[dtn-security] Re(2): Key generation

Peter Lovell <plovell@mac.com> Wed, 15 July 2009 12:23 UTC

Received: from asmtpout022.mac.com (asmtpout022.mac.com []) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n6FCN9xL000904 for <dtn-security@maillists.intel-research.net>; Wed, 15 Jul 2009 05:23:09 -0700
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Received: from [] by asmtp022.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KMT00HMQP00UF50@asmtp022.mac.com> for dtn-security@maillists.intel-research.net; Wed, 15 Jul 2009 05:21:39 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: Sushil Chaudhari <schaudhari@mzeal.com>, dtn-security@maillists.intel-research.net
Date: Wed, 15 Jul 2009 08:21:37 -0400
Message-id: <20090715122137.1825897882@smtp.mac.com>
In-reply-to: <20090714210539.45611.qmail@mzeal.com>
References: <20090714210539.45611.qmail@mzeal.com>
X-Mailer: CTM PowerMail version 5.6.3 build 4504 English (PPC) <http://www.ctmdev.com>
Subject: [dtn-security] Re(2): Key generation
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 12:23:10 -0000

On Tue, Jul 14, 2009, Sushil Chaudhari <schaudhari@mzeal.com> wrote:

>There's setkey <host> <siphersuite> <key> command used to set the key
>for the specified host and ciphersuite.
>What utility is used to produce the key?
>If security policy is set to use "confidentiality block" and no external
>key is provided, how's the key get generated by DTN2?

Hi Sushil,

this is used only by the BA1 ciphersuite. For other ciphersuites you
need to manage the keys (typically RSA public/private key pairs) using
the KeySteward class. There is no command-set to support those at present.