I would like to calculate the Key-ID from a DNSKEY record. I'd prefer to do this in PHP as this is inside some existing PHP (Web) scripts but I guess calling a C program would not be too inconvenient.
I'd like to index records (ie DNSKEY and DS Records) according to their
Key-ID - and present them grouped by Key-ID. DS keys are usually
presented with their Key-ID - so are less problematic.
Side issue - the RFC description for a DS Record on the wire
gives the first 16 bytes as the Key-ID, followed by (8-bit)
Algorithm, (8-bit) Digest type and (32 bytes - or so) Digest. Is
all this info encoded into the Base-64 stuff that one can see as
ascii in a zone? ... or is the base-64 ascii stuff just the
Digest?
I'd love to be able to validate both DS and DNSKEY records that
people give me but I am still floundering around amongst the
DNSSEC RFC's...
I understand that key-ID's are not necessarily unique but as I'd usually
not have more than about 4 or so in any one domain - I'm hoping that
statistics will be with me 99.95% of the time.
Anyway - does anyone have existing code snippets that might assist me?
--
. . ___. .__ Posix Systems - (South) Africa
/| /| / /__ m...@posix.co.za - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
