2c978017b3
After commit f4eb3ba4, that is part of removing 'auto-dnssec', the
inline system test started to fail in FIPS CI jobs. This is because
the 'nsec3-loop' zone started to use a RSASHA256 key size of 1024 and
this is not FIPS compliant.
This commit changes the key size from 1024 to 4096, in order to
become FIPS compliant again.
25 lines
830 B
Bash
Executable File
25 lines
830 B
Bash
Executable File
#!/bin/sh -e
|
|
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
. ../../conf.sh
|
|
|
|
# NOTE: The number of signing keys generated below is not coincidental. More
|
|
# details can be found in the comment inside ns7/named.conf.
|
|
|
|
zone=nsec3-loop
|
|
rm -f K${zone}.+*+*.key
|
|
rm -f K${zone}.+*+*.private
|
|
keyname=$($KEYGEN -q -a RSASHA256 -b 4096 -n zone $zone)
|
|
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
|
|
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone -f KSK $zone)
|