[Opendnssec-develop] Re: [OpenDNSSEC] #257: Error in ods-signerd

Thu Aug 4 13:29:59 UTC 2011

#257: Error in ods-signerd
----------------------------------------------+-----------------------------
Reporter:  staffordp1@…                       |        Owner:  matthijs
    Type:  defect                             |       Status:  new     
Priority:  minor                              |    Component:  Signer  
 Version:  1.3.0                              |   Resolution:          
Keywords:  nsec3params zone.c nsec3params_rr  |  
----------------------------------------------+-----------------------------

Comment (by anonymous):

 Because I'm not getting an error when I do the conversion, I'd like to
 make sure that it's not something to do with the key i'm using.  Here is
 how it's executed to translate it:

 # /usr/local/softHSM/bin/softhsm-keyconv --topkcs8 --in  ksk.6561.private
 --out ksk.6561.key[[BR]]
 The key has been written to ksk.6561.key

 Here is the contents of ksk.6561.private:
 {{{
 Private-key-format: v1.2
 Algorithm: 7 (?)
 Modulus:
 tzitzGUaFd5Z21Tz3R/Q2DYAJl7/92IWJFr5wnjPoVRwVMjWP73I0Ju9YAdTIEpj47bRS5NnkaRuc78GfqWt6zdfSSiQKPZ9plXYAiWmj36r8RYc6Acin10nwEf5X+WuZpUaQXz8nNcZ4XImU2Ha30e29X8iJM5SYVBoWv0oIdC2r/8EUb7I2/aT4eIIKETQbw5bnOu7o8czJbx8ORQC8hxZNL9tByCPv5FK90zOGRNInIJ4Doh20ZY+b02KWvuVSiTO459w6pCTFJm49FCpehEen2XilA742nysMayzTArCSJXIizZ0CXyeA5dvyJz1QaUNX9p9WpFKutNCP/Rk4w==
 PublicExponent: AQAB
 PrivateExponent:
 o2k+wSSO3mBAvjkHgvmEV8HZ4l8qZiYqX2Rwi70aWeYohcXWKGWI/F1aypHd1tfiPU9pXcFrRt9jz4HZNg1oj3gEWQh/grlNGZRIoqmX4zVz/wLc5yit/XqlIH5Q8PG12TI0h6IE35GNOKCJhCargibBDDXGaxNFMBv55uUQ7Q5pwt/v7aYYAcgAOG5pXer/i9bVbJGCLX1X9Jn7O8Kt4SfftJmCqGIyeDEMrHoXtuoOehwedlNMG8jH/GQ/R5DnjLAp5yyjppvXwQUkV7TOq3VE/mnZtiVfNSbjiqVt/x7Ze9e9I3Qwja2PNCqitHtFim8ojAh/8lIOqaGMvGAzQQ==
 Prime1:
 4EIuE3d3VqF5QPQTgLTe77LIhIlVIveEAIj6Dt4KROoCUWH9mbv0kD7dC0uoKz/faPijEf3kTECDYYb4NAUtoEA0aEdPqcbVsjcIUIIkXsl9mqbZlTmOxhWNveCM66Dud2kSZa2vdMH2DSAj5vbgVNeWPYizdHA80fXnYOJoLUM=
 Prime2:
 0SeNqiBHw1d83TMgX8cVmYIsh0sgxPlUl5HkxPgQrVCeOYo7bFpPElaakibZuxg6YVLK15Kca8a3mVYSLgd+eAVhijvgT1pJRVL53zQGHcddQMLGOl8rUUWXkLX3u7NXOTudHgK6NZxRHb31A19gq2ihokXXY6+p0vrjOXAYn+E=
 Exponent1:
 hPB2Y+/T/LToLksCLLAL4Eg5eef3Yi0cQTzyD1ItAEFAcoIGVdYH2mKJoqKM5GaOx6ls8cNyTImJ2IysIhpXu8GTz6VGYjyOfYEGGsOrT81d+gmivkVKj75DMiYlI6FY+8x7rW7SrgI1G/7LiaUbwu+yDnQ0/XdzdnuxV8ufOgU=
 Exponent2:
 RqUNfIEavCg4zJ4QOUmNSiRl1ezSTLXKlMd6de0z9NZeGyFNoPN/8bm+y87DjCZK0cSdLuMeYmjkaq5fxZxSY0euAnrm8OaWCQxVycZQqo5EOTOQsPakMvdGkmJkIsoYlARGtXRGYQVDgMBAmbsFc+ALeDwO3GTg/5ouVaA/MQE=
 Coefficient:
 FYAwTyzhqfg4JZ9cEqJLedAK2AbCKOkKL1P6VDzlaREI9eKN3jwFJ/5bpdq0RVXgq5QVQn5efu/JTpWqSzY/qAKgLBWGHMpnd92B4E5xzhqq6hX2bHttEmuf+MnBmaJrVZjlXyXiCRmnMMy8okE/WrOfHYORqU+awY/oBpquEms=
 }}}

 Replying to [comment:4 rb]:
 > Maybe the backup file is a side effect. Will ignore it for now and focus
 on your first steps.
 > []
 > So some of the BIND private key files from Xelerence DNSx will have
 "Algorithm: ?" in them?
 >
 > SoftHSM is doing strtol() and will get 0 on the question mark. Thus
 returning this error message:
 > {{{
 > softhsm-keyconv --topkcs8 --in Kexample.com.+007+62955.private --out
 key.pem
 > Error: The algorithm 0 is not supported.
 > }}}
 >
 > What more steps did you take? Because I cannot reproduce this.

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/257#comment:6>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC