generating TSIG keys with 'dnssec-keygen', get "error reading key file ... bad key type"?
jasonsu at mail-central.com
jasonsu at mail-central.com
Tue Apr 19 14:40:38 UTC 2016
I'm working on generating TSIG keys for use with my bind server.
When I generate a 2nd set of keys in a dir, I get a "bad key type" error,
DIR="/home/me/test/nsupdate"
HOST="myhost.example.com"
dnssec-keygen -V
dnssec-keygen 9.10.3-P4
cd $DIR
rm -f *
ls *
(emtpy)
dnssec-keygen -a hmac-sha256 -b 128 -K $DIR -n HOST $HOST
Kmyhost.example.com.+163+35917
ls *
Kmyhost.example.com.+163+35917.key
Kmyhost.example.com.+163+35917.private
dnssec-keygen -a hmac-sha256 -b 128 -K $DIR -n HOST $HOST
dnssec-keygen: warning: dns_dnssec_findmatchingkeys: error reading key file Kmyhost.example.com.+163+39520.private: bad key type
dnssec-keygen: warning: dns_dnssec_findmatchingkeys: error reading key file Kmyhost.example.com.+163+35917.private: bad key type
Kmyhost.example.com.+163+16588
ls *
Kmyhost.example.com.+163+16588.key
Kmyhost.example.com.+163+16588.private
Kmyhost.example.com.+163+35917.key
Kmyhost.example.com.+163+35917.private
>From the manpage
Note 2: DH, HMAC-MD5, and HMAC-SHA1 through HMAC-SHA512 automatically set the
-T KEY option.
So it's auto-set here. What's "bad" about the automatically set key type?
Jason
More information about the bind-users
mailing list