-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
The example program ldns-key2ds can do this for you. Best regards, Matthijs On 08/13/2012 09:00 AM, Áõ˶ wrote: > Hi all, Is there someone knows how to calculate DS RR? I find the > formula in rfc 4034, but get puzzled: > > " > > The digest is calculated by concatenating the canonical form of > the fully qualified owner name of the DNSKEY RR with the DNSKEY > RDATA, and then applying the digest algorithm. > > digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA); > > "|" denotes concatenation > > DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. > > " If there is a DNSKEY RR as follows: se. 3600 > IN DNSKEY 257 3 5 AwEAAZYYG1hpk8XKHNHpdO/E > Eg+r4YmIEC4Fn3x2DEsygxDuoT9d/QCi > X1pz0omFGCaVfCWHvaScVvWd4xP4kNDnSDQxBzPwLEXE3l0 cLseMJ2YM > QeBPf3hGhLs6VSDnGFKAzNG4fhri9EBTLv9ubL8Kx8cWQKuu3A5HRVD3 > li7lZB+0kmUKq GiIQdERKt/Ec36BkK93lyGags5RrR2VDdrXCj9Yay90 > KCKITk52AbwVoMPm0OYlPbD4ViBPMk5nmh/d PeCoZoVJxgANZ/doVQxR > 5vDkMBYxuhrXuQk3CvZBB011NsXxk9yHtHvp/5gjUVJjvhdRvjRB6/xY R0 > 3c9owi/aM= > > How to calculate ds using the formula above? Is > "1(se.|257|3|5|AwEAAZYYG1hpk8XK...)" right for sha-1 ? But I know > it's wrong. I have tried many other forms but haven't get the right > result yet, is there anyone knows how to do it? > > Best regards, Stuart > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQKLINAAoJEA8yVCPsQCW5P5wH/jliYhy0E2NcMCB9rs8aSqtF mZ0J1u1VYjl1+9Y8Cico0WjD+DbE6BgkYMt78SgZNWV+p/hXs/gfqd/WEsoM0g9k OE/hk9TrSCNx7jhMd2U2esYlKHygX0gfR1QCa+vkgMK3uGt9uCXvsox9U4zjwqVz rzX9P0osmwKw0Cs90mPwJKBl2nTUSux2HH/gIF3gFjpaHcypvXXXGarz1c4eDaOd aUb7LdyFjIRjY6RwpRTqHTjqPZ8OuOzccHzbb4ZhHuVM21RhP7RETQM0CzvifNd/ SGW5xtTyJH/hATzKDNPjYpqSE2gjzYBmMZi6dEXIuBc9fSMewCuWXhR+QcfSUIw= =M6ov -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user