Missing algorithms?

Roy Arends roy at nlnetlabs.nl
Tue Mar 14 11:04:38 UTC 2000

On 8 Mar 2000, Jocelyn wrote:

> I want to create a key using the DSA algorithm, but only HMAC-MD5
> seems to be available.  I have the lastest package ( bind-8.2.2p5
> bind-utils-8.2.2p5 ) and i follow instruction in the Cricket Liu
> dnssec pdf.

Be sure that you have one of the following crypto libraries: DNSSAFE (the
default), RSAREF or BSAFE. When you compile DNSKEYGEN, make sure that it
knows where to find one of these libraries. Without one of those,
DNSKEYGEN can only create HMAC-MD5 key's.

> How can i encrypt with DSA ?

That's not possible, DSS/DSA is used for signing, not for encrypting. If
you want to use the keys created with dnskeygen to sign, use dnssigner.



roy at nlnetlabs.nl                NLnetLabs
tel +31208884551                Kruislaan 419
|\ ||   _  _|_  |   _ |_  _     1098 VA  Amsterdam
| \||__| )(-|_  |__(_||_)_)     The Netherlands

More information about the bind-users mailing list