEqlAda0xBnbi4aQpNKyvFHVW+4WBhZMYdJrlMd
>> M8CdLJtB1Cuoc+1nx8GOLyv1xLnP6At6G+3s5J43SGSB16aAfZEgRTDBQnMVGV3s
>> BrJie38OoCXpDZFK3/NtbiHgnLPgGjdR70LdUufxlLT6iaCy4GSOLuoW2Ixc+yg0
>> -----END DSA PRIVATE KEY-----
>>
>> That, in fact looks like correctly exported crypto values for iff 
>> scheme. As I wrote before, ntp-keygen in development version gives 
>> something totally different that does not look like exported crypto 
>> values and after redirecting by '>' gives empty file.
>>
>> Please advise,
>> best regards,
>> Grzegorz
>>
>> David Mills wrote:
>>  
>>
>>     
>>> Grzegorz,
>>>
>>> I am using here exactly what I told you. You did not provide evidence 
>>> you use the > redirect function to produce the paramters file. I have 
>>> nothing more to tell you. I am done with this mission. You should ask 
>>> for help elsewhere.
>>>
>>> Dave
>>>  
>>>
>>> _______________________________________________
>>> questions mailing list
>>> questions at lists.ntp.org
>>> https://lists.ntp.org/mailman/listinfo/questions
>>>
>>>  
>>>    
>>>
>>>       
>> _______________________________________________
>> questions mailing list
>> questions at lists.ntp.org
>> https://lists.ntp.org/mailman/listinfo/questions
>>  
>>
>>     
>
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/questions
>
>   




More information about the questions mailing list