Root key format

PaulWouters · May 9, 2012, 4:01pm

I might be confused and wrong,

The unbound daemon required the following format to load a root key from
a seperate file:

trusted-keys {
"." 257 3 8
"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg3
7NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7
OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=";
// key id = 19036

};

When using libunbound in C or python bindings using add_ta_file() it
needs the format:

. 172800 IN DNSKEY 257 3 8
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0Nf
nfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8
LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
;{id = 19036 (ksk), size = 2048

I would like to ship 1 file format that can be used for both. Am I
overlooking something?

Paul

Jan-Piet_Mens1 · May 9, 2012, 5:52pm

I would like to ship 1 file format that can be used for both. Am I
overlooking something?

The rdata portion is identical in both cases, so you could ship that and
"build" the format you need upon initializing your application. Would
that work?

-JP

PaulWouters · May 9, 2012, 5:59pm

Ideally, I would like to ship one format of the root key, usuable by any
application, not just unbound. I had hoped that the format everyone
would decide on was the trusted-key statement in bind syntax.

I'm trying to avoid shipping the root key in various tools and
applications.

With respect to unbound, it would be nice if the daemon and the library
could settle on 1 format to use.

Paul

Wouter · May 15, 2012, 8:37am

Hi Paul,

jschlyter · May 15, 2012, 5:49pm

Why not just ship the DS record for the root?

jakob

PaulWouters · May 16, 2012, 3:17pm

Can bind and unbound daemons and libraries load a DS key format?

Paul

jschlyter · May 16, 2012, 5:59pm

Can bind

not yet, but I hope they will soon. perhaps it's time to file a feature request?

and unbound

yes, but of course.

daemons and libraries load a DS key format?

jakob