Net::DNS::SEC::Private(3) DNSSEC Private key object

SYNOPSIS


use Net::DNS::SEC::Private;
$private = new Net::DNS::SEC::Private( $keypath );
$private = new Net::DNS::SEC::Private(
'algorithm' => '13',
'keytag' => '26512',
'privatekey' => 'h/mc+iq9VDUbNAjQgi8S8JzlEX29IALchwJmNM3QYKk=',
'signame' => 'example.com.'
);

DESCRIPTION

Class representing private keys as read from a keyfile generated by BIND dnssec-keygen. The class is written to be used only in the context of the Net::DNS::RR::RRSIG create method. This class is not designed to interact with any other system.

METHODS

new (from private keyfile)

    $keypath = '/home/foo/Kexample.com.+013+26512.private';
    $private = new Net::DNS::SEC::Private( $keypath );

The argument is the full path to a private key file generated by the BIND dnssec-keygen tool. Note that the filename contains information about the algorithm and keytag.

new (from private key parameters)

    $private = new Net::DNS::SEC::Private(
        'algorithm'  => '13',
        'keytag'     => '26512',
        'privatekey' => 'h/mc+iq9VDUbNAjQgi8S8JzlEX29IALchwJmNM3QYKk=',
        'signame'    => 'example.com.'
        );

The arguments define the private key parameters as (name,value) pairs. The name and data representation are identical to that used in a BIND private keyfile.

private_key_format

    $format = $private->private_key_format;

Returns a string which identifies the format of the private key file.

algorithm, keytag, signame

    $algorithm = $private->algorithm;
    $keytag    = $private->keytag;
    $signame   = $private->signame;

Returns the corresponding attribute determined from the filename.

Private key attributes

    $attribute = $private->attribute;

Returns the value as it appears in the private key file. The attribute names correspond to the tag in the key file, modified to form an acceptable Perl subroutine name.

created, publish, activate

    $created  = $private->created;
    $publish  = $private->publish;
    $activate = $private->activate;

Returns a string which represents a date in the form 20141212123456. Returns undefined value for key formats older than v1.3.

RSA SPECIFIC HELPER FUNCTIONS

These functions may be useful to generate RSA private keys and import PEM format RSA private keys.

new_rsa_priv

    $private = Net::DNS::SEC::Private->new_rsa_priv( $keyblob,
                                                     $domain,
                                                     $flag,
                                                     $algorithm
                                                );

Constructor method which creates a Net::DNS::SEC::Private object from the supplied PEM keyblob.

The second argument specifies the domain name for which this key will be used.

The flag argument should be either 257 or 256 for SEP and non-SEP key respectively.

The keyblob should include the -----BEGIN...----- and -----END...----- lines. The padding is set to PKCS1_OAEP.

dump_rsa_priv

    $BIND_private_key = $private->dump_rsa_priv();

Returns the content of a BIND private keyfile (Private-key-format: v1.2).

dump_rsa_pub

    $public_key = $private->dump_rsa_pub();

Returns the public key field of the DNSKEY resource record.

dump_rsa_keytag

    $keytag = $private->dump_rsa_keytag();

Returns the keytag field of the DNSKEY resource record.

dump_rsa_private_pem

    $keyblob = $private->dump_rsa_private_pem();

Return the PEM-encoded representation of the private key. (Same format that can be read with the new_rsa_priv method.)

generate_rsa

    $newkey = Net::DNS::SEC::Private->generate_rsa( "example.com",
                                        256, 1024, $random, $algorithm );
    print $newkey->dump_rsa_priv();
    print $newkey->dump_rsa_pub();

Uses Crypt::OpenSSL::RSA generate_key to create a keypair.

The first argument is the name of the key.

The flag field takes the value of 257 for key-signing keys and ther value of 256 for zone signing keys.

The 3rd argument is the keysize (default 1024).

The 4th argument, if defined, is passed to the Crypt::OpenSSL::Random random_seed method (see Crypt::OpenSSL::RSA for details), not needed with a proper /dev/random.

The 5th argument specifies the algorithm if not RSASHA1 (the default).

COPYRIGHT

Copyright (c)2014 Dick Franks

All Rights Reserved

LICENSE

Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific prior written permission.

THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

LAST SEARCHED