[dtn-security] Re(2): Key generation

[Peter Lovell <plovell@mac.com>]

Hi Will,

in this case, "setkey" is part of a small command set that's included in
DTN2 RI.

It doesn't support ciphersuites other than BA1 though.

Your suggestion to use openssl for key creation is good -- I recommend it too.

Regards.....Peter


On Wed, Jul 15, 2009, Ivancic, William D. (GRC-RHN0)
<william.d.ivancic@nasa.gov> wrote:

>SETKEY is for IPsec and comes from IPsec tools.  So, SETKEY is for IP
>not DTN. But the concepts apply.
>
>Openssl is what you want.  Openssl can create all types of keys and
>certificates.
>
>For a quick tutorial on setting up a test Certificate Authority and
>associated keys, I recommend the Strongswan configuration guide. 
>Someone put a lot of time and money into Strongswan as the documentation
>is very good - better than most commercial system IMHO.  I read this
>first then look at the appropriate Openssl man pages below, then run
>through the sample here.  After that, you should have a decent idea on
>what you may want to do with Openssl and certificates.
>http://www.strongswan.org/docs/readme42.htm#section_3
>
>
>Use Openssl to create keys.  Having used Openssl, I found the books
>rather limiting.  You may want to  go online and use the manuals as
>there are lots of hyperlinks.
>http://www.openssl.org/docs/apps/openssl.html
>
>
>/Will
>
>
>>-----Original Message-----
>>From: dtn-security-bounces@maillists.intel-research.net [mailto:dtn-
>>security-bounces@maillists.intel-research.net] On Behalf Of Sushil
>>Chaudhari
>>Sent: Tuesday, July 14, 2009 5:06 PM
>>To: dtn-security@maillists.intel-research.net
>>Subject: Re: [dtn-security] Key generation
>>
>>Hi,
>>
>>There's setkey <host> <siphersuite> <key> command used to set the key
>>for the specified host and ciphersuite.
>>
>>What utility is used to produce the key?
>>
>>If security policy is set to use "confidentiality block" and no external
>>key is provided, how's the key get generated by DTN2?
>>