[ntp:questions] ntp-keygen IFF

David Mills mills at udel.edu
Thu May 28 05:26:29 UTC 2009


Grzegorz,

I am using here exactly what I told you. You did not provide evidence 
you use the > redirect function to produce the paramters file. I have 
nothing more to tell you. I am done with this mission. You should ask 
for help elsewhere.

Dave

Grzegorz Daniluk wrote:

>This problem I have with ntp-4.2.5p179.
>
>best regards,
>Grzegorz
>
>Grzegorz Daniluk wrote:
>  
>
>>Hi,
>>Thank you David for your patience and answers. I understand what you 
>>wrote. However, maybe once again, here is the full procedure I'm using 
>>to generate those parameters for IFF scheme (with full output that 
>>ntp-keygen gives to me):
>>
>>
>>[grzegorz at rocket ~/keys]$ ntp-keygen -T -I -p serverpasswd -s hostname
>>Using OpenSSL version 90705f
>>Using host hostname group hostname
>>Generating RSA keys (512 bits)...
>>RSA 0 4 9       1 11 24                         3 1 2
>>Generating new host file and link
>>ntpkey_host_hostname->ntpkey_RSAhost_hostname.3452396802
>>Using host key as sign key
>>Generating IFF keys (256 bits)...
>>IFF 0 31 140    1 49 135        2 1 2           3 1 4
>>Confirm g^(q - b) g^b = 1 mod p: yes
>>Confirm g^k = g^(k + b r) g^(q - b) r: yes
>>Generating new iffkey file and link
>>ntpkey_iffkey_hostname->ntpkey_IFFkey_hostname.3452396802
>>Generating new certificate hostname RSA-MD5
>>X509v3 Basic Constraints: critical,CA:TRUE
>>X509v3 Key Usage: digitalSignature,keyCertSign
>>X509v3 Extended Key Usage: trustRoot
>>Generating new cert file and link
>>ntpkey_cert_hostname->ntpkey_RSA-MD5cert_hostname.3452396802
>>
>>
>>[grzegorz at rocket ~/keys]$ ls
>>ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
>>ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
>>ntpkey_RSAhost_hostname.3452396802      ntpkey_iffkey_hostname
>>
>>
>>[grzegorz at rocket ~/keys]$ ntp-keygen -e -q serverpasswd -p clientpasswd
>>Using OpenSSL version 90705f
>>Using host rocket group rocket
>>Generating RSA keys (512 bits)...
>>RSA 0 0 209     1 11 24                         3 1 2
>>Generating new host file and link
>>ntpkey_host_rocket->ntpkey_RSAhost_rocket.3452396816
>>Using host key as sign key
>>
>>
>>[grzegorz at rocket ~/keys]$ ls
>>ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
>>ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
>>ntpkey_RSAhost_hostname.3452396802      ntpkey_host_rocket
>>ntpkey_RSAhost_rocket.3452396816        ntpkey_iffkey_hostname
>>
>>
>>my problem is that even if I would redirect the result of ntp-keygen -e 
>>to the file it still does not look like exported IFF crypto parameters. 
>>As it says (and if I understand correctly) ntp-keygen generates here new 
>>host key for my machine 'rocket' instead of exporting IFF public values. 
>>This result is exactly the same as if I would remove generated keys and run:
>>%ntp-keygen -q serverpasswd -p clientpasswd
>>so without '-e' parameter.
>>
>>thank you very much for your advise,
>>best regards,
>>Grzegorz Daniluk
>>
>>
>>David Mills wrote:
>>  
>>    
>>
>>>Grzegorz,
>>>
>>>I think this has been said before: Autokey does not work properly in the 
>>>current release version.That version includes a mongrel of old and new 
>>>files that are mutually incompatible. Autokey works only in the 
>>>development version, at least until the release version catches up.
>>>
>>>Dave
>>>_______________________________________________
>>>questions mailing list
>>>questions at lists.ntp.org
>>>https://lists.ntp.org/mailman/listinfo/questions
>>>
>>>  
>>>    
>>>      
>>>
>>_______________________________________________
>>questions mailing list
>>questions at lists.ntp.org
>>https://lists.ntp.org/mailman/listinfo/questions
>>
>>  
>>    
>>
>
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>  
>




More information about the questions mailing list