[net-dns-users] GOST signature validation
Wessels, Duane
dwessels at verisign.com
Mon Nov 4 21:25:56 UTC 2013
Sure thing. Two files are attached. First, a patch to Net::DNS::SEC. Note that there are two other
changes mixed in with this patch. (1) I think there was a bug with Digest::BubbleBabble being optional,
and (2) I added support for SHA384 DS records.
The second file is SEC/GOST.pm. It uses the Perl Inline module and some openssl calls to implement
the GOST verification. One of the things I struggled with was the setting the DIRECTORY option when
calling the Inline module. I think the default is to create something in the current directory and
my particular application doesn't have a writable current directory. I don't know if the /var/tmp
inline directory is very safe.
Note that Digest::GOST::CryptoPro is used when generating DS records. If someone only wants to
generate DS records, they can do that just in Perl. The Inline/openssl code is needed to validate
signatures. I did not write any code to generate GOST signatures.
On Oct 28, 2013, at 2:07 PM, Dick Franks <rwfranks at acm.org> wrote:
> Duane,
>
> I would be interested to see your solution to this, even if it is not pretty.
>
> Dick Franks
> ________________________
>
>
>
> On 16 January 2013 17:46, Wessels, Duane <dwessels at verisign.com> wrote:
> On the subject of GOST, for what it's worth I also have code to validate GOST RRSIGs.
> Since there doesn't seem to be a perl module that already does this, I resorted to
> using the Inline module and calling the openssl library functions. Its not very
> pretty but it does work. I can share it if there is interest, but I don't think it
> fits very well into the Net::DNS::SEC package as-is.
>
> DW
> _______________________________________________
> net-dns-users mailing list
> net-dns-users at nlnetlabs.nl
> https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users
>
> _______________________________________________
> net-dns-users mailing list
> net-dns-users at nlnetlabs.nl
> https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20131104/6a7c68ff/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: net-dns-sec-gost.patch
Type: application/octet-stream
Size: 6656 bytes
Desc: net-dns-sec-gost.patch
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20131104/6a7c68ff/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GOST.pm
Type: text/x-perl-script
Size: 2469 bytes
Desc: GOST.pm
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20131104/6a7c68ff/attachment.bin>
More information about the net-dns-users
mailing list