add large exponent option to the key generation code
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@87 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka
parent
08b2c4bc32
commit
3bd38f9fbc
@ -1,3 +1,9 @@
|
|||||||
|
2006-09-10 David Blacka <davidb@fury.blacka.com>
|
||||||
|
|
||||||
|
* Added the "-e" option to jdnssec-keygen, to instruct the key
|
||||||
|
generator to use the (common) large exponent in RSA key
|
||||||
|
generation.
|
||||||
|
|
||||||
2006-08-31 David Blacka <davidb@fury.blacka.com>
|
2006-08-31 David Blacka <davidb@fury.blacka.com>
|
||||||
|
|
||||||
* Modified jdnssec-signzone to set the ttls of NSEC3 records (so
|
* Modified jdnssec-signzone to set the ttls of NSEC3 records (so
|
||||||
|
|||||||
@ -54,6 +54,7 @@ public class KeyGen
|
|||||||
private Options opts;
|
private Options opts;
|
||||||
public int algorithm = 5;
|
public int algorithm = 5;
|
||||||
public int keylength = 1024;
|
public int keylength = 1024;
|
||||||
|
public boolean useLargeE = false;
|
||||||
public String outputfile = null;
|
public String outputfile = null;
|
||||||
public File keydir = null;
|
public File keydir = null;
|
||||||
public boolean zoneKey = true;
|
public boolean zoneKey = true;
|
||||||
@ -81,7 +82,8 @@ public class KeyGen
|
|||||||
"kskflag",
|
"kskflag",
|
||||||
false,
|
false,
|
||||||
"Key is a key-signing-key (sets the SEP flag).");
|
"Key is a key-signing-key (sets the SEP flag).");
|
||||||
|
opts.addOption("e", "large-exponent", false, "Use large RSA exponent");
|
||||||
|
|
||||||
// Argument options
|
// Argument options
|
||||||
OptionBuilder.hasArg();
|
OptionBuilder.hasArg();
|
||||||
OptionBuilder.withLongOpt("nametype");
|
OptionBuilder.withLongOpt("nametype");
|
||||||
@ -164,6 +166,8 @@ public class KeyGen
|
|||||||
|
|
||||||
if (cli.hasOption('k')) kskFlag = true;
|
if (cli.hasOption('k')) kskFlag = true;
|
||||||
|
|
||||||
|
if (cli.hasOption('e')) useLargeE = true;
|
||||||
|
|
||||||
outputfile = cli.getOptionValue('f');
|
outputfile = cli.getOptionValue('f');
|
||||||
|
|
||||||
if ((optstr = cli.getOptionValue('d')) != null)
|
if ((optstr = cli.getOptionValue('d')) != null)
|
||||||
@ -307,11 +311,12 @@ public class KeyGen
|
|||||||
+ ", length = " + state.keylength + ")");
|
+ ", length = " + state.keylength + ")");
|
||||||
|
|
||||||
DnsKeyPair pair = signer.generateKey(owner_name,
|
DnsKeyPair pair = signer.generateKey(owner_name,
|
||||||
state.ttl,
|
state.ttl,
|
||||||
DClass.IN,
|
DClass.IN,
|
||||||
state.algorithm,
|
state.algorithm,
|
||||||
flags,
|
flags,
|
||||||
state.keylength);
|
state.keylength,
|
||||||
|
state.useLargeE);
|
||||||
|
|
||||||
if (state.outputfile != null)
|
if (state.outputfile != null)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -29,10 +29,12 @@
|
|||||||
|
|
||||||
package com.verisignlabs.dnssec.security;
|
package com.verisignlabs.dnssec.security;
|
||||||
|
|
||||||
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
import java.security.KeyPairGenerator;
|
import java.security.KeyPairGenerator;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.Signature;
|
import java.security.Signature;
|
||||||
|
import java.security.spec.RSAKeyGenParameterSpec;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
|
|
||||||
@ -226,7 +228,7 @@ public class DnsKeyAlgorithm
|
|||||||
return (baseType(algorithm) == DSA);
|
return (baseType(algorithm) == DSA);
|
||||||
}
|
}
|
||||||
|
|
||||||
public KeyPair generateKeyPair(int algorithm, int keysize)
|
public KeyPair generateKeyPair(int algorithm, int keysize, boolean useLargeExp)
|
||||||
throws NoSuchAlgorithmException
|
throws NoSuchAlgorithmException
|
||||||
{
|
{
|
||||||
KeyPair pair = null;
|
KeyPair pair = null;
|
||||||
@ -237,7 +239,27 @@ public class DnsKeyAlgorithm
|
|||||||
{
|
{
|
||||||
mRSAKeyGenerator = KeyPairGenerator.getInstance("RSA");
|
mRSAKeyGenerator = KeyPairGenerator.getInstance("RSA");
|
||||||
}
|
}
|
||||||
mRSAKeyGenerator.initialize(keysize);
|
|
||||||
|
RSAKeyGenParameterSpec rsa_spec;
|
||||||
|
if (useLargeExp)
|
||||||
|
{
|
||||||
|
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
|
||||||
|
}
|
||||||
|
try
|
||||||
|
{
|
||||||
|
mRSAKeyGenerator.initialize(rsa_spec);
|
||||||
|
}
|
||||||
|
catch (InvalidAlgorithmParameterException e)
|
||||||
|
{
|
||||||
|
// Fold the InvalidAlgorithmParameterException into our existing
|
||||||
|
// thrown exception. Ugly, but requires less code change.
|
||||||
|
throw new NoSuchAlgorithmException("invalid key parameter spec");
|
||||||
|
}
|
||||||
|
|
||||||
pair = mRSAKeyGenerator.generateKeyPair();
|
pair = mRSAKeyGenerator.generateKeyPair();
|
||||||
break;
|
break;
|
||||||
case DSA :
|
case DSA :
|
||||||
@ -255,6 +277,12 @@ public class DnsKeyAlgorithm
|
|||||||
return pair;
|
return pair;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public KeyPair generateKeyPair(int algorithm, int keysize)
|
||||||
|
throws NoSuchAlgorithmException
|
||||||
|
{
|
||||||
|
return generateKeyPair(algorithm, keysize, false);
|
||||||
|
}
|
||||||
|
|
||||||
public static DnsKeyAlgorithm getInstance()
|
public static DnsKeyAlgorithm getInstance()
|
||||||
{
|
{
|
||||||
if (mInstance == null) mInstance = new DnsKeyAlgorithm();
|
if (mInstance == null) mInstance = new DnsKeyAlgorithm();
|
||||||
|
|||||||
@ -63,16 +63,18 @@ public class JCEDnsSecSigner
|
|||||||
* @param algorithm the DNSSEC algorithm (RSAMD5, RSASHA1, or DSA).
|
* @param algorithm the DNSSEC algorithm (RSAMD5, RSASHA1, or DSA).
|
||||||
* @param flags any flags for the KEY RR.
|
* @param flags any flags for the KEY RR.
|
||||||
* @param keysize the size of the key to generate.
|
* @param keysize the size of the key to generate.
|
||||||
|
* @param useLargeExponent if generating an RSA key, use the large exponent.
|
||||||
* @return a DnsKeyPair with the public and private keys populated.
|
* @return a DnsKeyPair with the public and private keys populated.
|
||||||
*/
|
*/
|
||||||
public DnsKeyPair generateKey(Name owner, long ttl, int dclass,
|
public DnsKeyPair generateKey(Name owner, long ttl, int dclass,
|
||||||
int algorithm, int flags, int keysize) throws NoSuchAlgorithmException
|
int algorithm, int flags, int keysize, boolean useLargeExponent)
|
||||||
|
throws NoSuchAlgorithmException
|
||||||
{
|
{
|
||||||
DnsKeyAlgorithm algorithms = DnsKeyAlgorithm.getInstance();
|
DnsKeyAlgorithm algorithms = DnsKeyAlgorithm.getInstance();
|
||||||
|
|
||||||
if (ttl < 0) ttl = 86400; // set to a reasonable default.
|
if (ttl < 0) ttl = 86400; // set to a reasonable default.
|
||||||
|
|
||||||
KeyPair pair = algorithms.generateKeyPair(algorithm, keysize);
|
KeyPair pair = algorithms.generateKeyPair(algorithm, keysize, useLargeExponent);
|
||||||
|
|
||||||
if (mKeyConverter == null)
|
if (mKeyConverter == null)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user