The NSEC3 algorithms aren't completely supported in the 0.15 release.
Specifically there are times key-reading from a file breaks. The patch
fixes the cases I found and/or could spot easily in the SEC/Private.pm code.
| Subject: | NSEC3.patch |
--- Private.pm 2009-02-06 12:19:58.000000000 -0800
+++ /users/hardaker/.cpan/build/Net-DNS-SEC-0.15-VgZZcg/SEC/Private.pm 2008-12-30 09:27:04.000000000 -0800
@@ -55,7 +55,7 @@
croak "Private Key Format not regognized";
}
}elsif (/^Algorithm:\s*(\d*)/) {
- if ($1 != 1 && $1 != 3 && $1 != 5 && $1 != 6 && $1 != 7) {
+ if ($1 != 1 && $1 != 3 && $1 != 5) {
croak "Key $key_file algorithm is not RSA or DSA (those are the only implemented algorithms) ";
}
@@ -91,8 +91,7 @@
}
close(KEYFH);
- if ($self->{"algorithm"} == 1 || $self->{"algorithm"} == 5 ||
- $self->{"algorithm"} == 7) { #RSA
+ if ($self->{"algorithm"} == 1 || $self->{"algorithm"} == 5) { #RSA
$self->{'privatekey'}=Crypt::OpenSSL::RSA->
new_key_from_parameters(
$Modulus,
@@ -117,7 +116,7 @@
return(0);
}
- }elsif ($self->{"algorithm"} == 3 || $self->{'algorithm'} == 6){ #DSA
+ }elsif ($self->{"algorithm"} == 3){ #DSA
my $private_dsa = Crypt::OpenSSL::DSA->new();
$private_dsa->set_p($prime_p);
$private_dsa->set_q($subprime_q);
@@ -205,7 +204,7 @@
my ( $Modulus,$PublicExponent, $PrivateExponent, $Prime1, $Prime2, $Exponent1,
$Exponent2,$Coefficient )=$self->{"privatekey"}->get_key_parameters;
my $string="Private-key-format: v1.2\n";
- $string .= "Algorithm: $self->{'algorithm'} (RSASHA1)\n";
+ $string .= "Algorithm: 5 (RSASHA1)\n";
if (defined $Modulus
&& defined $PublicExponent
@@ -264,7 +263,7 @@
# _not_ set the flag.
$self->{"flags"}=$flags unless shift;
my $alg=$self->{"algorithm"};
- return () unless ($alg ==1 || $alg ==5 || $alg == 7);
+ return () unless ($alg ==1 || $alg ==5);
my $key=$self->dump_rsa_pub;
return () unless $key;
my $tmprr=Net::DNS::RR->new("tmp IN DNSKEY $flags 3 $alg $key");