[ntp:questions] ntp-keygen IFF

Grzegorz Daniluk lin_g at o2.pl
Wed May 27 14:06:20 UTC 2009


This problem I have with ntp-4.2.5p179.

best regards,
Grzegorz

Grzegorz Daniluk wrote:
> Hi,
> Thank you David for your patience and answers. I understand what you 
> wrote. However, maybe once again, here is the full procedure I'm using 
> to generate those parameters for IFF scheme (with full output that 
> ntp-keygen gives to me):
>
>
> [grzegorz at rocket ~/keys]$ ntp-keygen -T -I -p serverpasswd -s hostname
> Using OpenSSL version 90705f
> Using host hostname group hostname
> Generating RSA keys (512 bits)...
> RSA 0 4 9       1 11 24                         3 1 2
> Generating new host file and link
> ntpkey_host_hostname->ntpkey_RSAhost_hostname.3452396802
> Using host key as sign key
> Generating IFF keys (256 bits)...
> IFF 0 31 140    1 49 135        2 1 2           3 1 4
> Confirm g^(q - b) g^b = 1 mod p: yes
> Confirm g^k = g^(k + b r) g^(q - b) r: yes
> Generating new iffkey file and link
> ntpkey_iffkey_hostname->ntpkey_IFFkey_hostname.3452396802
> Generating new certificate hostname RSA-MD5
> X509v3 Basic Constraints: critical,CA:TRUE
> X509v3 Key Usage: digitalSignature,keyCertSign
> X509v3 Extended Key Usage: trustRoot
> Generating new cert file and link
> ntpkey_cert_hostname->ntpkey_RSA-MD5cert_hostname.3452396802
>
>
> [grzegorz at rocket ~/keys]$ ls
> ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
> ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
> ntpkey_RSAhost_hostname.3452396802      ntpkey_iffkey_hostname
>
>
> [grzegorz at rocket ~/keys]$ ntp-keygen -e -q serverpasswd -p clientpasswd
> Using OpenSSL version 90705f
> Using host rocket group rocket
> Generating RSA keys (512 bits)...
> RSA 0 0 209     1 11 24                         3 1 2
> Generating new host file and link
> ntpkey_host_rocket->ntpkey_RSAhost_rocket.3452396816
> Using host key as sign key
>
>
> [grzegorz at rocket ~/keys]$ ls
> ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
> ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
> ntpkey_RSAhost_hostname.3452396802      ntpkey_host_rocket
> ntpkey_RSAhost_rocket.3452396816        ntpkey_iffkey_hostname
>
>
> my problem is that even if I would redirect the result of ntp-keygen -e 
> to the file it still does not look like exported IFF crypto parameters. 
> As it says (and if I understand correctly) ntp-keygen generates here new 
> host key for my machine 'rocket' instead of exporting IFF public values. 
> This result is exactly the same as if I would remove generated keys and run:
> %ntp-keygen -q serverpasswd -p clientpasswd
> so without '-e' parameter.
>
> thank you very much for your advise,
> best regards,
> Grzegorz Daniluk
>
>
> David Mills wrote:
>   
>> Grzegorz,
>>
>> I think this has been said before: Autokey does not work properly in the 
>> current release version.That version includes a mongrel of old and new 
>> files that are mutually incompatible. Autokey works only in the 
>> development version, at least until the release version catches up.
>>
>> Dave
>> _______________________________________________
>> questions mailing list
>> questions at lists.ntp.org
>> https://lists.ntp.org/mailman/listinfo/questions
>>
>>   
>>     
>
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/questions
>
>   




More information about the questions mailing list