mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-10 17:41:50 -04:00
2393be779c
The -C option, introduced in BIND 9.7, caused a backward-compatible key to be generated, using private key format version 1.2, omitting the creation date and other timing metadata. This made it possible to generate keys that could be loaded by older versions of BIND. Those older versions having reached end of life many years ago, the option can now be removed, along with the "dnssec-settime -f" option, which caused old-style keys to be upgraded.
56 lines
1.5 KiB
Bash
56 lines
1.5 KiB
Bash
#!/bin/sh -e
|
|
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
. ../conf.sh
|
|
|
|
pzone=parent.nil
|
|
czone=child.parent.nil
|
|
|
|
echo_i "generating keys"
|
|
|
|
# active zsk
|
|
zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $czone)
|
|
echo $zsk >zsk.key
|
|
|
|
# not yet published or active
|
|
pending=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -P none -A none $czone)
|
|
echo $pending >pending.key
|
|
|
|
# published but not active
|
|
standby=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A none $czone)
|
|
echo $standby >standby.key
|
|
|
|
# inactive
|
|
inact=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -P now-24h -A now-24h -I now $czone)
|
|
echo $inact >inact.key
|
|
|
|
# active ksk
|
|
ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone)
|
|
echo $ksk >ksk.key
|
|
|
|
# published but not YET active; will be active in 15 seconds
|
|
rolling=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone)
|
|
$SETTIME -A now+15s $rolling >/dev/null
|
|
echo $rolling >rolling.key
|
|
|
|
# revoked
|
|
revoke1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone)
|
|
echo $revoke1 >prerev.key
|
|
revoke2=$($REVOKE $revoke1)
|
|
echo $revoke2 | sed -e 's#\./##' -e "s/\.key.*$//" >postrev.key
|
|
|
|
pzsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $pzone)
|
|
echo $pzsk >parent.zsk.key
|
|
|
|
pksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $pzone)
|
|
echo $pksk >parent.ksk.key
|