[Opendnssec-user]DS Calculation

=?us-ascii?B?wfXLtg==?= shuoleo at 126.com
Mon Aug 13 07:00:50 UTC 2012


Hi all,
Is there someone knows how to calculate DS RR? I find the formula in rfc 4034, but get puzzled:

"
The digest is calculated by concatenating the canonical form of the
   fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA,
   and then applying the digest algorithm.

     digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);

      "|" denotes concatenation

     DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
"
If there is a DNSKEY RR as follows:
se.                     3600    IN      DNSKEY  257 3 5 AwEAAZYYG1hpk8XKHNHpdO/E
Eg+r4YmIEC4Fn3x2DEsygxDuoT9d/QCi X1pz0omFGCaVfCWHvaScVvWd4xP4kNDnSDQxBzPwLEXE3l0
cLseMJ2YM QeBPf3hGhLs6VSDnGFKAzNG4fhri9EBTLv9ubL8Kx8cWQKuu3A5HRVD3 li7lZB+0kmUKq
GiIQdERKt/Ec36BkK93lyGags5RrR2VDdrXCj9Yay90 KCKITk52AbwVoMPm0OYlPbD4ViBPMk5nmh/d
PeCoZoVJxgANZ/doVQxR 5vDkMBYxuhrXuQk3CvZBB011NsXxk9yHtHvp/5gjUVJjvhdRvjRB6/xY R0
3c9owi/aM=

How to calculate ds using the formula above?
Is "1(se.|257|3|5|AwEAAZYYG1hpk8XK...)" right for sha-1 ? But I know it's wrong.
I have tried many other forms but haven't get the right result yet, is there anyone 
knows how to do it?

Best regards,
Stuart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120813/7b2c28a2/attachment.htm>


More information about the Opendnssec-user mailing list