Provided by: libnet-dns-sec-perl_0.16-2_all
NAME
Net::DNS::Keyset - DNSSEC Keyset object class
SYNOPSIS
use Net::DNS::Keyset;
DESCRIPTION
A keyset is a "administrative" unit used for DNSSEC maintenance. The bind dnssec-signzone tool uses it to genertate DS records. This class provides interfaces for reading keysets, creating and parsing them. Note that this class is still being developed. Attributes and methods are subject to change. new (from file) $keyset=Net::DNS::Keyset->new("keyset-example.tld"); Creator method, will read the specified keyset file and return a keyset object. Fails if not all keys in the set are self-signed. Sets $Net::DNS::Keyset::keyset_err and returns 0 on failure. new (by signing keys) $keyset=Net::DNS::Keyset->new(\@keyrr,$privatekeypath); Creates a keyset object from the keys provided through the reference to an array of Net::DNS::RR::Key objects. The method will create selfsign the whole keyset. The private keys as generated by the BIND dnssec-keygen tool are assumed to be in the current directory or, if specified, in the directory indicat by the $privatekeypath. Sets $Net::DNS::Keyset::keyset_err and returns 0 on failure. new (from keys and sig RRsets) $keyset=Net::DNS::Keyset->new(\@keyrr,\@sigrr); Creates a keyset object from the keys provided through the reference to an array of Net::DNS::RR::DNSKEY and Net::DNS::RR::RRSIG objects. Sets $Net::DNS::Keyset::keyset_err and returns 0 on failure. new (from Packet) $res = Net::DNS::Resolver->new; $res->dnssec(1); $packet = $res->query ("example.com", "DNSKEY", "IN"); $keyset=Net::DNS::Keyset->new($packet) die "Corrupted selfsignature " if ! $keyset->verify; Creates a keyset object from a Net::DNS::Packet that contains the answer to a query for the apex key records. This is the method you want to use for automatically fetching keys. Sets $Net::DNS::Keyset::keyset_err and returns 0 on failure. keys @keyrr=$keyset->keys; Returns an array of Net::DNS::RR::Key objects sigs @keyrr=$keyset->sigs; Returns an array of Net::DNS::RR::Sig objects verify die $Net::DNS::Keyset::keyset_err if $keyset->verify; If no arguments are given: - Verifies if all signatures present verify the keyset. - Verifies if there are DNSKEYs with the SEP flag set there is at least one RRSIG made using that key - Verifies that if there are no DNSKEYS with the SEP flag set there is at lease one RRSIG made with one of the keys from the keyset. If an argument is given it is should be the KEYID of one of the keys in the keyset and the method verifies if the the RRSIG with that made with that key verifies. The argument returns 0 if verification fails and sets $Net::DNS::Keyset::keyset_err. If verification succeeds an array is returne with the key-tags of the keys for which signatures verified. print $keyset->print; Prints the keyset string $keysetstring=$keyset->string; Returns a string representation of the keyset print $keyset->string; is similar to $keyset->print; extract_ds @ds=$keyset->extract_ds; foreach $ds (@ds) { $ds->print; } Extracts DS records from the keyset. Note that the keyset will be verified during extraction: All keys will need to have a valid selfsignature. writekeyset die $Net::DNS::Keyset::keyset_err if ! $keyset->writekeyset($prefix, $path); Writes the keyset to a file named "keyset-<domain>." in the current working directory or the directory defined by $path. $prefix specifies an optional prefix that will be prepended to the string "keyset-<domain>." Returns 0 on failure and sets keyset_err.
COPYRIGHT
Copyright (c) 2002 RIPE NCC. Author Olaf M. Kolkman <net-dns-sec@ripe.net> All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of the author not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.