1SEC::Private(3)       User Contributed Perl Documentation      SEC::Private(3)
2
3
4

NAME

6       Net::DNS::SEC::Private - DNS SIG Private key object
7

SYNOPSIS

9       use Net::DNS::SEC::Private; my $private=Net::DNS::SEC::Pri‐
10       vate->new($keypath);
11

DESCRIPTION

13       Class containing a the private key as read from a dnssec-keygen gener‐
14       ate zonefile. The class is written to be used only in the context of
15       the Net::DNS::RR::SIG create method. This class is not designed to
16       interact with any other system.
17

METHODS

19       new
20
21       $private->new("/home/foo/ Kexample.com.+001+11567.private")
22
23       Creator method. The argument is the full path to a private key gener‐
24       ated by the BIND dnssec-keygen tool. Note that the filename contains
25       information about the algorithm and keyid.
26
27       private
28
29       $private->private
30
31       Returns the private key material. This is either a Crypt::OpenSSL::RSA
32       or Crypt::OpenSSL::DSA object. This is really only relevant to the
33       Net::DNS::RR::SIG class.
34
35       algorithm, keytag, signame
36
37        $private->algorithm
38        $private->keytag
39        $private->signame
40
41       Returns components as determined from the filename and needed by
42       Net::DNS::RR::RRSIG.
43

RSASHA1 specific helper functions

45       These functions may be usefull to read and transfer BIND private keys
46       to and from X509 format.
47
48       new_rsa_private
49
50       Constructor method.
51
52        my $private=Net::DNS::SEC::Private->new_rsa_private($keyblob,$domain,$flag);
53
54       Creates a Net::DNS::SEC::Private object from the supplied string.  For
55       the object to be useful you will have to provide the "domain" name for
56       which this key is to be used as the second argument and the flag
57       (either 256 or 257 for a non SEP and a SEP key respectivly).
58
59       The string should include the -----BEGIN...----- and -----END...-----
60       lines.  The padding is set to PKCS1_OAEP, but can be changed with the
61       use_xxx_padding methods
62
63       It is the same
64
65       dump_rsa_priv
66
67         my $bind_keyfilecontent=$private->dump_rsa_priv
68
69       Returns the content of a BIND private keyfile (Private-key-format:
70       v1.2).
71
72       An empty string will be returned if not all parameters are available
73       (please supply the author with example code if this ever happens).
74
75       dump_rsa_pub
76
77           my $bind_keyfilecontent=$private->dump_rsa_pub
78
79       Returns the publick key part of the DNSKEY RR.
80
81       Returns an empty string on failure.
82
83       dump_rsa_keytag
84
85           my $flags=257;   # SEP key.
86           my $keytag=$private->dump_rsa_keytag($flags);
87
88       This function will calculate the keyt with the value of the DNSKEY
89       flags as input.
90
91       The flags field may be needed in case it was not specified when the key
92       was created. If the object allready knows it's flags vallue the input
93       is ignored.
94
95       returns undefined on failure
96
97       dump_rsa_private_der
98
99           my $keyblob=$private->dump_rsa_privat_der
100
101       Return the DER-encoded PKCS1 representation of the private key. (Same
102       format that can be read with the read_rsa_private method.)
103
104       generate_rsa
105
106           my $keypair=Net::DNS::SEC::Private->generate_rsa("example.com",$flag,1024,$random);
107       prin $newkey->dump_rsa_priv;
108       print $newkey->dump_rsa_pub();
109
110       Uses Crypt::OpenSSL::RSA generate_key to create a keypair.
111
112       First argument is the name of the key, the second argument is the flag
113       field (take a value of 257 for Keysigning keys and a value of 256 for
114       zone signing keys). The 3rd argument is the keysize.
115
116       If the 4th argument is defined it is passed to the Crypt::OpenSSL::Ran‐
117       dom::random_seed method (see Crypt::OpenSSL::RSA for details), not
118       needed with a proper /dev/random.
119

Example

121       This is a code sniplet from the test script. First a new keypair is
122       generated.  An Net::DNS::RR object is created by constructing the
123       resource record string - using the dump_rsa_pub() method.
124
125       Then a self signature over the public key is created and verified.
126
127           my $newkey=Net::DNS::SEC::Private->generate_rsa("example.com",257,1024);
128           my $tstpubkeyrr= Net::DNS::RR->new ($newkey->signame .
129                                           "  IN DNSKEY 257 3 5 ".
130                                           $newkey->dump_rsa_pub());
131           # flags not needed as argument for dump_rsa_keytag
132           $ since they where set by generate_rsa
133
134           is($tstpubkeyrr->keytag,$newkey->dump_rsa_keytag(),
135                       "Consistent keytag calculation");
136
137           my $sigrr= create Net::DNS::RR::RRSIG([$tstpubkeyrr],$newkey);
138           is ($sigrr->keytag,$tstpubkeyrr->keytag,
139                   "Consisted keytag in the created signature");;
140
141           ok($sigrr->verify([$tstpubkeyrr],$tstpubkeyrr),
142                    "Self verification consistent.");
143
145       Copyright (c) 2002-2005 RIPE NCC.  Author Olaf M. Kolkman
146       <olaf@net-dns.org>
147
148       All Rights Reserved
149
150       Permission to use, copy, modify, and distribute this software and its
151       documentation for any purpose and without fee is hereby granted, pro‐
152       vided that the above copyright notice appear in all copies and that
153       both that copyright notice and this permission notice appear in sup‐
154       porting documentation, and that the name of the author not be used in
155       advertising or publicity pertaining to distribution of the software
156       without specific, written prior permission.
157
158       THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
159       INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO
160       EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
161       DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
162       PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
163       ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
164       THIS SOFTWARE.
165
166       This code uses Crypt::OpenSSL which uses the openssl library
167

SEE ALSO

169       <http://www.net-dns.org/>
170
171       perl(1), Net::DNS, Net::DNS::RR::SIG,
172       Crypt::OpenSSL::RSA,Crypt::OpenSSL::DSA, RFC 2435 Section 4, RFC 2931.
173
174
175
176perl v5.8.8                       2006-02-14                   SEC::Private(3)
Impressum