On Tue, Nov 13, 2018 at 12:48:04PM +0600, Hasibuzzaman Gazi wrote: > hello there, > i am a student and currently working on a class project where i am using > DNSSEC to secure the DNS records. i want to use RSASHA3 encryption method. > i have haveged installed and latest bind package, the problem is i dont > know what is the code to use to implement the cryptography method. is there > anyone who can help me in this regard? my zone name is "example.com" > > thanks in advance, hopefully waiting for your reply very soon. please i > need help with this.
There is a draft and BIND 9 implementation of SHA-3 in DNSSEC: https://tools.ietf.org/html/draft-muks-dnsop-dnssec-sha3-01 https://github.com/muks/bind9/tree/sha3 There is also an ldns branch here: https://github.com/tjeb/ldns/tree/sha3_and_pss including introduction of RSASSA-PSS (instead of PKCS1 v1.5). Although RSA is a workhorse algorithm that has been largely reliable, the focus in DNS working groups going forward is to use ECC with smaller key and signature sizes. I suggest that you attempt to implement SHA-3 with ECDSA and EDDSA, and for DS records (however, even this is implemented in the trees above; I don't know if it would be the best exercise for a class project, but you could reimplement it independently). Mukund _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
