On 4 May 2011, at 08:56, Stephane Bortzmeyer wrote: > On Wed, May 04, 2011 at 09:32:22AM +0200, > Nicolas Delvaux <[email protected]> wrote > a message of 25 lines which said: > >>>>> len(res.key) >> 260 >> >> I don't understand this result because I know this key length is 2048 >> bits (so 256*8). > > Wireshark displays the same numbers so I assume it is not a DNSpython > issue but my lack of understanding of key representation. There are > four bytes at the beginning of the key which look like some sort of > tag (03 01 00 01) but even after reading RFC 5702 and 3110, I do not > understand where do they come from and if I can expect to find them in > any key (.FR uses RSA+SHA-256).
The values encoded in the RSA DNSKEY key field are: The length of the exponent (takes either 1 byte or 3 bytes, usually 1) The exponent (length as specified above) The modulus (remaining bytes) 03 01 00 01 means: "The exponent is 3 bytes long" "The exponent is 0x010001, i.e. 65537". You can take a look at _validate_rrsig() dns/dnssec.py in dnspython to see how subfields are broken out of RSA and DSA key fields. /Bob _______________________________________________ dnspython-users mailing list [email protected] http://howl.play-bow.org/mailman/listinfo.cgi/dnspython-users
