dnssec/ns2/sign.sh

	sign.sh revision 35da39a7f16d76d29ee295c4e4a0598649dfda9c
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews#!/bin/sh
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews#
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# Copyright (C) 2000-2003  Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews#
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews# Permission to use, copy, modify, and distribute this software for any
12178c86525332bb0ab66155feb61fbf32eca6acEvan Hunt# purpose with or without fee is hereby granted, provided that the above
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews# copyright notice and this permission notice appear in all copies.
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews#
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
e13d04fda918c0c14c2247475bb99e0760d9a6a4Evan Hunt# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafsson# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
c2bc56dc65b4b103a5600565680eb5f33fa4c90bMark Andrews# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews# PERFORMANCE OF THIS SOFTWARE.
c2bc56dc65b4b103a5600565680eb5f33fa4c90bMark Andrews
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki# $Id: sign.sh,v 1.26 2006/01/04 00:37:24 marka Exp $
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold KrecickiSYSTEMTESTTOP=../..
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews. $SYSTEMTESTTOP/conf.sh
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews
0e40083fdd5445703bd30e46e5bfe7d047bced12Brian WellingtonRANDFILE=../random.data
8d0ee7a153381d98f6c1e6e9bfe6b73659433666Brian Wellington
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrewszone=example.
a27fe4c990f96bd792f2a07ca4d38c78d5b9df2cTatuya JINMEI 神明達哉infile=example.db.in
c2bc56dc65b4b103a5600565680eb5f33fa4c90bMark Andrewszonefile=example.db
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews# Have the child generate a zone key and pass it to us.
8d0ee7a153381d98f6c1e6e9bfe6b73659433666Brian Wellington
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews( cd ../ns3 && sh sign.sh )
c2bc56dc65b4b103a5600565680eb5f33fa4c90bMark Andrews
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrewsfor subdomain in secure bogus dynamic keyless
a27fe4c990f96bd792f2a07ca4d38c78d5b9df2cTatuya JINMEI 神明達哉do
a27fe4c990f96bd792f2a07ca4d38c78d5b9df2cTatuya JINMEI 神明達哉    cp ../ns3/keyset-$subdomain.example. .
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrewsdone
e99691e566c10f8901b3f66a6b6629705cf78c52Mark Andrews
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrewskeyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrewskeyname2=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
f4cbe536b11da614fe05aeaeff41e324854cda7bMark Andrews
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrewscat $infile $keyname1.key $keyname2.key >$zonefile
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson$SIGNER -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews
01b8865b1462ba219c90cf6c00f1bf0fdf780d9bBrian Wellington# Sign the privately secure file
01b8865b1462ba219c90cf6c00f1bf0fdf780d9bBrian Wellington
c40265eba0c99708887d68e67901924065ba2514Brian Wellingtonprivzone=private.secure.example.
c40265eba0c99708887d68e67901924065ba2514Brian Wellingtonprivinfile=private.secure.example.db.in
c40265eba0c99708887d68e67901924065ba2514Brian Wellingtonprivzonefile=private.secure.example.db
c40265eba0c99708887d68e67901924065ba2514Brian Wellington
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrewsprivkeyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`
9e77d51069a97a21c68184134a0c9847e95490ffMark Andrews
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafssoncat $privinfile $privkeyname.key >$privzonefile
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews$SIGNER -g -r $RANDFILE -o $privzone -l dlv $privzonefile > /dev/null
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafsson
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafsson# Sign the DLV secure zone.
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafsson
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrewsdlvzone=dlv.
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafssondlvinfile=dlv.db.in
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafssondlvzonefile=dlv.db
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntdlvkeyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
a27fe4c990f96bd792f2a07ca4d38c78d5b9df2cTatuya JINMEI 神明達哉
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Huntcat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile
a27fe4c990f96bd792f2a07ca4d38c78d5b9df2cTatuya JINMEI 神明達哉
e99691e566c10f8901b3f66a6b6629705cf78c52Mark Andrews$SIGNER -g -r $RANDFILE -o $dlvzone $dlvzonefile > /dev/null
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt