[master] remove default algorithm in dnssec-keygen
4594. [func] dnssec-keygen no longer uses RSASHA1 by default; the signing algorithm must be specified on the command line with the "-a" option. Signing scripts that rely on the existing default behavior will break; use "dnssec-keygen -a RSASHA1" to repair them. (The goal of this change is to make it easier to find scripts using RSASHA1 so they can be changed in the event of that algorithm being deprecated in the future.) [RT #44755]
This commit is contained in:
Evan Hunt
@@ -19,42 +19,42 @@ czone=child.parent.nil
|
||||
echo "I:generating keys"
|
||||
|
||||
# active zsk
|
||||
zsk=`$KEYGEN -q -r $RANDFILE $czone`
|
||||
zsk=`$KEYGEN -q -a rsasha1 -r $RANDFILE $czone`
|
||||
echo $zsk > zsk.key
|
||||
|
||||
# not yet published or active
|
||||
pending=`$KEYGEN -q -r $RANDFILE -P none -A none $czone`
|
||||
pending=`$KEYGEN -q -a rsasha1 -r $RANDFILE -P none -A none $czone`
|
||||
echo $pending > pending.key
|
||||
|
||||
# published but not active
|
||||
standby=`$KEYGEN -q -r $RANDFILE -A none $czone`
|
||||
standby=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A none $czone`
|
||||
echo $standby > standby.key
|
||||
|
||||
# inactive
|
||||
inact=`$KEYGEN -q -r $RANDFILE -P now-24h -A now-24h -I now $czone`
|
||||
inact=`$KEYGEN -q -a rsasha1 -r $RANDFILE -P now-24h -A now-24h -I now $czone`
|
||||
echo $inact > inact.key
|
||||
|
||||
# active ksk
|
||||
ksk=`$KEYGEN -q -r $RANDFILE -fk $czone`
|
||||
ksk=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
|
||||
echo $ksk > ksk.key
|
||||
|
||||
# published but not YET active; will be active in 15 seconds
|
||||
rolling=`$KEYGEN -q -r $RANDFILE -fk $czone`
|
||||
rolling=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
|
||||
$SETTIME -A now+15s $rolling > /dev/null
|
||||
echo $rolling > rolling.key
|
||||
|
||||
# revoked
|
||||
revoke1=`$KEYGEN -q -r $RANDFILE -fk $czone`
|
||||
revoke1=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
|
||||
echo $revoke1 > prerev.key
|
||||
revoke2=`$REVOKE $revoke1`
|
||||
echo $revoke2 | sed -e 's#\./##' -e "s/\.key.*$//" > postrev.key
|
||||
|
||||
pzsk=`$KEYGEN -q -r $RANDFILE $pzone`
|
||||
pzsk=`$KEYGEN -q -a rsasha1 -r $RANDFILE $pzone`
|
||||
echo $pzsk > parent.zsk.key
|
||||
|
||||
pksk=`$KEYGEN -q -r $RANDFILE -fk $pzone`
|
||||
pksk=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $pzone`
|
||||
echo $pksk > parent.ksk.key
|
||||
|
||||
oldstyle=`$KEYGEN -Cq -r $RANDFILE $pzone`
|
||||
oldstyle=`$KEYGEN -Cq -a rsasha1 -r $RANDFILE $pzone`
|
||||
echo $oldstyle > oldstyle.key
|
||||
|
||||
|
||||
Reference in New Issue
Block a user