@@ -1,5 +1,15 @@
Revision history for Perl extension Net::DNS::SEC.
+
+***0.21 Oktober 24, 2014
+
+ Fix: rt.cpan.org #99250
+ [RRSIG] validation fails when Signer's Name is upper case
+
+ Fix: rt.cpan.org #99106
+ Premature end of base64 data (in 14-misc.t test script)
+
+
***0.20 August 15, 2014
Fix: rt.cpan.org #97457
@@ -469,7 +479,7 @@ Net::DNS. The history of those is documented below.
0.19-DNSSEC-0.3:
Solved patch problems that where due to the
- $Id: Changes 1248 2014-08-15 08:44:56Z willem $ in headers not
+ $Id: Changes 1281 2014-10-24 08:16:24Z willem $ in headers not
being from the original distribution.
Added DSA signature creation
@@ -501,4 +511,4 @@ Net::DNS. The history of those is documented below.
---------------------------------------------------------------------------
-$Id: Changes 1248 2014-08-15 08:44:56Z willem $
+$Id: Changes 1281 2014-10-24 08:16:24Z willem $
@@ -1,10 +1,10 @@
package Net::DNS::Keyset;
#
-# $Id: Keyset.pm 1179 2014-03-19 21:46:58Z willem $
+# $Id: Keyset.pm 1271 2014-10-10 21:55:38Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1179 $)[1];
+$VERSION = (qw$LastChangedRevision: 1271 $)[1];
=head1 NAME
@@ -180,7 +180,7 @@ sub keys {
@keyrr = $keyset->sigs;
-Returns an array of Net::DNS::RR::Sig objects
+Returns an array of Net::DNS::RR::RRSIG objects
=cut
@@ -39,8 +39,6 @@ t/11-sep.t
t/11-sigstress.t
t/12-nsec++.t
t/13-utilities.t
-t/14-misc.t
-t/16-dlv.t
t/51-DS-SHA1.t
t/52-DS-SHA256.t
t/53-DS-GOST.t
@@ -35,6 +35,7 @@
"Crypt::OpenSSL::Bignum" : "0.03",
"Crypt::OpenSSL::DSA" : "0.1",
"Crypt::OpenSSL::RSA" : "0.19",
+ "Crypt::OpenSSL::Random" : "0",
"Digest::BubbleBabble" : "0.01",
"Digest::SHA" : "5.23",
"File::Basename" : "0",
@@ -49,5 +50,5 @@
}
},
"release_status" : "stable",
- "version" : "0.20"
+ "version" : "0.21"
}
@@ -21,6 +21,7 @@ requires:
Crypt::OpenSSL::Bignum: 0.03
Crypt::OpenSSL::DSA: 0.1
Crypt::OpenSSL::RSA: 0.19
+ Crypt::OpenSSL::Random: 0
Digest::BubbleBabble: 0.01
Digest::SHA: 5.23
File::Basename: 0
@@ -31,4 +32,4 @@ requires:
Test::More: 0.47
Time::Local: 0
perl: 5.006
-version: 0.20
+version: 0.21
@@ -1,5 +1,5 @@
#
-# $Id: Makefile.PL 1179 2014-03-19 21:46:58Z willem $
+# $Id: Makefile.PL 1275 2014-10-14 20:37:29Z willem $
#
@@ -29,6 +29,7 @@ WriteMakefile(
PREREQ_PM => {
Net::DNS => 0.69,
Crypt::OpenSSL::Bignum => 0.03,
+ Crypt::OpenSSL::Random => 0.0,
Crypt::OpenSSL::RSA => 0.19,
Crypt::OpenSSL::DSA => 0.10,
Digest::BubbleBabble => 0.01,
@@ -1,10 +1,10 @@
package Net::DNS::RR::CDNSKEY;
#
-# $Id: CDNSKEY.pm 1209 2014-05-29 10:19:07Z willem $
+# $Id: CDNSKEY.pm 1261 2014-09-11 10:14:45Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1209 $)[1];
+$VERSION = (qw$LastChangedRevision: 1261 $)[1];
use warnings;
@@ -61,6 +61,6 @@ Package template (c)2009,2012 O.M.Kolkman and R.W.Franks.
=head1 SEE ALSO
-L<perl>, L<Net::DNS>, L<Net::DNS::RR>, L<Net::DNS::RR::DNSKEY>, RFC4034
+L<perl>, L<Net::DNS>, L<Net::DNS::RR>, L<Net::DNS::RR::DNSKEY>, RFC7344
=cut
@@ -1,10 +1,10 @@
package Net::DNS::RR::CDS;
#
-# $Id: CDS.pm 1209 2014-05-29 10:19:07Z willem $
+# $Id: CDS.pm 1261 2014-09-11 10:14:45Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1209 $)[1];
+$VERSION = (qw$LastChangedRevision: 1261 $)[1];
use warnings;
@@ -61,6 +61,6 @@ Package template (c)2009,2012 O.M.Kolkman and R.W.Franks.
=head1 SEE ALSO
-L<perl>, L<Net::DNS>, L<Net::DNS::RR>, L<Net::DNS::RR::DS>, RFC4431
+L<perl>, L<Net::DNS>, L<Net::DNS::RR>, L<Net::DNS::RR::DS>, RFC7344
=cut
@@ -1,10 +1,10 @@
package Net::DNS::RR::DLV;
#
-# $Id: DLV.pm 1192 2014-04-11 08:43:54Z willem $
+# $Id: DLV.pm 1276 2014-10-19 06:02:40Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1192 $)[1];
+$VERSION = (qw$LastChangedRevision: 1276 $)[1];
use warnings;
@@ -34,7 +34,7 @@ DNS DLV resource record
This is a clone of the DS record and inherits all properties of
the Net::DNS::RR::DS class.
-Please see the L<Net::DNS::RR::DS> perldocumentation for details.
+Please see the L<Net::DNS::RR::DS> documentation for details.
=head1 METHODS
@@ -1,10 +1,10 @@
package Net::DNS::RR::DNSKEY;
#
-# $Id: DNSKEY.pm 1209 2014-05-29 10:19:07Z willem $
+# $Id: DNSKEY.pm 1271 2014-10-10 21:55:38Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1209 $)[1];
+$VERSION = (qw$LastChangedRevision: 1271 $)[1];
use strict;
@@ -82,17 +82,16 @@ sub decode_rdata { ## decode rdata from wire-format octet string
sub encode_rdata { ## encode rdata as wire-format octet string
my $self = shift;
- return '' unless $self->{algorithm};
- pack 'n C2 a*', $self->flags, $self->protocol, $self->algorithm, $self->keybin;
+ my $keybin = $self->keybin || return '';
+ pack 'n C2 a*', $self->flags, $self->protocol, $self->algorithm, $keybin;
}
sub format_rdata { ## format rdata portion of RR string.
my $self = shift;
- my $keybin = $self->keybin || return '';
+ my $base64 = MIME::Base64::encode $self->keybin || return '';
my @params = map $self->$_, qw(flags protocol algorithm);
- my $base64 = MIME::Base64::encode $keybin;
chomp $base64;
return join ' ', @params, "(\n$base64 ) ; Key ID =", $self->keytag;
}
@@ -102,7 +101,7 @@ sub parse_rdata { ## populate RR from rdata in argument list
my $self = shift;
$self->$_(shift) for qw(flags protocol algorithm);
- $self->publickey(@_);
+ $self->key(@_);
}
@@ -260,8 +259,6 @@ sub sep {
}
-my $warned;
-
sub is_sep { ## historical
my $self = shift;
return $self->sep(@_) ? 1 : 0;
@@ -331,8 +328,9 @@ The format depends on the algorithm of the key being stored.
$privatekeyname=$rr->privatekeyname
Returns the name of the privatekey as it would be generated by
-the BIND dnssec-keygen program. The format of that name being
-K\<fqdn\>+\<algorithm\>+\<keyid\>.private
+the BIND dnssec-keygen program. The format of that name being:
+
+ K<fqdn>+<algorithm>+<keyid>.private
=head2 keylength
@@ -342,7 +340,7 @@ Returns the length (in bits) of the modulus calculated from the key text.
print "keytag = ", $rr->keytag, "\n";
-Returns the key tag of the key. (RFC2535 4.1.6)
+Returns the 16-bit numerical key tag of the key. (RFC2535 4.1.6)
=head2 zone
@@ -1,10 +1,10 @@
package Net::DNS::RR::DS;
#
-# $Id: DS.pm 1179 2014-03-19 21:46:58Z willem $
+# $Id: DS.pm 1276 2014-10-19 06:02:40Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1179 $)[1];
+$VERSION = (qw$LastChangedRevision: 1276 $)[1];
use strict;
@@ -136,7 +136,7 @@ sub format_rdata { ## format rdata portion of RR string.
my $self = shift;
return '' unless $self->{digtype};
- my @babble = ( "\n;", $self->babble ) if BABBLE;
+ my @babble = BABBLE ? ( "\n;", $self->babble ) : ();
my $digest = $self->digest;
$digest = join( "\n", '(', split /(\S{64})/, $digest ) . ' )' if length $digest > 40;
join ' ', @{$self}{qw(keytag algorithm digtype)}, $digest, @babble;
@@ -236,7 +236,7 @@ sub create {
);
my $owner = $self->{owner}->encode();
- my $data = pack 'a* a*', $owner, $keyrr->_canonicalRdata;
+ my $data = pack 'a* a*', $owner, $keyrr->encode_rdata;
my $arglist = $digest{$self->digtype} || croak 'unsupported digest type';
my ( $object, @argument ) = @$arglist;
@@ -337,6 +337,8 @@ the string method is called.
=head2 create
+ use Net::DNS::SEC;
+
$dsrr = create Net::DNS::RR::DS($keyrr, digtype => 'SHA-256' );
$keyrr->print;
$dsrr->print;
@@ -1,10 +1,10 @@
package Net::DNS::RR::KEY;
#
-# $Id: KEY.pm 1192 2014-04-11 08:43:54Z willem $
+# $Id: KEY.pm 1276 2014-10-19 06:02:40Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1192 $)[1];
+$VERSION = (qw$LastChangedRevision: 1276 $)[1];
use warnings;
@@ -34,7 +34,7 @@ DNS KEY resource record
This is a clone of the DNSKEY record and inherits all properties of
the Net::DNS::RR::DNSKEY class.
-Please see the L<Net::DNS::RR::DNSKEY> perldocumentation for details.
+Please see the L<Net::DNS::RR::DNSKEY> documentation for details.
=head1 METHODS
@@ -1,10 +1,10 @@
package Net::DNS::RR::NSEC;
#
-# $Id: NSEC.pm 1179 2014-03-19 21:46:58Z willem $
+# $Id: NSEC.pm 1276 2014-10-19 06:02:40Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1179 $)[1];
+$VERSION = (qw$LastChangedRevision: 1276 $)[1];
use strict;
@@ -71,7 +71,7 @@ sub typelist {
$self->{typebm} = &_type2bm if scalar @_;
- my @type = &_bm2type( $self->{typebm} ) if defined wantarray;
+ my @type = defined wantarray ? &_bm2type( $self->{typebm} ) : ();
return "@type" unless wantarray;
return @type;
}
@@ -104,7 +104,7 @@ sub _type2bm {
$window++;
}
- return $bitmap;
+ return $bitmap || '';
}
@@ -1,10 +1,10 @@
package Net::DNS::RR::NSEC3;
#
-# $Id: NSEC3.pm 1236 2014-07-29 08:00:49Z willem $
+# $Id: NSEC3.pm 1271 2014-10-10 21:55:38Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1236 $)[1];
+$VERSION = (qw$LastChangedRevision: 1271 $)[1];
use strict;
@@ -110,7 +110,7 @@ sub parse_rdata { ## populate RR from rdata in argument list
$self->flags(shift);
$self->iterations(shift);
my $salt = shift;
- $self->salt( defined($salt) && ( $salt ne '-' ) ? $salt : '' );
+ $self->salt($salt) unless $salt eq '-';
$self->hnxtname(shift);
$self->typelist(@_);
}
@@ -334,9 +334,9 @@ integer. The value is between 0 and 65535, inclusive.
$salt = $rr->salt;
$rr->salt( $salt );
-The Salt field is represented by a contiguous sequence of hexadecimal
-digits. This field is represented as "-" (without quotes) when the
-used in string format to indicate that the salt field is absent.
+The Salt field is represented as a contiguous sequence of hexadecimal
+digits. A "-" (unquoted) is used in string format to indicate that the
+salt field is absent.
=head2 saltbin
@@ -1,10 +1,10 @@
package Net::DNS::RR::NSEC3PARAM;
#
-# $Id: NSEC3PARAM.pm 1193 2014-04-28 07:11:19Z willem $
+# $Id: NSEC3PARAM.pm 1271 2014-10-10 21:55:38Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1193 $)[1];
+$VERSION = (qw$LastChangedRevision: 1271 $)[1];
use strict;
@@ -53,8 +53,8 @@ sub parse_rdata { ## populate RR from rdata in argument list
$self->algorithm(shift);
$self->flags(shift);
$self->iterations(shift);
- my ($s) = map { /^[-]/ ? '' : $_ } @_;
- $self->salt($s) if scalar @_;
+ my $salt = shift;
+ $self->salt($salt) unless $salt eq '-';
}
@@ -165,9 +165,9 @@ integer. The value is between 0 and 65535, inclusive.
$salt = $rr->salt;
$rr->salt( $salt );
-The Salt field is represented as a sequence of hexadecimal digits.
-No whitespace is allowed within the sequence. A "-" (unquoted) is
-used in string format to indicate that the salt field is absent.
+The Salt field is represented as a contiguous sequence of hexadecimal
+digits. A "-" (unquoted) is used in string format to indicate that the
+salt field is absent.
=head2 saltbin
@@ -1,10 +1,10 @@
package Net::DNS::RR::RRSIG;
#
-# $Id: RRSIG.pm 1179 2014-03-19 21:46:58Z willem $
+# $Id: RRSIG.pm 1277 2014-10-20 07:46:37Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1179 $)[1];
+$VERSION = (qw$LastChangedRevision: 1277 $)[1];
use strict;
@@ -42,7 +42,7 @@ sub decode_rdata { ## decode rdata from wire-format octet string
my $limit = $offset + $self->{rdlength};
my @field = qw(typecovered algorithm labels orgttl sigexpiration siginception keytag);
@{$self}{@field} = unpack "\@$offset n C2 N3 n", $$data;
- ( $self->{signame}, $offset ) = decode Net::DNS::DomainName( $data, $offset + 18 );
+ ( $self->{signame}, $offset ) = decode Net::DNS::DomainName2535( $data, $offset + 18 );
$self->{sigbin} = substr $$data, $offset, $limit - $offset;
}
@@ -50,21 +50,19 @@ sub decode_rdata { ## decode rdata from wire-format octet string
sub encode_rdata { ## encode rdata as wire-format octet string
my $self = shift;
- my $signame = $self->{signame} || return '';
-
+ my $sigbin = $self->sigbin || return '';
my @field = qw(typecovered algorithm labels orgttl sigexpiration siginception keytag);
- pack 'n C2 N3 n a* a*', @{$self}{@field}, $signame->encode(0), $self->sigbin;
+ pack 'n C2 N3 n a* a*', @{$self}{@field}, $self->{signame}->encode, $sigbin;
}
sub format_rdata { ## format rdata portion of RR string.
my $self = shift;
- return '' unless exists $self->{signame};
+ my $base64 = encode_base64 $self->sigbin || return '';
my $line1 = join ' ', map $self->$_, qw(typecovered algorithm labels orgttl);
my $line2 = join ' ', map $self->$_, qw(sigexpiration siginception keytag);
my $signame = $self->{signame}->string;
- my $base64 = encode_base64 $self->sigbin;
chomp $base64;
return "$line1 (\n$line2 $signame\n$base64 )";
}
@@ -208,7 +206,7 @@ sub keytag {
sub signame {
my $self = shift;
- $self->{signame} = new Net::DNS::DomainName(shift) if scalar @_;
+ $self->{signame} = new Net::DNS::DomainName2535(shift) if scalar @_;
$self->{signame}->name if defined wantarray;
}
@@ -502,7 +500,7 @@ sub _CreateSigData {
my ( $self, $rawdata ) = @_;
# This method creates the data string that will be signed.
- # See RFC4034 section 6 on how this string is constructed
+ # See RFC4034(6) and RFC6840(5.1) on how this string is constructed
# This method is called by the method that creates a signature
# and by the method that verifies the signature. It is assumed
@@ -838,14 +836,13 @@ validates this signature.
=head2 signame
$signame = $rr->signame;
- $rr->signame( $signame );
The signer name field value identifies the owner name of the DNSKEY
RR that a validator is supposed to use to validate this signature.
=head2 signature
- $signature = $rr->signature;
+ $signature = $rr->signature;
The Signature field contains the cryptographic signature that covers
the RRSIG RDATA (excluding the Signature field) and the RRset
@@ -863,6 +860,8 @@ Binary representation of the cryptographic signature.
Create a signature over a RR set.
+ use Net::DNS::SEC;
+
$keypath = '/home/olaf/keys/Kbla.foo.+001+60114.private';
$sigrr = create Net::DNS::RR::RRSIG( \@datarrset, $keypath );
@@ -889,14 +888,14 @@ The first argument is a reference to an array that contains the RRset
that needs to be signed.
The second argument is a string which specifies the path to a file
-containing the private key as generated with dnssec-keygen, a program
-that comes with the ISC BIND distribution.
+containing the private key as generated by dnssec-keygen.
The optional remaining arguments consist of ( name => value ) pairs
as follows:
+
sigin => 20130701010101, # signature inception
sigex => 20130731010101, # signature expiration
- sigval => 1.5, # signature validity
+ sigval => 30, # signature validity
ttl => 3600 # TTL
The sigin and sigex values may be specified as Perl time values or as
@@ -904,29 +903,15 @@ a string with the format 'yyyymmddhhmmss'. The default for sigin is
the time of signing.
The sigval argument specifies the signature validity window in days
-( sigex = sigin+sigval ). Sigval wins if sigex is also specified.
+( sigex = sigin + sigval ). Sigval wins if sigex is also specified.
By default the signature is valid for 30 days.
By default the TTL matches the RRSet that is presented for signing.
-Notes:
-
-=over 4
-
-=item *
-
-Do not change the name of the file generated by dnssec-keygen, the
-create method uses the filename as generated by dnssec-keygen to
-determine the keyowner, algorithm and the keyid (keytag).
-
-=item *
-
Only RSA signatures (algorithms 1,5,7,8 and 10) and DSA signatures
(algorithms 3 and 6) have been implemented.
-=back
-
=head2 verify and vrfyerrstr
$sigrr->verify( $dataref, $keyrr ) || croak $sigrr->vrfyerrstr;
@@ -948,13 +933,27 @@ Returns 0 on error and sets $sig->vrfyerrstr
print $sigrr->vrfyerrstr unless $sigrr->verify( $rrset, $keyrr );
-=head1 Remarks
+=head1 KEY GENERATION
-The code is not optimized for speed.
-It is probably not suitable to be used for signing large zones.
+Private key files and corresponding public DNSKEY records
+are most conveniently generated using dnssec-keygen,
+a program that comes with the ISC BIND distribution.
+
+ dnssec-keygen -a 10 -b 2048 -f ksk rsa.example.
+ dnssec-keygen -a 10 -b 1024 rsa.example.com.
+
+ dnssec-keygen -a 14 -f ksk ecdsa.example.
+ dnssec-keygen -a 14 ecdsa.example.
+Do not change the name of the file generated by dnssec-keygen.
+The create method uses the filename to determine the keyowner,
+algorithm and the keyid (keytag).
-=head1 TODO
+
+=head1 REMARKS
+
+The code is not optimized for speed.
+It is probably not suitable to be used for signing large zones.
If this code is still around in 2100 (not a leapyear) you will need
to check for proper handling of times ...
@@ -1004,9 +1003,10 @@ Package template (c)2009,2012 O.M.Kolkman and R.W.Franks.
=head1 SEE ALSO
-L<perl>, L<Net::DNS>, L<Net::DNS::RR>, L<Net::DNS::SEC>, RFC4034, RFC3755,
+L<perl>, L<Net::DNS>, L<Net::DNS::RR>, L<Net::DNS::SEC>, RFC4034, RFC6840, RFC3755,
L<Crypt::OpenSSL::DSA>, L<Crypt::OpenSSL::RSA>
L<Algorithm Numbers|http://www.iana.org/assignments/dns-sec-alg-numbers>
+BIND 9 Administrator Reference Manual
=cut
@@ -14,10 +14,10 @@ sub UNITCHECK { ## restore %SIG after compilation
package Net::DNS::RR::SIG;
#
-# $Id: SIG.pm 1179 2014-03-19 21:46:58Z willem $
+# $Id: SIG.pm 1276 2014-10-19 06:02:40Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1179 $)[1];
+$VERSION = (qw$LastChangedRevision: 1276 $)[1];
use strict;
@@ -77,18 +77,17 @@ sub encode_rdata { ## encode rdata as wire-format octet string
}
my @field = qw(typecovered algorithm labels orgttl sigexpiration siginception keytag);
- pack 'n C2 N3 n a* a*', @{$self}{@field}, $signame->encode(0), $self->sigbin;
+ pack 'n C2 N3 n a* a*', @{$self}{@field}, $signame->encode, $self->sigbin;
}
sub format_rdata { ## format rdata portion of RR string.
my $self = shift;
- return '' unless exists $self->{signame};
+ my $base64 = encode_base64 $self->sigbin || return '';
my $line1 = join ' ', map $self->$_, qw(typecovered algorithm labels orgttl);
my $line2 = join ' ', map $self->$_, qw(sigexpiration siginception keytag);
my $signame = $self->{signame}->string;
- my $base64 = encode_base64 $self->sigbin;
chomp $base64;
return "$line1 (\n$line2 $signame\n$base64 )";
}
@@ -452,8 +451,8 @@ sub _CreateSigData {
my ( $self, $rawdata ) = @_;
if ( ref($rawdata) ) {
- my $packet = $rawdata if $rawdata->isa('Net::DNS::Packet');
- die 'missing packet reference' unless $packet;
+ die 'missing packet reference' unless $rawdata->isa('Net::DNS::Packet');
+ my $packet = $rawdata;
my $original = $packet->{additional};
my @unsigned = grep ref($_) ne ref($self), @$original;
@@ -463,7 +462,7 @@ sub _CreateSigData {
}
my @field = qw(typecovered algorithm labels orgttl sigexpiration siginception keytag);
- my $sigdata = pack 'n C2 N3 n a*', @{$self}{@field}, $self->{signame}->encode(0);
+ my $sigdata = pack 'n C2 N3 n a*', @{$self}{@field}, $self->{signame}->encode;
print "preamble:\t", unpack( 'H*', $sigdata ) if $debug;
print "\nSIG0 processing\nrawdata:\t", unpack( "H*", $rawdata ), "\n" if $debug;
@@ -742,12 +741,10 @@ RR that a validator is supposed to use to validate this signature.
=head2 signature
- $signature = $rr->signature;
+ $signature = $rr->signature;
The Signature field contains the cryptographic signature that covers
-the RRSIG RDATA (excluding the Signature field) and the RRset
-specified by the RRSIG owner name, RRSIG class, and RRSIG type
-covered fields.
+the SIG RDATA (excluding the Signature field) and the subject data.
=head2 sigbin
@@ -760,6 +757,8 @@ Binary representation of the cryptographic signature.
Create a signature over scalar data.
+ use Net::DNS::SEC;
+
$keypath = '/home/olaf/keys/Kbla.foo.+001+60114.private';
$sigrr = create Net::DNS::RR::SIG( $data, $keypath );
@@ -790,6 +789,7 @@ that comes with the ISC BIND distribution.
The optional remaining arguments consist of ( name => value ) pairs
as follows:
+
sigin => 20130901010101, # signature inception
sigex => 20130901011101, # signature expiration
sigval => 10, # signature validity
@@ -799,7 +799,7 @@ a string with the format 'yyyymmddhhmmss'. The default for sigin is
the time of signing.
The sigval argument specifies the signature validity window in minutes
-( sigex = sigin+sigval ). Sigval wins if sigex is also specified.
+( sigex = sigin + sigval ). Sigval wins if sigex is also specified.
By default the signature is valid for 10 minutes.
@@ -1,15 +1,15 @@
package Net::DNS::SEC::Private;
#
-# $Id: Private.pm 1181 2014-03-19 21:58:16Z willem $
+# $Id: Private.pm 1268 2014-09-29 08:09:00Z willem $
#
use vars qw($VERSION);
-$VERSION = (qw$LastChangedRevision: 1181 $)[1];
+$VERSION = (qw$LastChangedRevision: 1268 $)[1];
=head1 NAME
-Net::DNS::SEC::Private - DNS SIG Private key object
+Net::DNS::SEC::Private - DNSSEC Private key object
=head1 SYNOPSIS
@@ -36,11 +36,10 @@ use integer;
use warnings;
use Carp;
use File::Basename;
-use Math::BigInt;
use MIME::Base64;
-use Time::Local;
use Crypt::OpenSSL::Bignum;
+use Crypt::OpenSSL::Random;
use Crypt::OpenSSL::DSA;
use Crypt::OpenSSL::RSA;
@@ -76,7 +75,7 @@ sub new {
open (KEYFH, "<$key_file" ) || croak "Cannot open keyfile: $key_file";
-
+ local $_;
while (<KEYFH>) {
if (/Private-key-format: (v\d*\.\d*)/) {
if ($1 ne "v1.2" && $1 ne "v1.3") {
@@ -409,7 +408,7 @@ $private->private
Returns the private key material. This is either a Crypt::OpenSSL::RSA
or Crypt::OpenSSL::DSA object. This is really only relevant to the
-Net::DNS::RR::SIG class.
+Net::DNS::RR::RRSIG and Net::DNS::RR::SIG classes.
=head2 algorithm, keytag, signame, created, publish, activate
@@ -1,11 +1,11 @@
package Net::DNS::SEC;
#
-# $Id: SEC.pm 1248 2014-08-15 08:44:56Z willem $
+# $Id: SEC.pm 1280 2014-10-24 08:15:06Z willem $
#
use vars qw($VERSION $SVNVERSION);
-$VERSION = '0.20';
-$SVNVERSION = (qw$LastChangedRevision: 1248 $)[1];
+$VERSION = '0.21';
+$SVNVERSION = (qw$LastChangedRevision: 1280 $)[1];
=head1 NAME
@@ -146,11 +146,10 @@ THIS SOFTWARE.
=head1 SEE ALSO
-L<perl>, L<Net::DNS>,
-L<Net::DNS::RR::DLV>, L<Net::DNS::RR::DNSKEY>, L<Net::DNS::RR::DS>,
+L<perl>, L<Net::DNS>, L<Net::DNS::RR::DNSKEY>, L<Net::DNS::RR::DS>,
L<Net::DNS::RR::NSEC>, L<Net::DNS::RR::NSEC3>, L<Net::DNS::RR::NSEC3PARAM>,
-L<Net::DNS::RR::RRSIG>,
-L<Net::DNS::RR::KEY>, L<Net::DNS::RR::SIG>,
+L<Net::DNS::RR::RRSIG>, L<Net::DNS::RR::KEY>, L<Net::DNS::RR::SIG>,
+L<Net::DNS::RR::CDS>, L<Net::DNS::RR::CDNSKEY>, L<Net::DNS::RR::DLV>,
RFC4033, RFC4034, RFC4035
=cut
@@ -1,7 +1,7 @@
-# $Id: 05-NSEC3.t 1166 2014-01-22 10:49:35Z willem $ -*-perl-*-
+# $Id: 05-NSEC3.t 1268 2014-09-29 08:09:00Z willem $ -*-perl-*-
use strict;
-use Test::More tests => 25;
+use Test::More tests => 27;
use Net::DNS;
@@ -93,8 +93,13 @@ my $wire = '0101000c04aabbccdd14174eb2409fe28bcb4887a1836f957f0a8425e27b00072201
}
}
-print 'A' cmp 'B', "\n";
+{
+ my @rdata = qw(1 1 12 - 2t7b4g4vsa5smi47k61mv5bv1a22bojr A);
+ my $rr = new Net::DNS::RR(". $type @rdata");
+ is( $rr->salt, '', 'parse RR with salt field placeholder' );
+ is( $rr->rdstring, "@rdata", 'placeholder denotes empty salt field' );
+}
exit;
@@ -1,4 +1,4 @@
-# $Id: 05-RRSIG.t 1165 2014-01-20 14:06:08Z willem $ -*-perl-*-
+# $Id: 05-RRSIG.t 1271 2014-10-10 21:55:38Z willem $ -*-perl-*-
use strict;
use Test::More tests => 18;
@@ -70,8 +70,8 @@ my $wire = '0002070200000E1052346FD7520CE2D7EDED076E65742D646E73036F726700211942
my $predecessor = $rr->encode( 0, $hash );
my $compressed = $rr->encode( length $predecessor, $hash );
ok( length $compressed == length $predecessor, 'encoded RDATA not compressible' );
- isnt( $rr->encode, $lc->encode, 'encoded RDATA names not downcased' );
- isnt( $rr->canonical, $lc->encode, 'canonical RDATA names not downcased' );
+ is( $rr->encode, $lc->encode, 'encoded RDATA names downcased' );
+ is( $rr->canonical, $lc->encode, 'canonical RDATA names downcased' );
}
@@ -1,245 +0,0 @@
-# $Id: 14-misc.t 813 2009-11-27 09:10:10Z olaf $ -*-perl-*-
-#
-#
-# This is a hodgepodge of tests that are used to reproduce bugs found in
-# previous releases.
-
-
-use Test::More;
-use strict;
-
-use Net::DNS;
-
-plan tests=>4;
-my $nsec1=Net::DNS::RR->new(
- "example.com. 300 NSEC itemA.with.caps.example.com. NS SOA TXT RRSIG NSEC DNSKEY");
-
-
-my $nsec2=Net::DNS::RR->new(
- "itemA.with.caps.example.com. 300 NSEC itemb.without.caps.example.com. TXT RRSIG NSEC");
-
-
-
-
-my $sig_nsec1=Net::DNS::RR->new('example.com. 300 RRSIG NSEC 5 2 300 20301204005203 (
- 20051104005258 6227 example.com.
- gXP6L0gw0WRfjVRn1I4KnQf5Eg0qsMScYjBW
- A8lWQHUx1JOIikLbsD+NA8sl9sIkHwxTeTdJ
- 2CycDZdHoy/QI3oRG1DVqiXIBD0PhKcdxO6e
- j65l8BokA0imnxwccufJjLKBhGO9argi+R72
- TNDxDU5OVKjglSosSOtjcwI5T+bJfgM62MsU
- 1BWByNA2suCWxANhL9r+Tl9UZttdZ+cH8Xfw
- Fng2MSNaZw+snCCeE8sFqycY0DcnTub/O9bK
- NQErcKN9pK/BHGfQp4b8hHaeWF3nQbEVdA/y
- ISrgNXaJ4hQ0PhdxYbE5nO4KUPcDalPj1fW4
- VxHnQg69lIz3QcgO0Q== )
- ');
-
-
-my $sig_nsec2=Net::DNS::RR->new("itemA.with.caps.example.com. 300 RRSIG NSEC 5 5 300 20301204005203 (
- 20051104005258 6227 example.com.
- zb11rwmxrgbfzIVV0V/wlJdAvmy1qZueQ1F7
- UTtImaxbxZCrTeGmWyJE3iZAMQp2m+ybTrU0
- wIXCPCd8kG9bBQUJJTO02tnJRDsiVOxJjVkS
- XbLOAZl9ycBT/A+963hAw7MS0oH3FxreyXHw
- PXrk8VHEOU7kZFNOGHsQZutlPWbucbMX/RrP
- 8Hso3h1aZ6SphA3K4a4UMVnlpezb2T+pWqV8
- nM5Sj0x1UGIZFLMpWpF0o/dPMsdzaW4vizTk
- DySeu0BXDcWO2eIPdKTd80yHTITh8JrvJB1s
- pupGkoAN2VgNKTUZ3wE5oeAdUP7Sn7TPTLnk
- a8rvoxcqm6hqdrYsuQ== )");
-
-
-
-my $dnskey=Net::DNS::RR->new('example.com 3600 DNSKEY 256 3 5 (
- AQPaoHW/nC0fj9HuCW3hACSGiP0AkPS3dQFX
- DlEUjv1orbtx06TMmVKGK5K564OSd6UCf4ZQ
- Eu2CMPSAUFGHEZuANKYGwZh0k/HeoVNeom1L
- 3Nt4tVLiGMzrPQskzeK8sr1NKgqFmckQllMW
- d0ob8Ud6nqeQLHvXQgv1iHX3dpBIPLYbRCzu
- eqC5k09APl25PgJjjreyRXrxodvoiiaLHpdL
- 5NtM2S9eok2zmuRpYQSF1LTNfWwY9CkgL017
- Z/Zv00SbcoTM/eTXPqijGtUhh6UX1gX89ybe
- yjtfcGbmTcB+I79NykZWoddO8zyzBXzzfFwt
- sAuryjQ/HFa5r4mrbhkJ
- ) ; key id = 6227
-');
-
-
-my $sig_nsec1_ldns=Net::DNS::RR->new("
-example.com. 300 IN RRSIG NSEC RSASHA1 2 300 20380119031407 200703
-09133715 6227 example.com. aXhXGPs5tiGFM4NFmgtsj7jW4p6A/hnY2JOwfD/gK1bFTIF/wHTRh
-na7t1L3auWileX1OymoivDw+HzoRnpL+IStqv4/7P0mMHGwwuyjhpMry8FMf1p3La8IzMV8pmAYsEENb
-3izYio3Hjrvvnw2uv2IWOgf1zPmndlmV0B5gOuSJEkyDFP8Z6Zshaou+oGjmDGwMNt0e6IW7yg2r92+9
-NNJiGk3EcRnC0uzFVs/4/zlcoTjd4bnK4hQIGyPGOFiC6ATdfIZzVybrUL3tYA1enSh1lBqVh4KVuq9q
-LkqaBzpNelbwXcSnd5ohLgC/thqMfuYjHnUT1sVEt5uQRL4XA==
-");
-
-
-my $sig_nsec2_ldns=Net::DNS::RR->new("
-itema.with.caps.example.com. 300 IN RRSIG NSEC RSASHA1 5 300 20380
-119031407 20070309133715 6227 example.com. vvoRDdVtmRhnePyN9Fcm4+vUN7WR4VV6BP68o
-oHwqmYcllKB6dW1blPupRlVknxhpdGuiSt9D6AhBRFxZNKYhC0mPECHhIXD7wdM/ubMw5ebvRX25DdNy
-JmVeA1Dz2/mJDgId7reofns8AlFL0xgx5OytIQdiA8HVJqJqDOr3EQsnkhMZ575icJIuDwws7IHNDDZD
-8QmEAw4RT/+b8bq3VkAKT6XHiFXBvpfMRHw/W3xOfJgYKckZAku2wSt8caWDooneIOUQxrEG5PR+jtHq
-zVSxaZtgZ0t9ZR2BPDjgXg3F4kxDetFzqSfjg1fhs+dD9nIn6mGmvNOL71l8vauIA==
-");
-
-
-
-my $data=[$nsec1];
-ok($sig_nsec1->verify($data, $dnskey),"Data did validate") || diag $sig_nsec1->vrfyerrstr;
-
-
-my $data2=[$nsec2];
-ok($sig_nsec2->verify($data2, $dnskey),"Data validated") || diag $sig_nsec2->vrfyerrstr;
-
-#diag "PERL VERSION $]";
-#diag "TIME::Local VERSION $Time::Local::VERSION";
-SKIP:{
- skip "Time::Local seems to check on unix time use beyond 2032", 2 if $Time::Local::VERSION > 1.11;
- ok(! $sig_nsec1_ldns->verify($data, $dnskey),"Data did not validate (now generated with 'broken signer')") || diag $sig_nsec1_ldns->vrfyerrstr;
-
-
-
- $data2=[$nsec2];
- ok($sig_nsec2_ldns->verify($data2, $dnskey),"Data validated") || diag $sig_nsec2_ldns->vrfyerrstr;
-}
-
-
-
-
-my $UUencodedPacket="
-1e 71 85 00 00 01 00 00 00 04 00 05 05 69 74 65
-6d 61 04 77 69 74 68 04 63 61 70 73 07 65 78 61
-6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0 1c 00
-06 00 01 00 00 01 2c 00 2a 03 6e 73 31 c0 1c 04
-6f 6c 61 66 05 64 61 63 68 74 03 6e 65 74 00 77
-83 47 cf 00 00 01 c2 00 00 02 58 00 05 46 00 00
-00 01 2c c0 1c 00 2e 00 01 00 00 01 2c 01 1f 00
-06 05 02 00 00 0e 10 72 98 2e 33 43 6a b0 ea 18
-53 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 5c 7c
-61 27 63 19 fb 78 6e 3f 24 4b 03 09 96 fa 3a 65
-e3 5d 36 76 ed 16 1f a3 04 28 e2 e8 3c a9 6d 84
-1e f6 33 cb 66 62 17 9f 1a 69 3b d9 e9 59 dd 88
-64 14 9f 3d f9 38 43 fe 43 de 80 d9 7d 8a 50 1f
-ae 7c 17 5e 1a ce 51 eb 4a 8a f0 f4 5e a7 0c 50
-07 f3 88 ef 8b 8f 6d 6f dd 9f 25 4c dd eb fd 99
-89 09 c2 d8 69 aa d2 d3 e8 be 00 fd c4 9f 3f 92
-4f 4c 19 8e 3d 7d 1a bd 6a 38 ed c5 18 57 21 b7
-88 6c 46 4d fe 5d 2d 24 ab f2 71 30 34 a3 a5 d9
-be e4 f7 ab 62 90 35 b6 dd 9c 83 f4 93 fe 7c 7e
-2d 97 e3 5d a8 65 e6 b4 43 e0 06 ca 92 82 13 86
-a3 50 44 58 72 53 b2 7e 28 2c c2 de 8e 25 70 86
-66 77 8a d6 f6 b9 e3 d2 4d 10 ce c8 f2 cb d9 d5
-c8 10 f0 b5 ee bc d8 39 4a 82 b4 ea f7 f9 9a 05
-6e 1d a4 07 15 f9 1a 70 03 f3 7c 9d e7 6c cc 2e
-1c 16 cf bf c0 3a 37 4e c8 20 66 00 ac 59 c0 0c
-00 2f 00 01 00 00 01 2c 00 28 05 69 74 65 6d 62
-07 77 69 74 68 6f 75 74 04 63 61 70 73 07 65 78
-61 6d 70 6c 65 03 63 6f 6d 00 00 06 00 00 80 00
-00 03 c0 0c 00 2e 00 01 00 00 01 2c 01 1f 00 2f
-05 05 00 00 01 2c 72 98 2e 33 43 6a b0 ea 18 53
-07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 cd bd 75
-af 09 b1 ae 06 df cc 85 55 d1 5f f0 94 97 40 be
-6c b5 a9 9b 9e 43 51 7b 51 3b 48 99 ac 5b c5 90
-ab 4d e1 a6 5b 22 44 de 26 40 31 0a 76 9b ec 9b
-4e b5 34 c0 85 c2 3c 27 7c 90 6f 5b 05 05 09 25
-33 b4 da d9 c9 44 3b 22 54 ec 49 8d 59 12 5d b2
-ce 01 99 7d c9 c0 53 fc 0f bd eb 78 40 c3 b3 12
-d2 81 f7 17 1a de c9 71 f0 3d 7a e4 f1 51 c4 39
-4e e4 64 53 4e 18 7b 10 66 eb 65 3d 66 ee 71 b3
-17 fd 1a cf f0 7b 28 de 1d 5a 67 a4 a9 84 0d ca
-e1 ae 14 31 59 e5 a5 ec db d9 3f a9 5a a5 7c 9c
-ce 52 8f 4c 75 50 62 19 14 b3 29 5a 91 74 a3 f7
-4f 32 c7 73 69 6e 2f 8b 34 e4 0f 24 9e bb 40 57
-0d c5 8e d9 e2 0f 74 a4 dd f3 4c 87 4c 84 e1 f0
-9a ef 24 1d 6c a6 ea 46 92 80 0d d9 58 0d 29 35
-19 df 01 39 a1 e0 1d 50 fe d2 9f b4 cf 4c b9 e4
-6b ca ef a3 17 2a 9b a8 6a 76 b6 2c b9 c1 e0 00
-30 00 01 00 00 0e 10 01 06 01 01 03 05 01 03 d4
-8a cc cc 30 08 b7 e9 a8 31 fd 5f bb 4f 0f 79 97
-c3 d8 9a 85 63 1d 6b ce 2b 1c 7f d2 21 fc 64 4d
-ec 74 4a 90 9d c0 9e 26 0e c8 55 0f 8b 35 64 8f
-f6 64 ff 07 6e 9e 41 be 56 67 62 0a 17 33 45 41
-33 0d 8b ab a6 fb 28 77 9f 2b 5a cf 03 b0 3b 1d
-34 d9 51 a7 c2 96 30 9d 41 55 dd b6 79 05 c8 16
-0b cc 2b 53 35 46 80 25 48 bd 7f 9b 7a c6 6b 21
-73 18 eb 4c ab 89 1a 90 a8 d1 8e 0e 72 a8 d9 3e
-b3 61 ec 1f 0b 0e 25 63 14 4a 61 3e 91 a8 0d 32
-f2 72 6a c8 b4 66 79 9d 27 60 fe ae bc 36 23 1c
-4b bb 9a a5 1f 5c 1c de 64 d3 32 dd 68 12 09 36
-d0 a0 af d1 69 24 7b 69 d4 e0 4d ee 6d f7 bd 9c
-e7 50 e2 ed 30 b0 c6 90 f3 09 f0 0a b8 f3 e4 96
-20 4c f5 9d 31 e2 00 b4 01 97 ce e4 c6 b4 a7 e7
-61 7f 69 3b c1 f9 7c 9b cc 44 38 43 09 21 32 e8
-a3 2f 3c 36 1f ae d9 cf 47 17 5b 70 d2 76 87 c1
-e0 00 30 00 01 00 00 0e 10 01 06 01 00 03 05 01
-03 da a0 75 bf 9c 2d 1f 8f d1 ee 09 6d e1 00 24
-86 88 fd 00 90 f4 b7 75 01 57 0e 51 14 8e fd 68
-ad bb 71 d3 a4 cc 99 52 86 2b 92 b9 eb 83 92 77
-a5 02 7f 86 50 12 ed 82 30 f4 80 50 51 87 11 9b
-80 34 a6 06 c1 98 74 93 f1 de a1 53 5e a2 6d 4b
-dc db 78 b5 52 e2 18 cc eb 3d 0b 24 cd e2 bc b2
-bd 4d 2a 0a 85 99 c9 10 96 53 16 77 4a 1b f1 47
-7a 9e a7 90 2c 7b d7 42 0b f5 88 75 f7 76 90 48
-3c b6 1b 44 2c ee 7a a0 b9 93 4f 40 3e 5d b9 3e
-02 63 8e b7 b2 45 7a f1 a1 db e8 8a 26 8b 1e 97
-4b e4 db 4c d9 2f 5e a2 4d b3 9a e4 69 61 04 85
-d4 b4 cd 7d 6c 18 f4 29 20 2f 4d 7b 67 f6 6f d3
-44 9b 72 84 cc fd e4 d7 3e a8 a3 1a d5 21 87 a5
-17 d6 05 fc f7 26 de ca 3b 5f 70 66 e6 4d c0 7e
-23 bf 4d ca 46 56 a1 d7 4e f3 3c b3 05 7c f3 7c
-5c 2d b0 0b ab ca 34 3f 1c 56 b9 af 89 ab 6e 19
-09 c1 e0 00 2e 00 01 00 00 0e 10 01 1f 00 30 05
-02 00 00 0e 10 72 98 2e 33 43 6a b0 ea 18 53 07
-65 78 61 6d 70 6c 65 03 63 6f 6d 00 82 7f 52 b3
-ef 94 9b 28 76 7e cd 95 f5 3c f7 cf a7 2e a6 01
-7b c8 99 64 f7 86 91 9f 52 dc a4 9e 42 73 d0 d1
-e5 fd 83 56 c8 77 e5 17 03 72 19 c1 f8 60 09 0f
-c3 49 43 29 a7 eb 41 84 8b e9 e6 69 c1 68 94 24
-6f bd b0 58 73 45 d4 70 39 20 c1 d8 65 5e 8c 7b
-d9 61 6c 7d 02 0d 34 21 94 58 fa f2 13 a3 bb d6
-a0 e3 3e b1 fd 09 a3 73 9b ee 8b f3 4d c7 09 a8
-6d dc 7f 72 c7 8b 82 6e 3f 8b da 11 99 4d 2d 3b
-76 d6 90 23 f8 84 6c 7c 9b 77 7a 6f 8d 35 e0 f3
-37 44 77 9c ec d0 9b b5 f7 f1 13 ec b9 ab 3f d6
-b6 05 3f cc 76 0a 6f 7a ab f5 1a fe 91 05 1d a0
-9f 45 ea c3 b4 ab 0a 15 c4 c7 68 0b cc 57 a8 d1
-65 18 c9 46 3d 4d b3 d0 60 d3 79 76 48 cf 26 ba
-dc aa 0c 1d a1 60 c7 9d e8 69 c2 0f 6a 8c ff 14
-32 6b c3 bb d1 00 88 96 2f cf b8 0c b8 bb 6e e9
-38 b9 c7 fe 6b af a0 06 2e 52 f7 26 c5 2f 00 2e
-00 01 00 00 0e 10 01 1f 00 30 05 02 00 00 0e 10
-72 98 2e 33 43 6a b0 ea 9e ac 07 65 78 61 6d 70
-6c 65 03 63 6f 6d 00 40 11 fa b5 16 85 0b 01 66
-67 78 a6 ce bb 87 89 a6 a0 de 2c 3c 71 f3 f1 02
-17 6a 69 0c ec 49 d2 3b 28 6b fc e6 0b 8b 64 24
-d3 18 57 16 b9 25 d6 e3 48 3a 85 da f0 10 ed 5a
-8c 94 0d 2e 41 c3 06 ae c5 45 06 b2 b4 16 a2 f7
-0e 97 6b d5 ce dc c3 cd 09 9d 5e 68 3a 66 5f c9
-9e f5 b0 f3 ca 60 5b 55 04 e9 3d eb b0 5d 60 43
-1b ac 1e ac e5 a8 19 12 6b 18 5e f5 b0 c9 a0 48
-02 72 70 fa 57 97 ff 49 14 a5 dc 33 b2 9e 7c 14
-75 2a df e9 1d d3 67 be 52 a1 f1 69 ec 3f a6 ff
-c9 c4 dd 7b 06 ac df 41 a3 35 50 a0 50 a7 9e 90
-66 99 7f a0 ca cf 85 6a 28 f1 c1 1a 10 f7 2a 04
-a8 bd a1 47 c3 f0 0f 49 a0 a8 95 76 d9 95 50 56
-c1 66 e8 45 46 ee 2d c6 94 b2 5f b1 2c f4 3d ab
-28 2a 65 47 94 cc b2 63 ac a6 00 63 ff 51 72 5e
-fd f8 67 45 8b 44 2f 00 ed 8c f0 77 a7 99 42 77
-39 99 d1 b1 83 ef 48 00 00 29 10 00 00 00 80 00
-00 00
-";
-
-
-$UUencodedPacket =~ s/\s*//g;
-my $packetdata = pack('H*',$UUencodedPacket);
-my $packet = Net::DNS::Packet->new(\$packetdata);
-#$packet->print;
-
-
-
-
-
-
@@ -1,44 +0,0 @@
-# $Id: 16-dlv.t 778 2008-12-30 17:19:35Z olaf $ -*-perl-*-
-#
-#
-# These are test that relate to DLV RRs.
-# Mainly used during implementation of the SHA256 algorithm
-
-
-use Test::More;
-use strict;
-
-use Net::DNS;
-
-plan tests=>2;
-
-
-my $dnskeyrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DNSKEY 256 3 5 (
- AQOeiiR0GOMYkDshWoSKz9Xz
- fwJr1AYtsmx3TGkJaNXVbfi/
- 2pHm822aJ5iI9BMzNXxeYCmZ
- DRD99WYwYqUSdjMmmAphXdvx
- egXd/M5+X7OrzKBaMbCVdFLU
- Uh6DhweJBjEVv5f2wwjM9Xzc
- nOf+EPbtG9DMBmADjFDc2w/r
- ljwvFw==
- ) ; key id = 60485');
-
-my $dsrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DLV 60485 5 2 (
- D4B7D520E7BB5F0F67674A0C
- CEB1E3E0614B93C4F9E99B83
- 83F6A1E4469DA50A )');
-
-
-$dsrr->print;
-ok($dsrr->verify($dnskeyrr),"Validated the SHA256 DLV");
-
-
-my $newdsrr=create Net::DNS::RR::DLV($dnskeyrr,
- (
- digtype => "SHA256"
- )
- );
-ok($newdsrr->verify($dnskeyrr),"Validated the second SHA256 DLV");
-
-