Provided by: libnet-dns-sec-perl_0.16-2_all bug

NAME

       Net::DNS::SEC::Private - DNS SIG Private key object

SYNOPSIS

       use Net::DNS::SEC::Private; my $private=Net::DNS::SEC::Private->new($keypath);

DESCRIPTION

       Class containing a the private key as read from a dnssec-keygen generate zonefile. The
       class is written to be used only in the context of the Net::DNS::RR::SIG create method.
       This class is not designed to interact with any other system.

METHODS

   new
       $private->new("/home/foo/ Kexample.com.+001+11567.private")

       Creator method. The argument is the full path to a private key generated by the BIND
       dnssec-keygen tool. Note that the filename contains information about the algorithm and
       keyid.

   private
       $private->private

       Returns the private key material. This is either a Crypt::OpenSSL::RSA or
       Crypt::OpenSSL::DSA object. This is really only relevant to the Net::DNS::RR::SIG class.

   algorithm, keytag, signame
        $private->algorithm
        $private->keytag
        $private->signame

       Returns components as determined from the filename and needed by Net::DNS::RR::RRSIG.

RSASHA1 specific helper functions

       These functions may be usefull to read and transfer BIND private keys to and from X509
       format.

   new_rsa_private
       Constructor method.

        my $private=Net::DNS::SEC::Private->new_rsa_private($keyblob,$domain,$flag);

       Creates a Net::DNS::SEC::Private object from the supplied string.  For the object to be
       useful you will have to provide the "domain" name for which this key is to be used as the
       second argument and the flag (either 256 or 257 for a non SEP and a SEP key respectivly).

       The string should include the -----BEGIN...----- and -----END...----- lines.  The padding
       is set to PKCS1_OAEP, but can be changed with the use_xxx_padding methods

       It is the same

   dump_rsa_priv
         my $bind_keyfilecontent=$private->dump_rsa_priv

       Returns the content of a BIND private keyfile (Private-key-format: v1.2).

       An empty string will be returned if not all parameters are available (please supply the
       author with example code if this ever happens).

   dump_rsa_pub
           my $bind_keyfilecontent=$private->dump_rsa_pub

       Returns the publick key part of the DNSKEY RR.

       Returns an empty string on failure.

   dump_rsa_keytag
           my $flags=257;   # SEP key.
           my $keytag=$private->dump_rsa_keytag($flags);

       This function will calculate the keyt with the value of the DNSKEY flags as input.

       The flags field may be needed in case it was not specified when the key was created. If
       the object allready knows it's flags vallue the input is ignored.

       returns undefined on failure

   dump_rsa_private_der
           my $keyblob=$private->dump_rsa_privat_der

       Return the DER-encoded PKCS1 representation of the private key. (Same format that can be
       read with the read_rsa_private method.)

   generate_rsa
           my $keypair=Net::DNS::SEC::Private->generate_rsa("example.com",$flag,1024,$random);
       prin $newkey->dump_rsa_priv;
       print $newkey->dump_rsa_pub();

       Uses Crypt::OpenSSL::RSA generate_key to create a keypair.

       First argument is the name of the key, the second argument is the flag field (take a value
       of 257 for Keysigning keys and a value of 256 for zone signing keys). The 3rd argument is
       the keysize.

       If the 4th argument is defined it is passed to the Crypt::OpenSSL::Random::random_seed
       method (see Crypt::OpenSSL::RSA for details), not needed with a proper /dev/random.

Example

       This is a code sniplet from the test script. First a new keypair is generated.  An
       Net::DNS::RR object is created by constructing the resource record string - using the
       dump_rsa_pub() method.

       Then a self signature over the public key is created and verified.

           my $newkey=Net::DNS::SEC::Private->generate_rsa("example.com",257,1024);
           my $tstpubkeyrr= Net::DNS::RR->new ($newkey->signame .
                                           "  IN DNSKEY 257 3 5 ".
                                           $newkey->dump_rsa_pub());
           # flags not needed as argument for dump_rsa_keytag
           $ since they where set by generate_rsa

           is($tstpubkeyrr->keytag,$newkey->dump_rsa_keytag(),
                       "Consistent keytag calculation");

           my $sigrr= create Net::DNS::RR::RRSIG([$tstpubkeyrr],$newkey);
           is ($sigrr->keytag,$tstpubkeyrr->keytag,
                   "Consisted keytag in the created signature");;

           ok($sigrr->verify([$tstpubkeyrr],$tstpubkeyrr),
                    "Self verification consistent.");

COPYRIGHT

       Copyright (c) 2002-2005 RIPE NCC.  Author Olaf M. Kolkman <olaf@net-dns.org>

       All Rights Reserved

       Permission to use, copy, modify, and distribute this software and its documentation for
       any purpose and without fee is hereby granted, provided that the above copyright notice
       appear in all copies and that both that copyright notice and this permission notice appear
       in supporting documentation, and that the name of the author not be used in advertising or
       publicity pertaining to distribution of the software without specific, written prior
       permission.

       THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED
       WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY
       SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
       OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
       ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

       This code uses Crypt::OpenSSL which uses the openssl library

SEE ALSO

       http://www.net-dns.org/ <http://www.net-dns.org/>

       perl(1), Net::DNS, Net::DNS::RR::SIG, Crypt::OpenSSL::RSA,Crypt::OpenSSL::DSA, RFC 2435
       Section 4, RFC 2931.