[ldns-users] Key name to be used in ldns_pkt_tsig_verify
Willem Toorop
Willem at NLnetLabs.nl
Mon Feb 13 15:23:17 UTC 2012
Hi Kaustubh,
Sorry for my late response. If you are reading the with
dnssec-keygen -n HOST
generated
K<zone>+<alg>+<keytag>.private
file with ldns_key_new_frm_fp then there is no way to set the name of
the key (which is the <zone> part of the filename b.t.w.) because it is
simply not in the file content.
Also, it is rather cumbersome to extract even the keyname:
ldns_key* key;
size_t i = ldns_key_hmac_size(key);
ldns_rdf* b64_bignum = ldns_rdf_new_frm_data( LDNS_RDF_TYPE_B64, i
, ldns_key_hmac_key(key));
char* keyname = ldns_rdf2str(b64_bignum);
Maybe it would be more convenient to read the K<zone>+<alg>+<keytag>.key
file in stead with ldns_key_new_frm_fp. keyname and keydata can then
simply be extracted with:
ldns_rr* key_rr;
char* keyname = ldns_rdf2str(ldns_rr_owner(key_rr));
char* keydata = ldns_rdf2str(ldns_rr_rdf(key_rr, 3));
Good luck!
-- Willem
Op 04-02-12 00:46, Kaustubh Gadkari schreef:
> Hi,
>
> I am trying to verify the tsig of a packet that I have received from a
> client. For the shared key, I use a key generated with dnssec-keygen.
> At my server side, I read the this key into an ldns_key structure
> using ldns_key_new_frm_fp() function. I want to use this key to verify
> the packet's tsig using the ldns_pkt_tsig_verify() function. This
> function asks for the key name, which I tried to get using the
> ldns_key_get_file_base_name(), but I get an assertion error for rd !=
> 0.
>
> What is the correct way to get the key name and key mac to use with
> the ldns_pkt_tsig_verify() function?
>
> Thanks,
> Kaustubh
>
>
> --
> Kaustubh Gadkari
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
More information about the ldns-users
mailing list