1SEC::Private(3) User Contributed Perl Documentation SEC::Private(3)
2
6 Net::DNS::SEC::Private - DNS SIG Private key object
7
9 use Net::DNS::SEC::Private; my
10 $private=Net::DNS::SEC::Private->new($keypath);
11
13 Class containing a the private key as read from a dnssec-keygen
14 generate zonefile. The class is written to be used only in the context
15 of the Net::DNS::RR::SIG create method. This class is not designed to
16 interact with any other system.
17
19 new
20 $private->new("/home/foo/ Kexample.com.+001+11567.private")
21 Creator method. The argument is the full path to a private key
23 generated by the BIND dnssec-keygen tool. Note that the filename
24 contains information about the algorithm and keyid.
25 private
27 $private->private
28 Returns the private key material. This is either a Crypt::OpenSSL::RSA
30 or Crypt::OpenSSL::DSA object. This is really only relevant to the
31 Net::DNS::RR::SIG class.
32 algorithm, keytag, signame, created, publish, activate
34 $private->algorithm
35 $private->keytag
36 $private->signame
37 $private->created
38 $private->publish
39 $private->activate
40 Returns components as determined from the filename and needed by
42 Net::DNS::RR::RRSIG. The 'created', 'publish' and 'activate'
43 components are only available in version 1.3 or higher formatted files.
44
46 These functions may be usefull to read and transfer BIND private keys
47 to and from X509 format.
48 new_rsa_private
50 Constructor method.
51 my $private=Net::DNS::SEC::Private->new_rsa_private($keyblob,$domain,$flag);
53 Creates a Net::DNS::SEC::Private object from the supplied string. For
55 the object to be useful you will have to provide the "domain" name for
56 which this key is to be used as the second argument and the flag
57 (either 256 or 257 for a non SEP and a SEP key respectivly).
58 The string should include the -----BEGIN...----- and -----END...-----
60 lines. The padding is set to PKCS1_OAEP, but can be changed with the
61 use_xxx_padding methods
62 It is the same
64 dump_rsa_priv
66 my $bind_keyfilecontent=$private->dump_rsa_priv
67 Returns the content of a BIND private keyfile (Private-key-format:
69 v1.2).
70 An empty string will be returned if not all parameters are available
72 (please supply the author with example code if this ever happens).
73 dump_rsa_pub
75 my $bind_keyfilecontent=$private->dump_rsa_pub
76 Returns the publick key part of the DNSKEY RR.
78 Returns an empty string on failure.
80 dump_rsa_keytag
82 my $flags=257; # SEP key.
83 my $keytag=$private->dump_rsa_keytag($flags);
84 This function will calculate the keyt with the value of the DNSKEY
86 flags as input.
87 The flags field may be needed in case it was not specified when the key
89 was created. If the object allready knows it's flags vallue the input
90 is ignored.
91 returns undefined on failure
93 dump_rsa_private_der
95 my $keyblob=$private->dump_rsa_privat_der
96 Return the DER-encoded PKCS1 representation of the private key. (Same
98 format that can be read with the read_rsa_private method.)
99 generate_rsa
101 my $keypair=Net::DNS::SEC::Private->generate_rsa("example.com",$flag,1024,$random);
102 prin $newkey->dump_rsa_priv;
103 print $newkey->dump_rsa_pub();
104 Uses Crypt::OpenSSL::RSA generate_key to create a keypair.
106 First argument is the name of the key, the second argument is the flag
108 field (take a value of 257 for Keysigning keys and a value of 256 for
109 zone signing keys). The 3rd argument is the keysize.
110 If the 4th argument is defined it is passed to the
112 Crypt::OpenSSL::Random::random_seed method (see Crypt::OpenSSL::RSA for
113 details), not needed with a proper /dev/random.
114
116 This is a code sniplet from the test script. First a new keypair is
117 generated. An Net::DNS::RR object is created by constructing the
118 resource record string - using the dump_rsa_pub() method.
119 Then a self signature over the public key is created and verified.
121 my $newkey=Net::DNS::SEC::Private->generate_rsa("example.com",257,1024);
123 my $tstpubkeyrr= Net::DNS::RR->new ($newkey->signame .
124 " IN DNSKEY 257 3 5 ".
125 $newkey->dump_rsa_pub());
126 # flags not needed as argument for dump_rsa_keytag
127 $ since they where set by generate_rsa
128 is($tstpubkeyrr->keytag,$newkey->dump_rsa_keytag(),
130 "Consistent keytag calculation");
131 my $sigrr= create Net::DNS::RR::RRSIG([$tstpubkeyrr],$newkey);
133 is ($sigrr->keytag,$tstpubkeyrr->keytag,
134 "Consisted keytag in the created signature");;
135 ok($sigrr->verify([$tstpubkeyrr],$tstpubkeyrr),
137 "Self verification consistent.");
138
140 Copyright (c) 2002-2005 RIPE NCC. Author Olaf M. Kolkman
141 <olaf@net-dns.org>
142 All Rights Reserved
144 Permission to use, copy, modify, and distribute this software and its
146 documentation for any purpose and without fee is hereby granted,
147 provided that the above copyright notice appear in all copies and that
148 both that copyright notice and this permission notice appear in
149 supporting documentation, and that the name of the author not be used
150 in advertising or publicity pertaining to distribution of the software
151 without specific, written prior permission.
152 THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
154 INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO
155 EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
156 DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
157 PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
158 ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
159 THIS SOFTWARE.
160 This code uses Crypt::OpenSSL which uses the openssl library
162
164 http://www.net-dns.org/ <http://www.net-dns.org/>
165 perl(1), Net::DNS, Net::DNS::RR::SIG,
167 Crypt::OpenSSL::RSA,Crypt::OpenSSL::DSA, RFC 2435 Section 4, RFC 2931.
168perl v5.12.3 2011-06-23 SEC::Private(3)