[ntp:questions] ntp-keygen and openssl
Victor Jesus Angus
shurvic at yahoo.com
Fri Jun 19 10:34:37 UTC 2009
Looking back into this, I looked at the source code of ntp-keygen and at the same time playing with the command line arguments of openssl.
Is it right to say that ntp-keygen was created as a convenient tool and everything it can do has an equivalent openssl command?
For example to create a host key,
$ ntp-keygen -H -p pass
is the same with
$ openssl req -newkey rsa:512 -md5 -x509 -days 365 -keyout ntpkey... something blah blah (I haven't really figured out yet the exact arguments)
I am currently weighing the benefits of just using ntp-keygen entirely or
use our existing infrastructure that executes the openssl command to create public/private keys.
--- On Sat, 5/9/09, David Mills <mills at udel.edu> wrote:
> From: David Mills <mills at udel.edu>
> Subject: Re: [ntp:questions] ntp-keygen and openssl
> To: questions at lists.ntp.org
> Date: Saturday, May 9, 2009, 7:50 AM
> Look in the ntp-geygen source file. See the gen_iff()
> routine. Look in
> the ntp_crypto.c file for the crypto_alice(), crypto_bob()
> crypto_iff() routines.
> Victor Jesus Angus wrote:
> >If on the NTP client only host, there is no ntp-keygen
> but openssl is available, what are the equivalent openssl
> commands to generate certificates with the Schnorr (IFF)
> >questions mailing list
> >questions at lists.ntp.org
> questions mailing list
> questions at lists.ntp.org
More information about the questions