> If someone could forward this to DNSEXT WG, I would appreciate it. > > Thanks, > > --Dean > > ---------- Forwarded message ---------- > Date: Sat, 30 Aug 2008 23:14:44 -0400 (EDT) > From: Dean Anderson <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: DNSKEY / multiprecision number format? > > I'm wondering how the exponent and modulus are stored in a DNSKEY record > for RSASHA1. RFC3110 just makes some vague references to where things > go, but does not define their precise format: > > exponent length 1 or 3 octets (see text) > exponent as specified by length field > modulus remaining space
The numbers are in network byte order. > The format of large binary numbers is never specified in RFC3110, and no > standard exists that I can find. I notice that BIND tools just use the > openssl library calls bn2bin, which produces an undefined and > non-standardized openssl format. GMP and presumably other > multiprecision libraries have their own format. GMP's mpz_import > function has a number of parameters for importing from different binary > multiprecision number formats: > > count, > order, > size, > endian, > nails > > http://gmplib.org/manual/Integer-Import-and-Export.html#Integer-Import-and-Ex > port > "The parameters specify the format of the data. /count/ many words are > read, each /size/ bytes. order can be 1 for most significant word > first or -1 for least significant first. Within each word /endian/ can > be 1 for most significant byte first, -1 for least significant first, > or 0 for the native endianness of the host CPU. The most significant > /nails/ bits of each word are skipped, this can be 0 to use the full > words. " As for any integer in network byte order, "count, 1, 1, 1, 0". > The only one that can be inferred from an instance of an DNSKEY RR is > count. > > So, can anyone say what the remaining 4 parameters should be for DNSKEY > and other DNSSEC records? > > Is there an RFC that defines these parameters? > > Thanks, > > --Dean > > > -- > Av8 Internet Prepared to pay a premium for better service? > www.av8.net faster, more reliable, better service > 617 344 9000 > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop