Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen
Gaurav Kansal
gaurav.kansal at nic.in
Mon Mar 3 11:22:25 UTC 2014
Dear Team,
I am using RSASHA1 key generation algorithm for generating the KSK and ZSK.
Today, I tried to generate the algorithm using RSASHA512 and HMAC-SHA256
algorithm.
Key generation through RSASHA512 algorithm run successfully but while
generating the keys through HMAC-SHA512 algorithm, I am getting the
following error -
"dnssec-keygen: fatal: a key with algorithm 'HMAC-SHA512' cannot be a zone
key"
I googled it and find a previous discussion on BIND Mailing list that HMAC-*
is used for generating keys for Host and not for Zone.
I have doubt in this only. What's the difference between Zone or Host ?? Is
it key generation for one client machine or what ?
I also want to know which algorithm is the best one on security aspects for
generating Keys for DNSSEC.
Thanks and Regards,
Gaurav Kansal
Emp Code - 6274
Mob - 9910118448
Intercom - 7331
Have you enabled IPv6 on something today...?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140303/b65da668/attachment.html>
More information about the bind-users
mailing list