[ldns-users] Key name to be used in ldns_pkt_tsig_verify

Kaustubh Gadkari kaustubh.gadkari at gmail.com
Tue Feb 14 16:30:46 UTC 2012


On Mon, Feb 13, 2012 at 8:23 AM, Willem Toorop <Willem at nlnetlabs.nl> wrote:

> Hi Kaustubh,
>
> Sorry for my late response. If you are reading the with
>        dnssec-keygen -n HOST
> generated
>        K<zone>+<alg>+<keytag>.private
> file with ldns_key_new_frm_fp then there is no way to set the name of
> the key (which is the <zone> part of the filename b.t.w.) because it is
> simply not in the file content.
>
> Also, it is rather cumbersome to extract even the keyname:
>
> ldns_key* key;
>
> size_t i = ldns_key_hmac_size(key);
> ldns_rdf* b64_bignum = ldns_rdf_new_frm_data( LDNS_RDF_TYPE_B64, i
>                                            , ldns_key_hmac_key(key));
> char* keyname = ldns_rdf2str(b64_bignum);
>
> Maybe it would be more convenient to read the K<zone>+<alg>+<keytag>.key
> file in stead with ldns_key_new_frm_fp. keyname and keydata can then
> simply be extracted with:
>
> ldns_rr* key_rr;
>

How would I populate this rr?

Thanks,
Kaustubh


>
> char* keyname = ldns_rdf2str(ldns_rr_owner(key_rr));
> char* keydata = ldns_rdf2str(ldns_rr_rdf(key_rr, 3));
>
> Good luck!
>
> -- Willem
>
> Op 04-02-12 00:46, Kaustubh Gadkari schreef:
> > Hi,
> >
> > I am trying to verify the tsig of a packet that I have received from a
> > client. For the shared key, I use a key generated with dnssec-keygen.
> > At my server side, I read the this key into an ldns_key structure
> > using ldns_key_new_frm_fp() function. I want to use this key to verify
> > the packet's tsig using the ldns_pkt_tsig_verify() function. This
> > function asks for the key name, which I tried to get using the
> > ldns_key_get_file_base_name(), but I get an assertion error for rd !=
> > 0.
> >
> > What is the correct way to get the key name and key mac to use with
> > the ldns_pkt_tsig_verify() function?
> >
> > Thanks,
> > Kaustubh
> >
> >
> > --
> > Kaustubh Gadkari
> > _______________________________________________
> > ldns-users mailing list
> > ldns-users at open.nlnetlabs.nl
> > http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>



-- 
Kaustubh Gadkari
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20120214/907edaa4/attachment.htm>


More information about the ldns-users mailing list