[Opendnssec-user] DNSKEY keytag calculation differencens between ods-hsmutil and ods-ksmutil
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Nov 14 07:25:56 UTC 2013
Hi! Using ODS 1.3.15 and nCipher HSMs:
The key itself is identical, but the calculated tag differs when
calculated by ods-hsmutil: KSKs have an offset of 4 (and reported falsly
as ZSK), ZSKs have an offset of 3.
See output below.
Thanks
Klaus
# ods-ksmutil key list -v
SQLite database set to: /var/lib/opendnssec/db/kasp.db
Keys:
Zone: Keytype: CKA_ID: Keytag:
renamed KSK f2c291c81ecc6014e2d80f6cd2f4c9e1 47764
ods-ksmutil key export --zone renamed
;active KSK DNSKEY record:
renamed. 3600 IN DNSKEY 257 3 8
AwEAAatfpcBwA9w1fEh7a5d43Nrd8ogcVrUzS+24zPV5fzdBmQOK1YIyY0sMnsSTRTCa/G/HfTOtEYVwxVvxqNIek/zWJKvJP5ZFGYh/RSCFDdHVvXhDUqNP5hqoZitipetZ9JcxjjZ7FSCcboCv1vQcXxSWUhrx0lNyLilKtqA2w9CPpajSwVr1gNAOJkAqLc8noEKSPzJIf068sc5Vr8mocXuC2JUhqSqTqbOX++WH6NgXH4T2u3SSsZZ0y7Ik1iCQPvenMPUJpgWMHKECEePUzH88fVN2hY9k8AoNNz9OHii8TCfQYwe10bEfkud5ISwrQDx/nk/30G06GN3mZpOm53k=
;{id = 47764 (ksk), size = 2048b}
# ods-hsmutil dnskey f2c291c81ecc6014e2d80f6cd2f4c9e1 renamed
renamed. 3600 IN DNSKEY 256 3 5
AwEAAatfpcBwA9w1fEh7a5d43Nrd8ogcVrUzS+24zPV5fzdBmQOK1YIyY0sMnsSTRTCa/G/HfTOtEYVwxVvxqNIek/zWJKvJP5ZFGYh/RSCFDdHVvXhDUqNP5hqoZitipetZ9JcxjjZ7FSCcboCv1vQcXxSWUhrx0lNyLilKtqA2w9CPpajSwVr1gNAOJkAqLc8noEKSPzJIf068sc5Vr8mocXuC2JUhqSqTqbOX++WH6NgXH4T2u3SSsZZ0y7Ik1iCQPvenMPUJpgWMHKECEePUzH88fVN2hY9k8AoNNz9OHii8TCfQYwe10bEfkud5ISwrQDx/nk/30G06GN3mZpOm53k=
;{id = 47760 (zsk), size = 2048b}
More information about the Opendnssec-user
mailing list