On Tue, Apr 04, 2006 at 05:57:07PM -0400, David Shaw wrote:
> On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote:
> > Also, is there a tool that produces a snippet which is ready for
> > inclusion into a zone file anywhere? Something similar to ssh-keygen
> > for SSHFP RRs:
> > [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g
> > galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2
> > [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key
> > galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2
>
> Good idea. I just checked one in to the GnuPG SVN.
I've played with it to make it generate output for tinydns (djbdns).
Maybe somebody has use for it, so here is the patch.
One note: You need to run axfrdns to get key-records working.
Daniel
--- make-dns-cert.c.orig 2006-05-05 22:43:19.000000000 +0200
+++ make-dns-cert.c 2006-05-05 22:50:25.000000000 +0200
@@ -32,6 +32,8 @@
#include <sys/stat.h>
#include <fcntl.h>
+int djbdns = 0;
+
/* We use TYPE37 instead of CERT since not all nameservers can handle
CERT yet... */
@@ -66,7 +68,10 @@
fprintf(stderr,"Warning: key file %s is larger than the default"
" GnuPG max-cert-size\n",keyfile);
- printf("%s\tTYPE37\t\\# %u 0003 0000 00 ",
+ if(djbdns)
+ printf(":%s:37:\\000\\003\\000\\000\\000",name);
+ else
+ printf("%s\tTYPE37\t\\# %u 0003 0000 00 ",
name,(unsigned int)statbuf.st_size+5);
err=1;
@@ -83,7 +88,10 @@
}
for(i=0;i<err;i++)
- printf("%02X",buffer[i]);
+ if(djbdns)
+ printf("\\%03o",buffer[i]);
+ else
+ printf("%02X",buffer[i]);
}
printf("\n");
@@ -100,6 +108,7 @@
url_key(const char *name,const char *fpr,const char *url)
{
int len=6,fprlen=0;
+ char fprtmp[3] = "\0\0";
if(fpr)
{
@@ -142,17 +151,37 @@
return 1;
}
- printf("%s\tTYPE37\t\\# %d 0006 0000 00 %02X",name,len,fprlen);
+ if(djbdns)
+ printf(":%s:37:\\000\\006\\000\\000\\000\\%03o",name,fprlen);
+ else
+ printf("%s\tTYPE37\t\\# %d 0006 0000 00 %02X",name,len,fprlen);
- if(fpr)
- printf(" %s",fpr);
+ if(fpr) {
+ if(djbdns) {
+ while(*fpr) {
+ if(*fpr != ' ') {
+ strncpy(fprtmp,fpr,2);
+ printf("\\%03lo",strtol(fprtmp,(char **)NULL,16));
+ fpr+=2;
+ } else {
+ fpr++;
+ }
+ }
+ } else {
+ printf(" %s",fpr);
+ }
+ }
if(url)
{
const char *c;
- printf(" ");
+ if(!djbdns)
+ printf(" ");
for(c=url;*c;c++)
- printf("%02X",*c);
+ if(djbdns)
+ printf("\\%03o",*c);
+ else
+ printf("%02X",*c);
}
printf("\n");
@@ -168,13 +197,14 @@
fprintf(stream,"\t-u\tURL\n");
fprintf(stream,"\t-k\tkey file\n");
fprintf(stream,"\t-n\tDNS name\n");
+ fprintf(stream,"\t-d\tGenerate output for djbdns (instead of bind)\n");
}
int
main(int argc,char *argv[])
{
int arg,err=1;
- char *fpr=NULL,*url=NULL,*keyfile=NULL,*name=NULL;
+ char *fpr=NULL,*url=NULL,*keyfile=NULL,*name=NULL,*nametmp;
if(argc==1)
{
@@ -192,7 +222,7 @@
return 0;
}
- while((arg=getopt(argc,argv,"hf:u:k:n:"))!=-1)
+ while((arg=getopt(argc,argv,"hf:u:k:n:d"))!=-1)
switch(arg)
{
default:
@@ -215,6 +245,9 @@
case 'n':
name=optarg;
break;
+ case 'd':
+ djbdns=1;
+ break;
}
if(!name)
@@ -230,6 +263,14 @@
return 1;
}
+ if(djbdns) {
+ nametmp=name;
+ while(*nametmp && *nametmp != '@')
+ nametmp++;
+ if(*nametmp == '@')
+ *nametmp = '.';
+ }
+
if(keyfile)
err=cert_key(name,keyfile);
else
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
