[ldns-users] Key name to be used in ldns_pkt_tsig_verify

Willem Toorop Willem at NLnetLabs.nl
Mon Feb 13 15:23:17 UTC 2012

Hi Kaustubh,

Sorry for my late response. If you are reading the with
	dnssec-keygen -n HOST
file with ldns_key_new_frm_fp then there is no way to set the name of
the key (which is the <zone> part of the filename b.t.w.) because it is
simply not in the file content.

Also, it is rather cumbersome to extract even the keyname:

ldns_key* key;

size_t i = ldns_key_hmac_size(key);
ldns_rdf* b64_bignum = ldns_rdf_new_frm_data( LDNS_RDF_TYPE_B64, i
					    , ldns_key_hmac_key(key));
char* keyname = ldns_rdf2str(b64_bignum);

Maybe it would be more convenient to read the K<zone>+<alg>+<keytag>.key
file in stead with ldns_key_new_frm_fp. keyname and keydata can then
simply be extracted with:

ldns_rr* key_rr;

char* keyname = ldns_rdf2str(ldns_rr_owner(key_rr));
char* keydata = ldns_rdf2str(ldns_rr_rdf(key_rr, 3));

Good luck!

-- Willem

Op 04-02-12 00:46, Kaustubh Gadkari schreef:
> Hi,
> I am trying to verify the tsig of a packet that I have received from a
> client. For the shared key, I use a key generated with dnssec-keygen.
> At my server side, I read the this key into an ldns_key structure
> using ldns_key_new_frm_fp() function. I want to use this key to verify
> the packet's tsig using the ldns_pkt_tsig_verify() function. This
> function asks for the key name, which I tried to get using the
> ldns_key_get_file_base_name(), but I get an assertion error for rd !=
> 0.
> What is the correct way to get the key name and key mac to use with
> the ldns_pkt_tsig_verify() function?
> Thanks,
> Kaustubh
> --
> Kaustubh Gadkari
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users

More information about the ldns-users mailing list