[ntp:questions] ntp-keygen IFF

Grzegorz Daniluk lin_g at o2.pl
Wed May 27 14:14:34 UTC 2009


Hi

I know how to make the stdout redirection. My point is, that what 
ntp-keygen in development version 4.2.4p179 produces to the stdout is 
not the public crypto values needed for client in IFF scheme. Actually 
there is no difference in the output text when using or not using '-e' 
option.

thank you for your suggestions,
best regards,
Grzegorz Daniluk

David Mills wrote:
> Grzegorz ,
>
> Please review your Unix documentation on how to redirect standare outpu. 
> I see no ">" character on your command line. Also, including both a -e 
> and -q option on the same command line would lead to a most confusing 
> redirected file.
>
> Dave
>
> Grzegorz Daniluk wrote:
>
>   
>> Hi,
>> Thank you David for your patience and answers. I understand what you 
>> wrote. However, maybe once again, here is the full procedure I'm using 
>> to generate those parameters for IFF scheme (with full output that 
>> ntp-keygen gives to me):
>>
>>
>> [grzegorz at rocket ~/keys]$ ntp-keygen -T -I -p serverpasswd -s hostname
>> Using OpenSSL version 90705f
>> Using host hostname group hostname
>> Generating RSA keys (512 bits)...
>> RSA 0 4 9       1 11 24                         3 1 2
>> Generating new host file and link
>> ntpkey_host_hostname->ntpkey_RSAhost_hostname.3452396802
>> Using host key as sign key
>> Generating IFF keys (256 bits)...
>> IFF 0 31 140    1 49 135        2 1 2           3 1 4
>> Confirm g^(q - b) g^b = 1 mod p: yes
>> Confirm g^k = g^(k + b r) g^(q - b) r: yes
>> Generating new iffkey file and link
>> ntpkey_iffkey_hostname->ntpkey_IFFkey_hostname.3452396802
>> Generating new certificate hostname RSA-MD5
>> X509v3 Basic Constraints: critical,CA:TRUE
>> X509v3 Key Usage: digitalSignature,keyCertSign
>> X509v3 Extended Key Usage: trustRoot
>> Generating new cert file and link
>> ntpkey_cert_hostname->ntpkey_RSA-MD5cert_hostname.3452396802
>>
>>
>> [grzegorz at rocket ~/keys]$ ls
>> ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
>> ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
>> ntpkey_RSAhost_hostname.3452396802      ntpkey_iffkey_hostname
>>
>>
>> [grzegorz at rocket ~/keys]$ ntp-keygen -e -q serverpasswd -p clientpasswd
>> Using OpenSSL version 90705f
>> Using host rocket group rocket
>> Generating RSA keys (512 bits)...
>> RSA 0 0 209     1 11 24                         3 1 2
>> Generating new host file and link
>> ntpkey_host_rocket->ntpkey_RSAhost_rocket.3452396816
>> Using host key as sign key
>>
>>
>> [grzegorz at rocket ~/keys]$ ls
>> ntpkey_IFFkey_hostname.3452396802       ntpkey_cert_hostname
>> ntpkey_RSA-MD5cert_hostname.3452396802  ntpkey_host_hostname
>> ntpkey_RSAhost_hostname.3452396802      ntpkey_host_rocket
>> ntpkey_RSAhost_rocket.3452396816        ntpkey_iffkey_hostname
>>
>>
>> my problem is that even if I would redirect the result of ntp-keygen -e 
>> to the file it still does not look like exported IFF crypto parameters. 
>> As it says (and if I understand correctly) ntp-keygen generates here new 
>> host key for my machine 'rocket' instead of exporting IFF public values. 
>> This result is exactly the same as if I would remove generated keys and run:
>> %ntp-keygen -q serverpasswd -p clientpasswd
>> so without '-e' parameter.
>>
>> thank you very much for your advise,
>> best regards,
>> Grzegorz Daniluk
>>
>>
>>     
>> _______________________________________________
>> questions mailing list
>> questions at lists.ntp.org
>> https://lists.ntp.org/mailman/listinfo/questions
>>  
>>
>>     
>
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/questions
>
>   




More information about the questions mailing list