Not in awk but maybe helpful... https://www.co.tt/ds4dn.cgi
which uses BIND dnssec-dsfromkey command.
Or my C code (no guarantees ;-)
#include <stdio.h>
#include <stdint.h>
#include <string.h>
static uint16_t keytag(uint8_t *key,int klen)
{
uint32_t a;
int i;
for(a=0,i=0;i<klen;++i) a += (i&1)?key[i]:(key[i]<< 8);
a += (a>>16)&0xFFFF;
return a&0xFFFF;
}
static char
base64[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
;
static int base64decode(char *in,uint8_t *out)
{
int i,n,len;
char *c,p[4],*q;
len = 0;
n = strlen(in);
q = in;
while(n > 0) {
int k;
for(i=0;i<4;i++) {
if((c=strchr(base64,*q)) == NULL) return -1;
p[i] = c - base64;
q++;
}
k = (p[2] == 64)?1:(p[3] == 64)?2:3;
if(k != 3) {
if(p[2] == 64) p[2] = 0;
if(p[3] == 64) p[3] = 0;
}
*out++ = (p[0]<<2)|(p[1]>>4);
*out++ = (p[1]<<4)|(p[2]>>2);
*out++ = (p[2]<<6)|(p[3]);
n -= 4;
len += k;
}
return len;
}
int main(int argc,char *argv[])
{
uint8_t *q,*q0,buf[512];
int n,i;
if(argc < 5) { printf("Usage: %s type proto alg dnskey...\n e.g., output
of \"dig +short -t dnskey domain\"\n",argv[0]);
return -1; }
// create a DNSKEY record and compute Key Tag
q0 = q = buf;
*(uint16_t *)q = htons(atoi(argv[1])); q += 2; // type = KSK
*(uint8_t *)q++ = atoi(argv[2]); // protocol
*(uint8_t *)q++ = atoi(argv[3]); // algorithm
for(i=4;i<argc;i++) { n = base64decode(argv[i],q); q += n; }
printf("keytag:%05u\n",keytag(q0,(int)(q-q0)));
return 0;
}
-----Original Message-----
From: dns-operations [mailto:dns-operations-boun...@dns-oarc.net] On Behalf
Of Frank
Sent: Thursday, April 16, 2015 9:27 AM
To: Zuleger, Holger, Vodafone DE
Cc: dns-operati...@dns-oarc.net
Subject: Re: [dns-operations] calculating DNSSEC keytags in sed (was: RE:
calculating DNSSEC keytags in awk)
I do not want to read it. I want to calculate it.
In order to save it in my zone file.
Am Donnerstag, den 16.04.2015, 12:59 +0000 schrieb Zuleger, Holger, Vodafone
DE:
> > RE: calculating DNSSEC keytags in awk)
> >
> > > $ dig +noall +answer +multi DNSKEY $zone |
> > > > sed -n '/KSK/s/^.*= //p'
> > > if you only want to see the key id of the KSK.
> >
> > If it *has* a KSK; try co.uk. ;-)
> Of course, but if you use dnssec-dsfromkey, you also have to add
> option -A to get some output.
>
> Holger
>
> _______________________________________________
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
