Format of 'dig -k' "TSIG key file"?
Mark Andrews
marka at isc.org
Fri Jul 31 22:07:16 UTC 2009
In message <20090731171804.B23675 at gwyn.tux.org>, Joseph S D Yao writes:
> On Fri, Jul 31, 2009 at 03:32:48PM +1000, Mark Andrews wrote:
> > In message <20090730174054.H23872 at gwyn.tux.org>, Joseph S D Yao writes:
> ...
> > > Plus, I'm curious to know what 'dig -k' really wants to see.
> >
> > A keyfile as generated by "dnssec-keygen -a HMAC-*".
> ...
>
> Of which there are two - a .key file and a .private file. But I never
> thought of using the .private file format! Next week ...
>
> > HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 or HMAC-SHA512.
>
> Now, I must not have been paying attention - all my written down [or
> electronically inscribed] information says that the HMAC-MD5 algorithm
> must be used for TSIG. When did this get opened up?
Network Working Group D. Eastlake 3rd
Request for Comments: 4635 Motorola Laboratories
Category: Standards Track August 2006
HMAC SHA TSIG Algorithm Identifiers
> Thanks!
>
>
> --
> /*********************************************************************\
> **
> ** Joe Yao jsdy at tux.org - Joseph S. D. Yao
> **
> \*********************************************************************/
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list