Ntp-keygen.c

This program generates encrypted data files using the password, following the AutoKey security Protocol and NTPV4. The file name is prefixed with the header of the name and creation time, followed by a type-defined descriptor label and a PEM-encrypted data structure and compatible with the OpenSSL library.

All filenames are similar to "ntpkey_<type>_

Ntpkey_md5key_

The MD5 (128-bit) key is used to compute the message digest in the symmetric key encryption algorithm

Ntpkey_rsahost_

Ntpkey_host_

The RSA private/public host key pair is used in the public key signature.

Ntpkey_rsasign_Ntpkey_sign_

The RSA private/public sign key pair is used in the public key signature.

Ntpkey_dsasign_Ntpkey_sign_

The DSA private/public sign key pair is used in the public key signature.

Available Summary/Signature scenarios

RSA:RSA-MD2, Rsa-md5, Rsa-sha, RSA-SHA1, RSA-MDC2, evp-ripemd160

Dsa:dsa-sha, DSA-SHA1

Ntpkey_xxxcert_Ntpkey_cert_

The X509v3 certificate uses the RSA or DSA public key and signature. XXX is the code used to identify the message digest and signature encryption algorithm.

Identification scheme. Key type pair is used to challenge; key type key is used to answer.

Ntpkey_iffkey_<groupname>.<filestamp>
Ntpkey_iffkey_<groupname>
Schnorr (IFF) identity parameters and keys

Ntpkey_gqkey_<groupname>.<filestamp>,
Ntpkey_gqkey_<groupname>
Guillou-quisquater (GQ) identity parameters and keys

Ntpkey_mvkeyx_<groupname>.<filestamp>,
Ntpkey_mvkey_<groupname>

Mu-varadharajan (MV) identity parameters and keys

Note: Sometimes this program cannot generate and verify encrypted data because of some statistical surprises, which can be returned with a status of-1 indicated. In this case just run the program again. If the program does end with a return value of 0, the data is validated correctly.

These cryptographic routines can be categorized by the modulus size. The default value is 512 bits, which allows a compromise between the length of the encryption and the calculation time, which is enough for a general application. These routines have been tested by the size of the 256,512,1024 and 2048 bits. Not all message digests and signature encryption schemes can work with a size less than 512 bits. Calculation times greater than 2048 bits are intolerable on all machines, except for the fastest processors. UltraSPARC Blade 1000 takes more than 9 minutes to generate and verify that the size is 2048 modulus. The old SPARC IPC may take a whole week.

This program uses the OpenSSL library to require a random seed file. As the OpenSSL file describes, the file name defaults to the RANDFILE environment variable in the user's home directory and then the. Rnd in the user's home directory.

Ntp-keygen.c