I would like to calculate the Key-ID from a DNSKEY record. I'd prefer to do this in PHP as this is inside some existing PHP (Web) scripts but I guess calling a C program would not be too inconvenient.
I'd like to index records (ie DNSKEY and DS Records) according to their Key-ID - and present them grouped by Key-ID. DS keys are usually presented with their Key-ID - so are less problematic. Side issue - the RFC description for a DS Record on the wire gives the first 16 bytes as the Key-ID, followed by (8-bit) Algorithm, (8-bit) Digest type and (32 bytes - or so) Digest. Is all this info encoded into the Base-64 stuff that one can see as ascii in a zone? ... or is the base-64 ascii stuff just the Digest? I'd love to be able to validate both DS and DNSKEY records that people give me but I am still floundering around amongst the DNSSEC RFC's... I understand that key-ID's are not necessarily unique but as I'd usually not have more than about 4 or so in any one domain - I'm hoping that statistics will be with me 99.95% of the time. Anyway - does anyone have existing code snippets that might assist me? -- . . ___. .__ Posix Systems - (South) Africa /| /| / /__ m...@posix.co.za - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users