[dtn-security] Re(2): Key generation

Peter Lovell <plovell@mac.com> Wed, 15 July 2009 12:23 UTC

Received: from asmtpout022.mac.com (asmtpout022.mac.com [17.148.16.97]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n6FCN9xL000904 for <dtn-security@maillists.intel-research.net>; Wed, 15 Jul 2009 05:23:09 -0700
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Received: from [157.185.80.152] by asmtp022.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KMT00HMQP00UF50@asmtp022.mac.com> for dtn-security@maillists.intel-research.net; Wed, 15 Jul 2009 05:21:39 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: Sushil Chaudhari <schaudhari@mzeal.com>, dtn-security@maillists.intel-research.net
Date: Wed, 15 Jul 2009 08:21:37 -0400
Message-id: <20090715122137.1825897882@smtp.mac.com>
In-reply-to: <20090714210539.45611.qmail@mzeal.com>
References: <20090714210539.45611.qmail@mzeal.com>
X-Mailer: CTM PowerMail version 5.6.3 build 4504 English (PPC) <http://www.ctmdev.com>
Subject: [dtn-security] Re(2): Key generation
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 12:23:10 -0000

On Tue, Jul 14, 2009, Sushil Chaudhari <schaudhari@mzeal.com> wrote:

>Hi,
>
>There's setkey <host> <siphersuite> <key> command used to set the key
>for the specified host and ciphersuite.
>
>What utility is used to produce the key?
>
>If security policy is set to use "confidentiality block" and no external
>key is provided, how's the key get generated by DTN2?
>

Hi Sushil,

this is used only by the BA1 ciphersuite. For other ciphersuites you
need to manage the keys (typically RSA public/private key pairs) using
the KeySteward class. There is no command-set to support those at present.

Regards.....Peter