Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen
cas at strotmann.de
Thu Mar 6 18:59:46 UTC 2014
Evan Hunt <each at isc.org> writes:
>> there could be a hard-link from a name like "tsig-keygen" to
>> "dnssec-keygen" which changes the type of key created to "-n HOST". That
>> would not require any change to the existing interface. Just an idea.
> Thanks, Carsten. I had actually had the same thought after writing my post
> last night, though I was thinking of making it a hard link to ddns-confgen
> rather than dnssec-keygen.
a link to "ddns-confgen" would work well
> (Question: is "ddns-confgen -q" an appropriate and useful format?
> I've never understood why anybody would want TSIG keys in .key/.private
> form, but there may be a use case for it that I've overlooked.)
Yes, it is most useful. I do not have a use-case for the .key/.private
form (except existing scripts that expect these formats).
More information about the bind-users