Key ID from DNSKEY - how?
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 27 18:30:54 UTC 2010
On 10/27/2010 06:46 PM, Mark Elkins wrote:
> I would like to calculate the Key-ID from a DNSKEY record. I'd prefer to
> do this in PHP as this is inside some existing PHP (Web) scripts but I
> guess calling a C program would not be too inconvenient.
I use some Python code to do this in our debugging/management tools,
translated straight from the RFC; it might convert pretty easily into
PHP, although in my experience language number/bit-shift/overflow
behaviour can be a bit... odd.
def key2keytag(flags, alg1, alg2, keydata):
data = struct.pack('!HBB', flags, alg1, alg2)
data += keydata.decode('base64')
v = 0
for i in range(len(data)):
if i & 1:
v += ord(data[i])
else:
v += ord(data[i]) << 8
v += (v >> 16) & 0xffff
return v & 0xffff
Called like so:
tag = key2tag(257, 3, 5, 'AwEAA...')
Very handy during testing is:
dig +multi domain.com DNSKEY
...which displays the tag as a comment. HTH
More information about the bind-users
mailing list