1Net::DNS::SEC::Keyset(3U)ser Contributed Perl DocumentatiNoent::DNS::SEC::Keyset(3)
2
3
4

NAME

6       Net::DNS::SEC::Keyset - DNSSEC Keyset object class
7

SYNOPSIS

9           use Net::DNS::SEC::Keyset;
10

DESCRIPTION

12       A keyset is an "administrative" unit used for DNSSEC maintenance.
13
14       This class provides interfaces for creating, reading and writing
15       keysets.
16
17       Object methods are provided to extract DNSKEY, RRSIG and DS records.
18
19       Note that this class is still being developed.  Attributes and methods
20       are subject to change.
21
22   new (from file)
23           $keyset = Net::DNS::SEC::Keyset->new( $filename );
24           $keyset = Net::DNS::SEC::Keyset->new( $filename, $directory );
25           die Net::DNS::SEC::Keyset->keyset_err unless $keyset;
26
27       Constructor method which reads the specified keyset file and returns a
28       keyset object.
29
30       The optional second argument specifies the filename base directory.
31
32       Sets keyset_err and returns undef on failure.
33
34   new (by signing keys)
35           $keyset = Net::DNS::SEC::Keyset->new( [@keyrr], $privatekeypath );
36
37       Creates a keyset object from the keys provided through the reference to
38       an array of Net::DNS::RR::DNSKEY objects.
39
40       The method will create and self-sign the whole keyset. The private keys
41       as generated by the BIND dnssec-keygen tool are assumed to be in the
42       current directory or, if specified, the directory indicated by
43       $privatekeypath.
44
45       Sets keyset_err and returns undef on failure.
46
47   new (from key and sig RRsets)
48           $keyset = Net::DNS::Keyset->new( [@keyrr], [@sigrr] );
49
50       Creates a keyset object from the keys provided through the references
51       to arrays of Net::DNS::RR::DNSKEY and Net::DNS::RR::RRSIG objects.
52
53       Sets keyset_err and returns undef on failure.
54
55   new (from Packet)
56           $res = Net::DNS::Resolver->new;
57           $res->dnssec(1);
58
59           $packet = $res->query ( "example.com", "DNSKEY", "IN" );
60
61           $keyset = Net::DNS::SEC::Keyset->new( $packet )
62
63       Creates a keyset object from a Net::DNS::Packet that contains the
64       answer to a query for the apex key records.
65
66       This is the method you should use for automatically fetching keys.
67
68       Sets keyset_err and returns undef on failure.
69
70   keys
71           @keyrr = $keyset->keys;
72
73       Returns an array of Net::DNS::RR::DNSKEY objects.
74
75   sigs
76           @sigrr = $keyset->sigs;
77
78       Returns an array of Net::DNS::RR::RRSIG objects.
79
80   extract_ds
81           @ds = $keyset->extract_ds;
82           die $keyset->keyset_err unless @ds;
83
84       Extracts DS records from the keyset. Note that the keyset will be
85       verified during extraction. All keys will need to have a valid self-
86       signature.
87
88       The method sets keyset_err if verification fails.
89
90   verify
91           @keytags = $keyset->verify();
92           die $keyset->keyset_err unless @keytags;
93
94           $keyset->verify( $keytag ) || die $keyset->keyset_err;
95
96       If no arguments are given:
97
98       · Verifies if all signatures present verify the keyset.
99
100       · Verifies if there are DNSKEYs with the SEP flag set, there is at
101         least one RRSIG made using that key.
102
103       · Verifies that if there are no DNSKEYs with the SEP flag set there is
104         at least one RRSIG made with one of the keys from the keyset.
105
106       If an argument is given, it is should be the numeric keytag of the key
107       in the keyset which will be verified using the corresponding RRSIG.
108
109       The method returns a list of keytags of verified keys in the keyset.
110
111       The method sets keyset_err and returns empty list if verification
112       fails.
113
114   keyset_err
115           $keyset_err = Net::DNS::SEC::Keyset->keyset_err;
116
117           $keyset_err = $keyset->keyset_err;
118
119       Returns the keyset error string.
120
121   string
122           $string = $keyset->string;
123
124       Returns a string representation of the keyset.
125
126   print
127           $keyset->print;             # similar to print( $keyset->string )
128
129       Prints the keyset.
130
131   writekeyset
132           $keyset->writekeyset;
133           $keyset->writekeyset( $path );
134           $keyset->writekeyset( $prefix );
135           $keyset->writekeyset( $prefix, $path );
136
137       Writes the keyset to a file named "keyset-<domain>." in the current
138       working directory or directory defined by the optional $path argument.
139
140       The optional $prefix argument specifies the prefix that will be
141       prepended to the domain name to form the keyset filename.
142
144       Copyright (c)2002 RIPE NCC.  Author Olaf M. Kolkman
145
146       Portions Copyright (c)2014 Dick Franks
147
148       All Rights Reserved
149

LICENSE

151       Permission to use, copy, modify, and distribute this software and its
152       documentation for any purpose and without fee is hereby granted,
153       provided that the above copyright notice appear in all copies and that
154       both that copyright notice and this permission notice appear in
155       supporting documentation, and that the name of the author not be used
156       in advertising or publicity pertaining to distribution of the software
157       without specific prior written permission.
158
159       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
160       OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
161       MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
162       IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
163       CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
164       TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
165       SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
166
167
168
169perl v5.30.1                      2020-01-30          Net::DNS::SEC::Keyset(3)
Impressum