[Opendnssec-develop] DSA key length in DNSKEY records

Alexd at nominet.org.uk Alexd at nominet.org.uk
Wed Mar 17 10:03:24 UTC 2010

Hi - 

This is a bit of a stupid question, I'm afraid...

I'm adding a quick check that the DNSKEY records generated by ODS are of 
the correct algorithm and key length. This is OK for RSA keys - we extract 
the modulus from the RDATA field, and take the length of that (defined in 
RFC 3110). However, I can't seem to find a definition of key length for 
DSA keys. Perl's Net::DNS::SEC module seems to return the T value, which 
can vary from 0 to 8, but this doesn't seem right.

I know that the DSA length must depend on the T value, but I can't find a 
specification for the relationship.

Can somebody please take pity on me, and point me in the right direction 
for a specification of how to derive the key length of a DNSKEY-encoded 
DSA key?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20100317/f65aa942/attachment.htm>

More information about the Opendnssec-develop mailing list