bits = keyOrZone ? 2048 : 1024;
DNSSECPrivateKey dpk;
dpk.d_key.create(bits);
+ dpk.d_algorithm = algorithm;
addKey(name, keyOrZone, dpk, active);
}
DNSBackend::KeyData kd;
kd.flags = 256 + keyOrZone;
kd.active = active;
- kd.content = dpk.d_key.convertToISC(5);
-
+ kd.content = dpk.d_key.convertToISC(dpk.d_algorithm);
// now store it
d_db.addDomainKey(name, kd);
}
continue;
DNSSECPrivateKey dpk;
-
- getRSAKeyFromISCString(&dpk.d_key.getContext(), kd.content);
+ DNSKEYRecordContent dkrc = getRSAKeyFromISCString(&dpk.d_key.getContext(), kd.content);
dpk.d_flags = kd.flags;
- dpk.d_algorithm = 5 + 2*getNSEC3PARAM(zname);
+ dpk.d_algorithm = dkrc.d_algorithm;
- KeyMetaData kmd;
-
- kmd.active = kd.active;
- kmd.keyOrZone = (kd.flags == 257);
- kmd.id = kd.id;
+ if(dpk.d_algorithm == 5 && getNSEC3PARAM(zname)) {
+ dpk.d_algorithm += 2;
+ }
return dpk;
}
{
DNSSECPrivateKey dpk;
- getRSAKeyFromISCString(&dpk.d_key.getContext(), kd.content);
+ DNSKEYRecordContent dkrc=getRSAKeyFromISCString(&dpk.d_key.getContext(), kd.content);
dpk.d_flags = kd.flags;
- dpk.d_algorithm = 5 + 2*getNSEC3PARAM(zone);
+ dpk.d_algorithm = dkrc.d_algorithm;
+ if(dpk.d_algorithm == 5 && getNSEC3PARAM(zone))
+ dpk.d_algorithm+=2;
KeyMetaData kmd;
("Exponent2",&d_context.DQ)
("Coefficient",&d_context.QP);
- ret = "Private-key-format: v1.2\nAlgorithm: "+lexical_cast<string>(algorithm)+" (RSASHA1)\n";
+ ret = "Private-key-format: v1.2\nAlgorithm: "+lexical_cast<string>(algorithm);
+ switch(algorithm) {
+ case 5:
+ case 7 :
+ ret+= " (RSASHA1)";
+ break;
+ case 8:
+ ret += " (RSASHA256)";
+ break;
+ }
+ ret += "\n";
BOOST_FOREACH(outputs_t::value_type value, outputs) {
ret += value.first;
continue;
if(places.count(key)) {
if(places[key]) {
-
- int len=sizeof(decoded);
- if(base64_decode(decoded, &len, (unsigned char*)value.c_str(), value.length()) < 0) {
- cerr<<"Error base64 decoding '"<<value<<"'\n";
- exit(1);
- }
- // B64Decode(value, decoded);
- // cerr<<key<<" decoded.length(): "<<8*len<<endl;
- mpi_read_binary(places[key], decoded, len);
- if(key=="Modulus")
- modulus.assign((const char*)decoded,len);
- if(key=="PublicExponent")
- exponent.assign((const char*)decoded,len);
+ int len=sizeof(decoded);
+ if(base64_decode(decoded, &len, (unsigned char*)value.c_str(), value.length()) < 0) {
+ cerr<<"Error base64 decoding '"<<value<<"'\n";
+ exit(1);
+ }
+ // B64Decode(value, decoded);
+ // cerr<<key<<" decoded.length(): "<<8*len<<endl;
+ mpi_read_binary(places[key], decoded, len);
+ if(key=="Modulus")
+ modulus.assign((const char*)decoded,len);
+ if(key=="PublicExponent")
+ exponent.assign((const char*)decoded,len);
}
}
else {
- if(key != "Private-key-format" && key != "Algorithm")
+ if(key=="Algorithm") {
+ drc.d_algorithm = atoi(value.c_str());
+ }
+ else if(key != "Private-key-format")
cerr<<"Unknown field '"<<key<<"'\n";
}
}
drc.d_key.append(exponent);
drc.d_key.append(modulus);
drc.d_protocol=3;
- drc.d_algorithm = 0; // should not be filled out here..
fclose(fp);
return drc;
}
}
}
else {
- if(key != "Private-key-format" && key != "Algorithm")
- cerr<<"Unknown field '"<<key<<"'\n";
+ if(key == "Algorithm")
+ drc.d_algorithm = atoi(value.c_str());
+ else if(key != "Private-key-format")
+ cerr<<"Unknown field '"<<key<<"'\n";
}
}
rsa->len = ( mpi_msb( &rsa->N ) + 7 ) >> 3; // no clue what this does
drc.d_key.append(exponent);
drc.d_key.append(modulus);
drc.d_protocol=3;
- drc.d_algorithm = 0; // should not be filled out here..
+
return drc;
}
cerr<<"Usage: \npdnssec [options] [show-zone] [secure-zone] [rectify-zone] [add-zone-key] [deactivate-zone-key] [remove-zone-key] [activate-zone-key]\n";
cerr<<" [import-zone-key] [export-zone-key] [set-nsec3] [unset-nsec3] [export-zone-dnskey]\n\n";
cerr<<"activate-zone-key ZONE KEY-ID Activate the key with key id KEY-ID in ZONE\n";
- cerr<<"add-zone-key ZONE [zsk|ksk] Add a ZSK or KSK to a zone (ZSK only now)\n";
+ cerr<<"add-zone-key ZONE [zsk|ksk] \n";
+ cerr<<" [bits] [rsasha1|rsasha256] Add a ZSK or KSK to a zone\n";
cerr<<"deactivate-zone-key Dectivate the key with key id KEY-ID in ZONE\n";
cerr<<"export-zone-dnskey ZONE KEY-ID Export to stdout the public DNSKEY described\n";
cerr<<"export-zone-key ZONE KEY-ID Export to stdout the private key described\n";
// need to get algorithm, bits & ksk or zsk from commandline
bool keyOrZone=false;
int bits=0;
+ int algorithm=5;
for(unsigned int n=2; n < cmds.size(); ++n) {
if(pdns_iequals(cmds[n], "zsk"))
keyOrZone = false;
else if(pdns_iequals(cmds[n], "ksk"))
keyOrZone = true;
+ else if(pdns_iequals(cmds[n], "rsasha1"))
+ algorithm=5;
+ else if(pdns_iequals(cmds[n], "rsasha256"))
+ algorithm=8;
else if(atoi(cmds[n].c_str()))
bits = atoi(cmds[n].c_str());
else {
- cerr<<"Unknown key flag or size '"<<cmds[n]<<"'"<<endl;
+ cerr<<"Unknown algorithm, key flag or size '"<<cmds[n]<<"'"<<endl;
}
}
- cerr<<"Adding a " << (keyOrZone ? "KSK" : "ZSK")<<endl;
+ cerr<<"Adding a " << (keyOrZone ? "KSK" : "ZSK")<<" with algorithm = "<<algorithm<<endl;
if(bits)
cerr<<"Requesting specific key size of "<<bits<<" bits"<<endl;
- dk.addKey(zone, keyOrZone, 5, bits);
+ dk.addKey(zone, keyOrZone, algorithm, bits);
}
else if(cmds[0] == "remove-zone-key") {
const string& zone=cmds[1];
projects / pdns / commitdiff