RSASHA3 in DNSSEC
Mukund Sivaraman
muks at mukund.org
Tue Nov 13 07:06:24 UTC 2018
On Tue, Nov 13, 2018 at 12:48:04PM +0600, Hasibuzzaman Gazi wrote:
> hello there,
> i am a student and currently working on a class project where i am using
> DNSSEC to secure the DNS records. i want to use RSASHA3 encryption method.
> i have haveged installed and latest bind package, the problem is i dont
> know what is the code to use to implement the cryptography method. is there
> anyone who can help me in this regard? my zone name is "example.com"
>
> thanks in advance, hopefully waiting for your reply very soon. please i
> need help with this.
There is a draft and BIND 9 implementation of SHA-3 in DNSSEC:
https://tools.ietf.org/html/draft-muks-dnsop-dnssec-sha3-01
https://github.com/muks/bind9/tree/sha3
There is also an ldns branch here:
https://github.com/tjeb/ldns/tree/sha3_and_pss
including introduction of RSASSA-PSS (instead of PKCS1 v1.5). Although
RSA is a workhorse algorithm that has been largely reliable, the focus
in DNS working groups going forward is to use ECC with smaller key and
signature sizes.
I suggest that you attempt to implement SHA-3 with ECDSA and EDDSA, and
for DS records (however, even this is implemented in the trees above; I
don't know if it would be the best exercise for a class project, but you
could reimplement it independently).
Mukund
More information about the bind-users
mailing list