This problem I have with ntp-4.2.5p179. best regards, Grzegorz
Grzegorz Daniluk wrote: > Hi, > Thank you David for your patience and answers. I understand what you > wrote. However, maybe once again, here is the full procedure I'm using > to generate those parameters for IFF scheme (with full output that > ntp-keygen gives to me): > > > [grzeg...@rocket ~/keys]$ ntp-keygen -T -I -p serverpasswd -s hostname > Using OpenSSL version 90705f > Using host hostname group hostname > Generating RSA keys (512 bits)... > RSA 0 4 9 1 11 24 3 1 2 > Generating new host file and link > ntpkey_host_hostname->ntpkey_RSAhost_hostname.3452396802 > Using host key as sign key > Generating IFF keys (256 bits)... > IFF 0 31 140 1 49 135 2 1 2 3 1 4 > Confirm g^(q - b) g^b = 1 mod p: yes > Confirm g^k = g^(k + b r) g^(q - b) r: yes > Generating new iffkey file and link > ntpkey_iffkey_hostname->ntpkey_IFFkey_hostname.3452396802 > Generating new certificate hostname RSA-MD5 > X509v3 Basic Constraints: critical,CA:TRUE > X509v3 Key Usage: digitalSignature,keyCertSign > X509v3 Extended Key Usage: trustRoot > Generating new cert file and link > ntpkey_cert_hostname->ntpkey_RSA-MD5cert_hostname.3452396802 > > > [grzeg...@rocket ~/keys]$ ls > ntpkey_IFFkey_hostname.3452396802 ntpkey_cert_hostname > ntpkey_RSA-MD5cert_hostname.3452396802 ntpkey_host_hostname > ntpkey_RSAhost_hostname.3452396802 ntpkey_iffkey_hostname > > > [grzeg...@rocket ~/keys]$ ntp-keygen -e -q serverpasswd -p clientpasswd > Using OpenSSL version 90705f > Using host rocket group rocket > Generating RSA keys (512 bits)... > RSA 0 0 209 1 11 24 3 1 2 > Generating new host file and link > ntpkey_host_rocket->ntpkey_RSAhost_rocket.3452396816 > Using host key as sign key > > > [grzeg...@rocket ~/keys]$ ls > ntpkey_IFFkey_hostname.3452396802 ntpkey_cert_hostname > ntpkey_RSA-MD5cert_hostname.3452396802 ntpkey_host_hostname > ntpkey_RSAhost_hostname.3452396802 ntpkey_host_rocket > ntpkey_RSAhost_rocket.3452396816 ntpkey_iffkey_hostname > > > my problem is that even if I would redirect the result of ntp-keygen -e > to the file it still does not look like exported IFF crypto parameters. > As it says (and if I understand correctly) ntp-keygen generates here new > host key for my machine 'rocket' instead of exporting IFF public values. > This result is exactly the same as if I would remove generated keys and run: > %ntp-keygen -q serverpasswd -p clientpasswd > so without '-e' parameter. > > thank you very much for your advise, > best regards, > Grzegorz Daniluk > > > David Mills wrote: > >> Grzegorz, >> >> I think this has been said before: Autokey does not work properly in the >> current release version.That version includes a mongrel of old and new >> files that are mutually incompatible. Autokey works only in the >> development version, at least until the release version catches up. >> >> Dave >> _______________________________________________ >> questions mailing list >> [email protected] >> https://lists.ntp.org/mailman/listinfo/questions >> >> >> > > _______________________________________________ > questions mailing list > [email protected] > https://lists.ntp.org/mailman/listinfo/questions > > _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
