[Opendnssec-user]DS Calculation

Matthijs Mekking matthijs at nlnetlabs.nl
Mon Aug 13 07:51:41 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The example program ldns-key2ds can do this for you.

Best regards,
  Matthijs

On 08/13/2012 09:00 AM, Áõ˶ wrote:
> Hi all, Is there someone knows how to calculate DS RR? I find the
> formula in rfc 4034, but get puzzled:
> 
> "
> 
> The digest is calculated by concatenating the canonical form of
> the fully qualified owner name of the DNSKEY RR with the DNSKEY
> RDATA, and then applying the digest algorithm.
> 
> digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
> 
> "|" denotes concatenation
> 
> DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
> 
> " If there is a DNSKEY RR as follows: se.                     3600
> IN      DNSKEY  257 3 5 AwEAAZYYG1hpk8XKHNHpdO/E 
> Eg+r4YmIEC4Fn3x2DEsygxDuoT9d/QCi
> X1pz0omFGCaVfCWHvaScVvWd4xP4kNDnSDQxBzPwLEXE3l0 cLseMJ2YM
> QeBPf3hGhLs6VSDnGFKAzNG4fhri9EBTLv9ubL8Kx8cWQKuu3A5HRVD3
> li7lZB+0kmUKq GiIQdERKt/Ec36BkK93lyGags5RrR2VDdrXCj9Yay90
> KCKITk52AbwVoMPm0OYlPbD4ViBPMk5nmh/d PeCoZoVJxgANZ/doVQxR
> 5vDkMBYxuhrXuQk3CvZBB011NsXxk9yHtHvp/5gjUVJjvhdRvjRB6/xY R0 
> 3c9owi/aM=
> 
> How to calculate ds using the formula above? Is
> "1(se.|257|3|5|AwEAAZYYG1hpk8XK...)" right for sha-1 ? But I know 
> it's wrong. I have tried many other forms but haven't get the right
> result yet, is there anyone knows how to do it?
> 
> Best regards, Stuart
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQKLINAAoJEA8yVCPsQCW5P5wH/jliYhy0E2NcMCB9rs8aSqtF
mZ0J1u1VYjl1+9Y8Cico0WjD+DbE6BgkYMt78SgZNWV+p/hXs/gfqd/WEsoM0g9k
OE/hk9TrSCNx7jhMd2U2esYlKHygX0gfR1QCa+vkgMK3uGt9uCXvsox9U4zjwqVz
rzX9P0osmwKw0Cs90mPwJKBl2nTUSux2HH/gIF3gFjpaHcypvXXXGarz1c4eDaOd
aUb7LdyFjIRjY6RwpRTqHTjqPZ8OuOzccHzbb4ZhHuVM21RhP7RETQM0CzvifNd/
SGW5xtTyJH/hATzKDNPjYpqSE2gjzYBmMZi6dEXIuBc9fSMewCuWXhR+QcfSUIw=
=M6ov
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list