[ldns-users] Private-key-format v1.3

Willem Toorop Willem at NLnetLabs.nl
Fri Nov 4 13:39:27 UTC 2011

Hi Kaustubh,

In the release notes for BIND 9.7.0, I read:

2731.	[func]		Additional work on change 2709.  The key parser
			will now ignore unrecognized fields when the
			minor version number of the private key format
			has been increased.  It will reject any key with
			the major version number increased. [RT #20310]

We should do this for ldns too.

I don't think ISC has documented Private-key-format files (or at least I
couldn't find it), but I did have a peek in the parser for bind
(dst_parse.c). All the new fields look related to key rollovers which is
currently not applicable for ldns so, I have relaxed the version
checking à la BIND.

Thanks, Willem

Op 04-11-11 06:27, Kaustubh Gadkari schreef:
> Hi,
> I am trying to read a key from a file with the ldns_key_new_frm_fp_l()
> function. However, the key I have is in the Private-key-format v1.3
> and I get an version mismatch error. The documentation mentions that
> only v1.2 is supported. But bind's dnssec-keygen tool generates v1.3
> keys. Is there any way of reading v1.3 keys?
> Thanks,
> Kaustubh

More information about the ldns-users mailing list