sign.sh revision ba751492fcc4f161a18b983d4f018a1a52938cb9
77b1d950a6d949246884fa6738597491f7df2cdbTinderbox User# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# Permission to use, copy, modify, and/or distribute this software for any
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# purpose with or without fee is hereby granted, provided that the above
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# copyright notice and this permission notice appear in all copies.
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews# PERFORMANCE OF THIS SOFTWARE.
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrews# $Id: sign.sh,v 1.8 2012/02/23 06:53:15 marka Exp $
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Huntkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Huntkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Hunt$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Hunt# signatures are expired and should be regenerated on startup
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Huntkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Huntkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Hunt$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
d1e22676de16e6dee54c58b27cca11c5fb8f1ff5Mark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburnkeyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburnkeyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburn$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Huntfor s in a c d h k l m q z
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Huntfor s in b f i o p t v
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrewsfor alg in ECDSAP256SHA256 NSEC3RSASHA1 DSA ECCGOST
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt $KEYGEN -q -r ../$RANDFILE -a eccgost test > /dev/null 2>&1 || fail=1
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt $KEYGEN -q -r ../$RANDFILE -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt test $alg = DSA -a ! -r /dev/random -a ! -r /dev/urandom && continue
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt k1=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone`
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt k2=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt k3=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt k4=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt keyname=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt keyname=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone`
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt # Convert k1 and k2 in to External Keys.
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt $IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1