[Opendnssec-user]DS Calculation
Matthijs Mekking
matthijs at nlnetlabs.nl
Mon Aug 13 07:51:41 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The example program ldns-key2ds can do this for you.
Best regards,
Matthijs
On 08/13/2012 09:00 AM, Áõ˶ wrote:
> Hi all, Is there someone knows how to calculate DS RR? I find the
> formula in rfc 4034, but get puzzled:
>
> "
>
> The digest is calculated by concatenating the canonical form of
> the fully qualified owner name of the DNSKEY RR with the DNSKEY
> RDATA, and then applying the digest algorithm.
>
> digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
>
> "|" denotes concatenation
>
> DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
>
> " If there is a DNSKEY RR as follows: se. 3600
> IN DNSKEY 257 3 5 AwEAAZYYG1hpk8XKHNHpdO/E
> Eg+r4YmIEC4Fn3x2DEsygxDuoT9d/QCi
> X1pz0omFGCaVfCWHvaScVvWd4xP4kNDnSDQxBzPwLEXE3l0 cLseMJ2YM
> QeBPf3hGhLs6VSDnGFKAzNG4fhri9EBTLv9ubL8Kx8cWQKuu3A5HRVD3
> li7lZB+0kmUKq GiIQdERKt/Ec36BkK93lyGags5RrR2VDdrXCj9Yay90
> KCKITk52AbwVoMPm0OYlPbD4ViBPMk5nmh/d PeCoZoVJxgANZ/doVQxR
> 5vDkMBYxuhrXuQk3CvZBB011NsXxk9yHtHvp/5gjUVJjvhdRvjRB6/xY R0
> 3c9owi/aM=
>
> How to calculate ds using the formula above? Is
> "1(se.|257|3|5|AwEAAZYYG1hpk8XK...)" right for sha-1 ? But I know
> it's wrong. I have tried many other forms but haven't get the right
> result yet, is there anyone knows how to do it?
>
> Best regards, Stuart
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJQKLINAAoJEA8yVCPsQCW5P5wH/jliYhy0E2NcMCB9rs8aSqtF
mZ0J1u1VYjl1+9Y8Cico0WjD+DbE6BgkYMt78SgZNWV+p/hXs/gfqd/WEsoM0g9k
OE/hk9TrSCNx7jhMd2U2esYlKHygX0gfR1QCa+vkgMK3uGt9uCXvsox9U4zjwqVz
rzX9P0osmwKw0Cs90mPwJKBl2nTUSux2HH/gIF3gFjpaHcypvXXXGarz1c4eDaOd
aUb7LdyFjIRjY6RwpRTqHTjqPZ8OuOzccHzbb4ZhHuVM21RhP7RETQM0CzvifNd/
SGW5xtTyJH/hATzKDNPjYpqSE2gjzYBmMZi6dEXIuBc9fSMewCuWXhR+QcfSUIw=
=M6ov
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list