[ntp:questions] ntp-keygen IFF

David Mills mills at udel.edu
Wed May 27 13:52:17 UTC 2009


Grzegorz ,

Please review your Unix documentation on how to redirect standare outpu. 
I see no ">" character on your command line. Also, including both a -e 
and -q option on the same command line would lead to a most confusing 
redirected file.

Dave

Grzegorz Daniluk wrote:

>Hi,
>Thank you David for your patience and answers. I understand what you 
>wrote. However, maybe once again, here is the full procedure I'm using 
>to generate those parameters for IFF scheme (with full output that 
>ntp-keygen gives to me):
>
>
>[grzegorz at rocket ~/keys]$ ntp-keygen -T -I -p serverpasswd -s hostname
>Using OpenSSL version 90705f
>Using host hostname group hostname
>Generating RSA keys (512 bits)...
>RSA 0 4 9       1 11 24                         3 1 2
>Generating new host file and link
>ntpkey_host_hostname->ntpkey_RSAhost_hostname.3452396802
>Using host key as sign key
>Generating IFF keys (256 bits)...
>IFF 0 31 140    1 49 135        2 1 2           3 1 4
>Confirm g^(q - b) g^b = 1 mod p: yes
>Confirm g^k = g^(k + b r) g^(q - b) r: yes
>Generating new iffkey file and link
>ntpkey_iffkey_hostname->ntpkey_IFFkey_hostname.3452396802
>Generating new certificate hostname RSA-MD5
>X509v3 Basic Constraints: critical,CA:TRUE
>X509v3 Key Usage: digitalSignature,keyCertSign
>X509v3 Extended Key Usage: trustRoot
>Generating new cert file and link
>ntpkey_cert_hostname->ntpkey_RSA-MD5cert_hostname.3452396802
>
>
>[grzegorz at rocket ~/keys]$ ls
>ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
>ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
>ntpkey_RSAhost_hostname.3452396802      ntpkey_iffkey_hostname
>
>
>[grzegorz at rocket ~/keys]$ ntp-keygen -e -q serverpasswd -p clientpasswd
>Using OpenSSL version 90705f
>Using host rocket group rocket
>Generating RSA keys (512 bits)...
>RSA 0 0 209     1 11 24                         3 1 2
>Generating new host file and link
>ntpkey_host_rocket->ntpkey_RSAhost_rocket.3452396816
>Using host key as sign key
>
>
>[grzegorz at rocket ~/keys]$ ls
>ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
>ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
>ntpkey_RSAhost_hostname.3452396802      ntpkey_host_rocket
>ntpkey_RSAhost_rocket.3452396816        ntpkey_iffkey_hostname
>
>
>my problem is that even if I would redirect the result of ntp-keygen -e 
>to the file it still does not look like exported IFF crypto parameters. 
>As it says (and if I understand correctly) ntp-keygen generates here new 
>host key for my machine 'rocket' instead of exporting IFF public values. 
>This result is exactly the same as if I would remove generated keys and run:
>%ntp-keygen -q serverpasswd -p clientpasswd
>so without '-e' parameter.
>
>thank you very much for your advise,
>best regards,
>Grzegorz Daniluk
>
>
>David Mills wrote:
>  
>
>>Grzegorz,
>>
>>I think this has been said before: Autokey does not work properly in the 
>>current release version.That version includes a mongrel of old and new 
>>files that are mutually incompatible. Autokey works only in the 
>>development version, at least until the release version catches up.
>>
>>Dave
>>_______________________________________________
>>questions mailing list
>>questions at lists.ntp.org
>>https://lists.ntp.org/mailman/listinfo/questions
>>
>>  
>>    
>>
>
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>  
>




More information about the questions mailing list