1Net::DNS::SEC::Keyset(3U)ser Contributed Perl DocumentatiNoent::DNS::SEC::Keyset(3)
2
3
4
6 Net::DNS::SEC::Keyset - DNSSEC Keyset object class
7
9 use Net::DNS::SEC::Keyset;
10
12 A keyset is an "administrative" unit used for DNSSEC maintenance.
13
14 This class provides interfaces for creating, reading and writing
15 keysets.
16
17 Object methods are provided to extract DNSKEY, RRSIG and DS records.
18
19 Note that this class is still being developed. Attributes and methods
20 are subject to change.
21
22 new (from file)
23 $keyset = Net::DNS::SEC::Keyset->new( $filename );
24 $keyset = Net::DNS::SEC::Keyset->new( $filename, $directory );
25 die Net::DNS::SEC::Keyset->keyset_err unless $keyset;
26
27 Constructor method which reads the specified keyset file and returns a
28 keyset object.
29
30 The optional second argument specifies the filename base directory.
31
32 Sets keyset_err and returns undef on failure.
33
34 new (by signing keys)
35 $keyset = Net::DNS::SEC::Keyset->new( [@keyrr], $privatekeypath );
36
37 Creates a keyset object from the keys provided through the reference to
38 an array of Net::DNS::RR::DNSKEY objects.
39
40 The method will create and self-sign the whole keyset. The private keys
41 as generated by the BIND dnssec-keygen tool are assumed to be in the
42 current directory or, if specified, the directory indicated by
43 $privatekeypath.
44
45 Sets keyset_err and returns undef on failure.
46
47 new (from key and sig RRsets)
48 $keyset = Net::DNS::Keyset->new( [@keyrr], [@sigrr] );
49
50 Creates a keyset object from the keys provided through the references
51 to arrays of Net::DNS::RR::DNSKEY and Net::DNS::RR::RRSIG objects.
52
53 Sets keyset_err and returns undef on failure.
54
55 new (from Packet)
56 $res = Net::DNS::Resolver->new;
57 $res->dnssec(1);
58
59 $packet = $res->query ( "example.com", "DNSKEY", "IN" );
60
61 $keyset = Net::DNS::SEC::Keyset->new( $packet )
62
63 Creates a keyset object from a Net::DNS::Packet that contains the
64 answer to a query for the apex key records.
65
66 This is the method you should use for automatically fetching keys.
67
68 Sets keyset_err and returns undef on failure.
69
70 keys
71 @keyrr = $keyset->keys;
72
73 Returns an array of Net::DNS::RR::DNSKEY objects.
74
75 sigs
76 @sigrr = $keyset->sigs;
77
78 Returns an array of Net::DNS::RR::RRSIG objects.
79
80 extract_ds
81 @ds = $keyset->extract_ds;
82 die $keyset->keyset_err unless @ds;
83
84 Extracts DS records from the keyset. Note that the keyset will be
85 verified during extraction. All keys will need to have a valid self-
86 signature.
87
88 The method sets keyset_err if verification fails.
89
90 verify
91 @keytags = $keyset->verify();
92 die $keyset->keyset_err unless @keytags;
93
94 $keyset->verify( $keytag ) || die $keyset->keyset_err;
95
96 If no arguments are given:
97
98 · Verifies if all signatures present verify the keyset.
99
100 · Verifies if there are DNSKEYs with the SEP flag set, there is at
101 least one RRSIG made using that key.
102
103 · Verifies that if there are no DNSKEYs with the SEP flag set there is
104 at least one RRSIG made with one of the keys from the keyset.
105
106 If an argument is given, it is should be the numeric keytag of the key
107 in the keyset which will be verified using the corresponding RRSIG.
108
109 The method returns a list of keytags of verified keys in the keyset.
110
111 The method sets keyset_err and returns empty list if verification
112 fails.
113
114 keyset_err
115 $keyset_err = Net::DNS::SEC::Keyset->keyset_err;
116
117 $keyset_err = $keyset->keyset_err;
118
119 Returns the keyset error string.
120
121 string
122 $string = $keyset->string;
123
124 Returns a string representation of the keyset.
125
126 print
127 $keyset->print; # similar to print( $keyset->string )
128
129 Prints the keyset.
130
131 writekeyset
132 $keyset->writekeyset;
133 $keyset->writekeyset( $path );
134 $keyset->writekeyset( $prefix );
135 $keyset->writekeyset( $prefix, $path );
136
137 Writes the keyset to a file named "keyset-<domain>." in the current
138 working directory or directory defined by the optional $path argument.
139
140 The optional $prefix argument specifies the prefix that will be
141 prepended to the domain name to form the keyset filename.
142
144 Copyright (c)2002 RIPE NCC. Author Olaf M. Kolkman
145
146 Portions Copyright (c)2014 Dick Franks
147
148 All Rights Reserved
149
151 Permission to use, copy, modify, and distribute this software and its
152 documentation for any purpose and without fee is hereby granted,
153 provided that the above copyright notice appear in all copies and that
154 both that copyright notice and this permission notice appear in
155 supporting documentation, and that the name of the author not be used
156 in advertising or publicity pertaining to distribution of the software
157 without specific prior written permission.
158
159 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
160 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
161 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
162 IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
163 CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
164 TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
165 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
166
167
168
169perl v5.30.0 2019-07-26 Net::DNS::SEC::Keyset(3)