bind-9.7.0a3 genkey.sh and dnssec-signzone missing check

[Paul Wouters]

Hi,

When using 9.7.0a3 with dnssec-signzone and PKCS#11, one can use the genkey.sh
as a tool to generate keys. It is however hardcoded to RSASHA1. (We needed NSECRSASHA1)
The below tiny patch addresses this.

Related, the dnssec-signzone command created a zone with algo 5 DNSKEY's with
NSEC3 records, which is a bogus zone that stupid people like me should not be allowed
to create :)

Paul

--- genkey.sh.org	2009-09-21 19:40:17.000000000 -0400
+++ genkey.sh	2009-09-21 19:40:45.000000000 -0400
@@ -1,8 +1,8 @@
  #!/bin/bash

-usage="Usage: $0 -z zone -x ext -p pin -b bits -e engine [-f] -k key_path"
+usage="Usage: $0 -z zone -x ext -p pin -a algonum -b bits -e engine [-f] -k key_path"
  tmp_file=/tmp/cur_key.$$
-while getopts ":z:x:p:t:k:b:e:f" opt; do
+while getopts ":z:x:p:t:k:b:e:a:f" opt; do
    case $opt in
      z  ) zone=$OPTARG ;;
      x  ) ext=$OPTARG ;;
@@ -12,6 +12,7 @@ while getopts ":z:x:p:t:k:b:e:f" opt; do
      e  ) engine=$OPTARG ;;
      b  ) bits=$OPTARG ;;
      k  ) key_path=$OPTARG ;;
+    a  ) algo=$OPTARG ;;
      \? ) echo $usage
  	 exit 1 ;;
     esac
@@ -42,9 +43,9 @@ if [ $? -ne 0 ] ; then exit 1 ; fi

  echo "Generating DNSKEY RR"
  if [ "$flag" ] ; then
-  keytag=`$mypath/keyconv.pl -a 5 -k -e $engine -l $label -p $key_path -i $tmp_file $zone`
+  keytag=`$mypath/keyconv.pl -a $algo -k -e $engine -l $label -p $key_path -i $tmp_file $zone`
  else
-  keytag=`$mypath/keyconv.pl -a 5 -e $engine -l $label -p $key_path -i $tmp_file $zone`
+  keytag=`$mypath/keyconv.pl -a $algo -e $engine -l $label -p $key_path -i $tmp_file $zone`
  fi

  if [ ! $keytag ] ; then rm $tmp_file; exit 1 ; fi