1SEC::Private(3) User Contributed Perl Documentation SEC::Private(3)
2
6 Net::DNS::SEC::Private - DNS SIG Private key object
7
9 use Net::DNS::SEC::Private; my $private=Net::DNS::SEC::Pri‐
10 vate->new($keypath);
11
13 Class containing a the private key as read from a dnssec-keygen gener‐
14 ate zonefile. The class is written to be used only in the context of
15 the Net::DNS::RR::SIG create method. This class is not designed to
16 interact with any other system.
17
19 new
20 $private->new("/home/foo/ Kexample.com.+001+11567.private")
22 Creator method. The argument is the full path to a private key gener‐
24 ated by the BIND dnssec-keygen tool. Note that the filename contains
25 information about the algorithm and keyid.
26 private
28 $private->private
30 Returns the private key material. This is either a Crypt::OpenSSL::RSA
32 or Crypt::OpenSSL::DSA object. This is really only relevant to the
33 Net::DNS::RR::SIG class.
34 algorithm, keytag, signame
36 $private->algorithm
38 $private->keytag
39 $private->signame
40 Returns components as determined from the filename and needed by
42 Net::DNS::RR::RRSIG.
43
45 These functions may be usefull to read and transfer BIND private keys
46 to and from X509 format.
47 new_rsa_private
49 Constructor method.
51 my $private=Net::DNS::SEC::Private->new_rsa_private($keyblob,$domain,$flag);
53 Creates a Net::DNS::SEC::Private object from the supplied string. For
55 the object to be useful you will have to provide the "domain" name for
56 which this key is to be used as the second argument and the flag
57 (either 256 or 257 for a non SEP and a SEP key respectivly).
58 The string should include the -----BEGIN...----- and -----END...-----
60 lines. The padding is set to PKCS1_OAEP, but can be changed with the
61 use_xxx_padding methods
62 It is the same
64 dump_rsa_priv
66 my $bind_keyfilecontent=$private->dump_rsa_priv
68 Returns the content of a BIND private keyfile (Private-key-format:
70 v1.2).
71 An empty string will be returned if not all parameters are available
73 (please supply the author with example code if this ever happens).
74 dump_rsa_pub
76 my $bind_keyfilecontent=$private->dump_rsa_pub
78 Returns the publick key part of the DNSKEY RR.
80 Returns an empty string on failure.
82 dump_rsa_keytag
84 my $flags=257; # SEP key.
86 my $keytag=$private->dump_rsa_keytag($flags);
87 This function will calculate the keyt with the value of the DNSKEY
89 flags as input.
90 The flags field may be needed in case it was not specified when the key
92 was created. If the object allready knows it's flags vallue the input
93 is ignored.
94 returns undefined on failure
96 dump_rsa_private_der
98 my $keyblob=$private->dump_rsa_privat_der
100 Return the DER-encoded PKCS1 representation of the private key. (Same
102 format that can be read with the read_rsa_private method.)
103 generate_rsa
105 my $keypair=Net::DNS::SEC::Private->generate_rsa("example.com",$flag,1024,$random);
107 prin $newkey->dump_rsa_priv;
108 print $newkey->dump_rsa_pub();
109 Uses Crypt::OpenSSL::RSA generate_key to create a keypair.
111 First argument is the name of the key, the second argument is the flag
113 field (take a value of 257 for Keysigning keys and a value of 256 for
114 zone signing keys). The 3rd argument is the keysize.
115 If the 4th argument is defined it is passed to the Crypt::OpenSSL::Ran‐
117 dom::random_seed method (see Crypt::OpenSSL::RSA for details), not
118 needed with a proper /dev/random.
119
121 This is a code sniplet from the test script. First a new keypair is
122 generated. An Net::DNS::RR object is created by constructing the
123 resource record string - using the dump_rsa_pub() method.
124 Then a self signature over the public key is created and verified.
126 my $newkey=Net::DNS::SEC::Private->generate_rsa("example.com",257,1024);
128 my $tstpubkeyrr= Net::DNS::RR->new ($newkey->signame .
129 " IN DNSKEY 257 3 5 ".
130 $newkey->dump_rsa_pub());
131 # flags not needed as argument for dump_rsa_keytag
132 $ since they where set by generate_rsa
133 is($tstpubkeyrr->keytag,$newkey->dump_rsa_keytag(),
135 "Consistent keytag calculation");
136 my $sigrr= create Net::DNS::RR::RRSIG([$tstpubkeyrr],$newkey);
138 is ($sigrr->keytag,$tstpubkeyrr->keytag,
139 "Consisted keytag in the created signature");;
140 ok($sigrr->verify([$tstpubkeyrr],$tstpubkeyrr),
142 "Self verification consistent.");
143
145 Copyright (c) 2002-2005 RIPE NCC. Author Olaf M. Kolkman
146 <olaf@net-dns.org>
147 All Rights Reserved
149 Permission to use, copy, modify, and distribute this software and its
151 documentation for any purpose and without fee is hereby granted, pro‐
152 vided that the above copyright notice appear in all copies and that
153 both that copyright notice and this permission notice appear in sup‐
154 porting documentation, and that the name of the author not be used in
155 advertising or publicity pertaining to distribution of the software
156 without specific, written prior permission.
157 THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
159 INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO
160 EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
161 DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
162 PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
163 ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
164 THIS SOFTWARE.
165 This code uses Crypt::OpenSSL which uses the openssl library
167
169 <http://www.net-dns.org/>
170 perl(1), Net::DNS, Net::DNS::RR::SIG,
172 Crypt::OpenSSL::RSA,Crypt::OpenSSL::DSA, RFC 2435 Section 4, RFC 2931.
173perl v5.8.8 2006-02-14 SEC::Private(3)