Key ID from DNSKEY - how?
Mark Elkins
mje at posix.co.za
Wed Oct 27 17:46:11 UTC 2010
I would like to calculate the Key-ID from a DNSKEY record. I'd prefer to
do this in PHP as this is inside some existing PHP (Web) scripts but I
guess calling a C program would not be too inconvenient.
I'd like to index records (ie DNSKEY and DS Records) according to their
Key-ID - and present them grouped by Key-ID. DS keys are usually
presented with their Key-ID - so are less problematic.
Side issue - the RFC description for a DS Record on the wire
gives the first 16 bytes as the Key-ID, followed by (8-bit)
Algorithm, (8-bit) Digest type and (32 bytes - or so) Digest. Is
all this info encoded into the Base-64 stuff that one can see as
ascii in a zone? ... or is the base-64 ascii stuff just the
Digest?
I'd love to be able to validate both DS and DNSKEY records that
people give me but I am still floundering around amongst the
DNSSEC RFC's...
I understand that key-ID's are not necessarily unique but as I'd usually
not have more than about 4 or so in any one domain - I'm hoping that
statistics will be with me 99.95% of the time.
Anyway - does anyone have existing code snippets that might assist me?
--
. . ___. .__ Posix Systems - (South) Africa
/| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6696 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101027/72498112/attachment.bin>
More information about the bind-users
mailing list