* Frank [2015-04-16 15:27]: > I do not want to read it. I want to calculate it. > In order to save it in my zone file.
See attached keytag.py. Usage: > $ python keytag.py DNSKEY 257 3 8 > AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF > FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX > bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD > X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz > W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS > Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0= > RSA exponent: 65537 > RSA keylength: 2048 bit > keytag: 19036 Regards, Matt
#!/usr/bin/env python
import base64
import struct
import sys
def keytag(flags, protocol, algorithm, key):
# legacy specification for RSA/MD5 in RFC 4034 Appendix B.1
if algorithm == 1:
(keytag,) = struct.unpack('>H', key[-3:-1])
return keytag
# all RDATA in wire format
rdata = struct.pack(">HBB", flags, protocol, algorithm)
rdata += key
# RFC 4034 Appendix B
ac = 0
for i in xrange(0, len(rdata)):
(ubyte,) = struct.unpack('B', rdata[i])
ac += ubyte if (i & 1) else ubyte << 8
ac += (ac >> 16) & 0xFFFF
return ac & 0xFFFF
# works only for RSA keys as specified in RFC 3110 Sec. 2
def parsekey(key):
# read first byte
(explength,) = struct.unpack('>B', key[0])
offset = 1
if explength == 0:
print >>sys.stderr, "Exponent length is two bytes!"
# read next two bytes
(explength,) = struct.unpack('>H', key[1:3])
offset = 3
# read binary of variable length as big-endian decimal number
expbuf = struct.unpack('>{0}B'.format(explength),
key[offset:(offset+explength)])
exponent = reduce(lambda x,y: (x<<8) + y, expbuf, 0)
offset += explength
modulus = key[offset:]
keysize = len(modulus) * 8
return (exponent, keysize, modulus) # exponent is decimal number, keysize
is decimal number of public key bits
if len(sys.argv) < 5:
print "usage:", sys.argv[0], "DNSKEY flags protocol algorithm key"
sys.exit(1)
offset = 2 if sys.argv[1] == 'DNSKEY' else 1
flags = int(sys.argv[offset])
protocol = int(sys.argv[offset+1])
algorithm = int(sys.argv[offset+2])
keytext = ''.join(sys.argv[offset+3:])
key = base64.b64decode(keytext)
if algorithm in (1, 3, 5, 7, 8):
(exponent, keysize, modulus) = parsekey(key)
print "RSA exponent:", exponent
print "RSA keylength:", keysize, "bit"
print "keytag:", keytag(flags, protocol, algorithm, key)
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
