1SEC::Private(3) User Contributed Perl Documentation SEC::Private(3)
2
3
4
6 Net::DNS::SEC::Private - DNS SIG Private key object
7
9 use Net::DNS::SEC::Private; my $private=Net::DNS::SEC::Pri‐
10 vate->new($keypath);
11
13 Class containing a the private key as read from a dnssec-keygen gener‐
14 ate zonefile. The class is written to be used only in the context of
15 the Net::DNS::RR::SIG create method. This class is not designed to
16 interact with any other system.
17
19 new
20
21 $private->new("/home/foo/ Kexample.com.+001+11567.private")
22
23 Creator method. The argument is the full path to a private key gener‐
24 ated by the BIND dnssec-keygen tool. Note that the filename contains
25 information about the algorithm and keyid.
26
27 private
28
29 $private->private
30
31 Returns the private key material. This is either a Crypt::OpenSSL::RSA
32 or Crypt::OpenSSL::DSA object. This is really only relevant to the
33 Net::DNS::RR::SIG class.
34
35 algorithm, keytag, signame
36
37 $private->algorithm
38 $private->keytag
39 $private->signame
40
41 Returns components as determined from the filename and needed by
42 Net::DNS::RR::RRSIG.
43
45 These functions may be usefull to read and transfer BIND private keys
46 to and from X509 format.
47
48 new_rsa_private
49
50 Constructor method.
51
52 my $private=Net::DNS::SEC::Private->new_rsa_private($keyblob,$domain,$flag);
53
54 Creates a Net::DNS::SEC::Private object from the supplied string. For
55 the object to be useful you will have to provide the "domain" name for
56 which this key is to be used as the second argument and the flag
57 (either 256 or 257 for a non SEP and a SEP key respectivly).
58
59 The string should include the -----BEGIN...----- and -----END...-----
60 lines. The padding is set to PKCS1_OAEP, but can be changed with the
61 use_xxx_padding methods
62
63 It is the same
64
65 dump_rsa_priv
66
67 my $bind_keyfilecontent=$private->dump_rsa_priv
68
69 Returns the content of a BIND private keyfile (Private-key-format:
70 v1.2).
71
72 An empty string will be returned if not all parameters are available
73 (please supply the author with example code if this ever happens).
74
75 dump_rsa_pub
76
77 my $bind_keyfilecontent=$private->dump_rsa_pub
78
79 Returns the publick key part of the DNSKEY RR.
80
81 Returns an empty string on failure.
82
83 dump_rsa_keytag
84
85 my $flags=257; # SEP key.
86 my $keytag=$private->dump_rsa_keytag($flags);
87
88 This function will calculate the keyt with the value of the DNSKEY
89 flags as input.
90
91 The flags field may be needed in case it was not specified when the key
92 was created. If the object allready knows it's flags vallue the input
93 is ignored.
94
95 returns undefined on failure
96
97 dump_rsa_private_der
98
99 my $keyblob=$private->dump_rsa_privat_der
100
101 Return the DER-encoded PKCS1 representation of the private key. (Same
102 format that can be read with the read_rsa_private method.)
103
104 generate_rsa
105
106 my $keypair=Net::DNS::SEC::Private->generate_rsa("example.com",$flag,1024,$random);
107 prin $newkey->dump_rsa_priv;
108 print $newkey->dump_rsa_pub();
109
110 Uses Crypt::OpenSSL::RSA generate_key to create a keypair.
111
112 First argument is the name of the key, the second argument is the flag
113 field (take a value of 257 for Keysigning keys and a value of 256 for
114 zone signing keys). The 3rd argument is the keysize.
115
116 If the 4th argument is defined it is passed to the Crypt::OpenSSL::Ran‐
117 dom::random_seed method (see Crypt::OpenSSL::RSA for details), not
118 needed with a proper /dev/random.
119
121 This is a code sniplet from the test script. First a new keypair is
122 generated. An Net::DNS::RR object is created by constructing the
123 resource record string - using the dump_rsa_pub() method.
124
125 Then a self signature over the public key is created and verified.
126
127 my $newkey=Net::DNS::SEC::Private->generate_rsa("example.com",257,1024);
128 my $tstpubkeyrr= Net::DNS::RR->new ($newkey->signame .
129 " IN DNSKEY 257 3 5 ".
130 $newkey->dump_rsa_pub());
131 # flags not needed as argument for dump_rsa_keytag
132 $ since they where set by generate_rsa
133
134 is($tstpubkeyrr->keytag,$newkey->dump_rsa_keytag(),
135 "Consistent keytag calculation");
136
137 my $sigrr= create Net::DNS::RR::RRSIG([$tstpubkeyrr],$newkey);
138 is ($sigrr->keytag,$tstpubkeyrr->keytag,
139 "Consisted keytag in the created signature");;
140
141 ok($sigrr->verify([$tstpubkeyrr],$tstpubkeyrr),
142 "Self verification consistent.");
143
145 Copyright (c) 2002-2005 RIPE NCC. Author Olaf M. Kolkman
146 <olaf@net-dns.org>
147
148 All Rights Reserved
149
150 Permission to use, copy, modify, and distribute this software and its
151 documentation for any purpose and without fee is hereby granted, pro‐
152 vided that the above copyright notice appear in all copies and that
153 both that copyright notice and this permission notice appear in sup‐
154 porting documentation, and that the name of the author not be used in
155 advertising or publicity pertaining to distribution of the software
156 without specific, written prior permission.
157
158 THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
159 INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO
160 EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
161 DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
162 PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
163 ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
164 THIS SOFTWARE.
165
166 This code uses Crypt::OpenSSL which uses the openssl library
167
169 <http://www.net-dns.org/>
170
171 perl(1), Net::DNS, Net::DNS::RR::SIG,
172 Crypt::OpenSSL::RSA,Crypt::OpenSSL::DSA, RFC 2435 Section 4, RFC 2931.
173
174
175
176perl v5.8.8 2006-02-14 SEC::Private(3)