[ldns-users] GOST algorithm validation does not work
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Thu Jul 1 15:24:32 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Zbynek,
Did you compile ldns with --enable-gost? Did openssl compile yourself
(gost included by default), or is openssl from the distro (is gost.so
installed?)?
Best regards,
Wouter
On 07/01/2010 04:45 PM, Zbynek Michl wrote:
> Hi,
>
> I am trying to validate signed domain name using GOST algorithm, but
> unsuccessfully (ldns r3283, openssl 1.0.0a).
>
> Here is an input of ldns_verify():
>
> www.m-system.net. 76874 IN A 69.64.81.2
> www.m-system.net. 76874 IN RRSIG A 12 3 86400 20100723062450
> 20100623062450 64666 m-system.net.
> ZKhex8zNMVcLnHFHt31y5cOlngVWBHTH5AxhCK2VPK3Jz6RrvFK21F9thuMErAyIIFj0GLadJpNTEAuSkwzubA==
> ;{id = 64666}
> m-system.net. 76874 IN DNSKEY 256 3 12
> vvJWsxH3J5IZ6YEcG1C+MaYGX/YwzIeFoIXgUOuGHx/fvet0SJefkPE0il40Sm4T4y5aYN8vyZLQgtJYiCYIbQ==
> ;{id = 64666 (zsk), size = 512b}
> m-system.net. 76874 IN DNSKEY 257 3 12
> BDtDa2UxLe7cdDs9bX/X1Y/UXuhJnDrGDRuVQW0BBo8QF1Pr959WBI5QylNxyKp9Rm4yslb1hj4BQUEUWpOLWw==
> ;{id = 27152 (ksk), size = 512b}
>
> ldns_verify() result: Bogus DNSSEC signature
>
> What could be wrong? Domain name signature should be OK as far as I know.
>
> Thanks,
> Zbynek
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkwsszAACgkQkDLqNwOhpPhWggCglnFCfeNSXRr71RSmeo0UEV3C
TOUAoKLK68S0/WGz9tOeIrNaTGCHSwtV
=SwpL
-----END PGP SIGNATURE-----
More information about the ldns-users
mailing list