[ldns-users] Key name to be used in ldns_pkt_tsig_verify

Willem Toorop Willem at NLnetLabs.nl
Tue Feb 14 20:17:48 UTC 2012


Op 14-02-12 17:30, Kaustubh Gadkari schreef:
>     ldns_rr* key_rr;
> 
> How would I populate this rr?

Well, lets say you created a shared key for TSIG transactions for the
example.com domain with:

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST examples.com

This creates two files:

Kexamples.com.+157+16702.key
Kexamples.com.+157+16702.private

Reading the keyfile and extracting the keyname and keydata:

ldns_rr*  key_rr;
char *keyname, *keydata;
FILE* fp = fopen("Kexamples.com.+157+16702.key", "r");
if (    ldns_rr_new_frm_fp(&key_rr, fp, NULL, NULL, NULL)
     == LDNS_STATUS_OK && ldns_rr_rd_count(rr) >= 4) {

	/* keyname will be "example.com." */
	keyname = ldns_rdf2str(ldns_rr_owner(rr));
	keydata = ldns_rdf2str(ldns_rr_rdf(rr, 3));

	/*
	 * Code that uses ldns_pkt_tsig_verify(),
	 * but it is probably easier to use a ldns_resolver.
	 */

	LDNS_FREE(keyname);
	LDNS_FREE(keydata);
}

Good luck!

-- Willem



More information about the ldns-users mailing list