[ntp:questions] ntp-keygen and openssl

Victor Jesus Angus shurvic at yahoo.com
Fri Jun 19 10:34:37 UTC 2009


Hello Dave,

Looking back into this, I looked at the source code of ntp-keygen and at the same time playing with the command line arguments of openssl.

Is it right to say that ntp-keygen was created as a convenient tool and everything it can do has an equivalent openssl command? 

For example to create a host key,

$ ntp-keygen -H -p pass

is the same with

$ openssl req -newkey rsa:512 -md5 -x509 -days 365 -keyout ntpkey... something blah blah (I haven't really figured out yet the exact arguments)

I am currently weighing the benefits of just using ntp-keygen entirely or 
use our existing infrastructure that executes the openssl command to create public/private keys.

Thanks.

Victor


--- On Sat, 5/9/09, David Mills <mills at udel.edu> wrote:

> From: David Mills <mills at udel.edu>
> Subject: Re: [ntp:questions] ntp-keygen and openssl
> To: questions at lists.ntp.org
> Date: Saturday, May 9, 2009, 7:50 AM
> Victor,
> 
> Look in the ntp-geygen source file. See the gen_iff()
> routine. Look in 
> the ntp_crypto.c file for the crypto_alice(), crypto_bob()
> and 
> crypto_iff() routines.
> 
> Dave
> 
> Victor Jesus Angus wrote:
> 
> >If on the NTP client only host, there is no ntp-keygen
> but openssl is available, what are the equivalent openssl
> commands to generate certificates with the Schnorr (IFF)
> scheme?
> >
> >Thanks.
> >
> >Victor
> >
> >
> >      
> >_______________________________________________
> >questions mailing list
> >questions at lists.ntp.org
> >https://lists.ntp.org/mailman/listinfo/questions
> >  
> >
> 
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/questions
>


      



More information about the questions mailing list