On Mar 7 2012, Bill Owens wrote:

On Wed, Mar 07, 2012 at 12:13:35PM +0000, Chris Thompson wrote:
This is wrong (although I have seen the same thing stated in a number
of other places). When the default public exponent was changed from
3 to 2^16+1 (change 2088) the one selected by -e was changed from
2^16+1 to 2^30+3 ... *not* 2^32+1. And so it remains today.


And you will find that the ones generated by "dnssec-keygen -e" start

Umm, no:

[littledebian:~/dns] owens% dnssec-keygen -e example.com
Generating key pair....................................++++++ .............++++++ Kexample.com.+005+43304
[littledebian:~/dns] owens% cat Kexample.com.+005+43304.key
; This is a zone-signing key, keyid 43304, for example.com.
; Created: 20120307140855 (Wed Mar  7 09:08:55 2012)
; Publish: 20120307140855 (Wed Mar  7 09:08:55 2012)
; Activate: 20120307140855 (Wed Mar  7 09:08:55 2012)
example.com. IN DNSKEY 256 3 5 
7utMeLmBPjq4RUqluurlVTHt5/FD85tr0yr8mu7h39gVmMY0bnRpgx6p aj2zjpv3O3U=

The code definitely uses 2^32+1:

[littledebian:bind-9.9.0/lib/dns] owens% grep -A 3 -B 5 F5 opensslrsa_link.c
        if (exp == 0) {
                /* RSA_F4 0x10001 */
                BN_set_bit(e, 0);
                BN_set_bit(e, 16);
        } else {
                /* F5 0x100000001 */
                BN_set_bit(e, 0);
                BN_set_bit(e, 32);

Oh, damn. I have to retract. Or indeed, grovel. It all depends on which
version of OpenSSL it is linked with, not on the code in dnssec-keygen
itself. Older versions do indeed generate 2^30+3, but newer ones 2^32+1.

You can see the BEAAAA (2^30+3) ones in the DNSKEYs for dlv.isc.org as
well as in a number of our own zones (which says either that the keys
are oldish or that the versions of OpenSSL used are not as up to date
as they probably ought to be).

Chris Thompson
Email: c...@cam.ac.uk
