[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keying Material

To: "'Amol Deshmukh'" <adeshmukh@pace.stpp.soft.net>, <ipsec@lists.tislabs.com>
Subject: Re: Keying Material
From: "Suresh Singh K." <sureshsingh.keisam@analog.com>
Date: Thu, 1 Aug 2002 10:49:26 -0700
References: <001f01c23969$62ec5540$7b06140a@future.futsoft.com>
Sender: owner-ipsec@lists.tislabs.com

Hi,
         Rajesh's Idea 's is good. Alternatively, Racoon on FreeBsd 'll also
print the SKEYIDs and IVs to log file.

suresh

----- Original Message -----
From: "Rajesh Mohan" <rajeshmn@future.futsoft.com>
To: "'Amol Deshmukh'" <adeshmukh@pace.stpp.soft.net>;
<ipsec@lists.tislabs.com>
Sent: Thursday, August 01, 2002 7:40 AM
Subject: RE: Keying Material


> Amol,
>
> I would recommend you start with OpenBsd implementation. It definetly
prints
> SKEYID and IV updates to log file. isakmpd man pages will tell you how to
> turn on log messages.
>
> HTH,
> -Rajesh M
>
>
>
>
> > -----Original Message-----
> > From: owner-ipsec@lists.tislabs.com
> > [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Stephane Beaulieu
> > Sent: Thursday, August 01, 2002 6:42 PM
> > To: Amol Deshmukh; ipsec@lists.tislabs.com
> > Subject: RE: Keying Material
> >
> >
> > Amol,
> >
> > We used to have bakeoffs to deal with such issues.
> > Unfortunately, bakeoffs
> > are rare these days because most vendors achieved good basic
> > interoperability years and years ago.
> >
> > Probably the easiest way to do this is to try sending packets
> > through and
> > turning on debugging on the Cisco device.  It won't give you
> > the keys, but
> > it'll tell you if authentication and/or decryption fail.
> >
> > If your keys are incorrect, try and try again.
> >
> > You might also want to try and interop with some of the open
> > source IPsec
> > implementations.  You can probably modify their code to spew
> > out the keys
> > you're looking for.
> >
> > Good luck,
> > Stephane.
> >
> > > -----Original Message-----
> > > From: owner-ipsec@lists.tislabs.com
> > > [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Amol Deshmukh
> > > Sent: Thursday, August 01, 2002 1:40 AM
> > > To: ipsec@lists.tislabs.com
> > > Subject: Keying Material
> > >
> > >
> > > Hi,
> > >     I am trying to interop, our IKE implementation with Cisco.
> > >     From the keying material generated, the keys for
> > > encryption/authentication are created. There is no way to
> > find out if the
> > > keys generated at both ends are the same.
> > >     Could anyone please help me in this.
> > >
> > > Thanks in advance,
> > > -Amol.
> > >
> >
>
>
***************************************************************************
> This message is proprietary to Future Software Limited (FSL)
> and is intended solely for the use of the individual to whom it
> is addressed. It may contain  privileged or confidential information
> and should not be circulated or used for any purpose other than for
> what it is intended.
>
> If you have received this message in error, please notify the
> originator immediately. If you are not the intended recipient,
> you are notified that you are strictly prohibited from using,
> copying, altering, or disclosing the contents of this message.
> FSL accepts no responsibility for loss or damage arising from
> the use of the information transmitted by this email including
> damage from virus.
>
***************************************************************************
>

References:
- RE: Keying Material
  - From: "Rajesh Mohan" <rajeshmn@future.futsoft.com>

Prev by Date: RE: Clarification of potential NAT multiple client solutions
Next by Date: Re: draft-ietf-ipsec-ciph-aes-ctr-00.txt
Prev by thread: RE: Keying Material
Next by thread: Re: CERT REQ payload Handling Clarification
Index(es):
- Date
- Thread