[Opendnssec-develop] DSA key length in DNSKEY records
rickard.bellgrim at iis.se
Wed Mar 17 12:04:57 UTC 2010
On 17 mar 2010, at 12.45, Olaf Kolkman wrote:
> On Mar 17, 2010, at 12:34 PM, Alexd at nominet.org.uk wrote:
>> My current best guess is that the DSA key length can be derived as (64 + 8*T) octets. However, I still don't think I've found anything which specifically confirms this (i.e. RFC 2536 doesn't actually confirm that the length of P is actually the key length - I think).
>> Thanks for your help,
> That is why I take T as the primary measure in Net::DNS::SEC. I can live with better values, let me know if you find something there.
I think you should use T as the measure of key length. You can also get T directly from the RDATA of the DNSKEY.
T 1 octet
Q 20 octets
P 64 + T*8 octets
G 64 + T*8 octets
Y 64 + T*8 octets
More information about the Opendnssec-develop