[dtn-security] Re(2): Key generation
Peter Lovell <plovell@mac.com> Wed, 15 July 2009 15:43 UTC
Received: from asmtpout017.mac.com (asmtpout017.mac.com [17.148.16.92]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n6FFh5cF010155 for <dtn-security@maillists.intel-research.net>; Wed, 15 Jul 2009 08:43:06 -0700
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; charset="US-ASCII"
Received: from [157.185.80.152] by asmtp017.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KMT000HUY91MT00@asmtp017.mac.com> for dtn-security@maillists.intel-research.net; Wed, 15 Jul 2009 08:41:34 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: "Ivancic, William D. (GRC-RHN0)" <william.d.ivancic@nasa.gov>, Sushil Chaudhari <schaudhari@mzeal.com>, dtn-security@maillists.intel-research.net
Date: Wed, 15 Jul 2009 11:41:25 -0400
Message-id: <20090715154125.1031934993@smtp.mac.com>
In-reply-to: <3A5AA67A8B120B48825BFFCF5443856137E50D04FE@NDJSSCC03.ndc.nasa.gov>
References: <20090714210539.45611.qmail@mzeal.com> <3A5AA67A8B120B48825BFFCF5443856137E50D04FE@NDJSSCC03.ndc.nasa.gov>
X-Mailer: CTM PowerMail version 5.6.3 build 4504 English (PPC) <http://www.ctmdev.com>
Subject: [dtn-security] Re(2): Key generation
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 15:43:06 -0000
Hi Will, in this case, "setkey" is part of a small command set that's included in DTN2 RI. It doesn't support ciphersuites other than BA1 though. Your suggestion to use openssl for key creation is good -- I recommend it too. Regards.....Peter On Wed, Jul 15, 2009, Ivancic, William D. (GRC-RHN0) <william.d.ivancic@nasa.gov> wrote: >SETKEY is for IPsec and comes from IPsec tools. So, SETKEY is for IP >not DTN. But the concepts apply. > >Openssl is what you want. Openssl can create all types of keys and >certificates. > >For a quick tutorial on setting up a test Certificate Authority and >associated keys, I recommend the Strongswan configuration guide. >Someone put a lot of time and money into Strongswan as the documentation >is very good - better than most commercial system IMHO. I read this >first then look at the appropriate Openssl man pages below, then run >through the sample here. After that, you should have a decent idea on >what you may want to do with Openssl and certificates. >http://www.strongswan.org/docs/readme42.htm#section_3 > > >Use Openssl to create keys. Having used Openssl, I found the books >rather limiting. You may want to go online and use the manuals as >there are lots of hyperlinks. >http://www.openssl.org/docs/apps/openssl.html > > >/Will > > >>-----Original Message----- >>From: dtn-security-bounces@maillists.intel-research.net [mailto:dtn- >>security-bounces@maillists.intel-research.net] On Behalf Of Sushil >>Chaudhari >>Sent: Tuesday, July 14, 2009 5:06 PM >>To: dtn-security@maillists.intel-research.net >>Subject: Re: [dtn-security] Key generation >> >>Hi, >> >>There's setkey <host> <siphersuite> <key> command used to set the key >>for the specified host and ciphersuite. >> >>What utility is used to produce the key? >> >>If security policy is set to use "confidentiality block" and no external >>key is provided, how's the key get generated by DTN2? >>
- [dtn-security] Re(2): Key generation Peter Lovell
- Re: [dtn-security] Key generation Ivancic, William D. (GRC-RHN0)
- [dtn-security] Re(2): Key generation Peter Lovell
- Re: [dtn-security] Key generation Sushil Chaudhari