#!/usr/bin/perl # # takes a bind public key file and creates a self-signed keyset # use Getopt::Std; use Net::DNS; use File::Basename; # global variables $VERSION = "0.1"; $verbose = 0; $printds = 0; $progname = basename($0); chomp($progname); # main program getopts('dvhVf:n:'); if (defined($opt_d)) { $printds = 1; } if (defined($opt_v)) { $verbose = 1; } if (defined($opt_h)) { &usage(); } if (defined($opt_V)) { &version(); } if ($#ARGV < 0) { &usage(); } # silent some compiler warnings until i figure them out $opt_d=0; $opt_v=0; $opt_h=0; $opt_V=0; &make_keyset(@ARGV); exit(0); # print the usage and exit sub usage { print("usage: $progname [-vhV] file\n"); print("Options:\n"); print(" -d Print the DS record for each key in the keyset.\n"); print(" -v Be verbose.\n"); print(" -h Print this usage message.\n"); print(" -V Print version information.\n"); print(" file BIND public key file.\n"); exit(0); } # print version information sub version { print("$progname v$VERSION using Net::DNS v", Net::DNS->version, "\n"); exit(0); } sub make_keyset { my $file = shift(); my $directory = dirname($file); print("Processing file: $file\n"); if ($verbose) { print("Opening $file\n"); } open(FILE, $file) or die("$progname: unable to open $file.\n"); if ($verbose) { print("Reading $file\n"); } my $keyrr_txt; while (<FILE>) { if (m/^\$.*/) { if ($verbose) { print("Discarding BIND keyword in $file\n"); } next; } $keyrr_txt = $keyrr_txt . $_; } if ($verbose) { print("Creating DNSKEY RR\n"); } my $keyrr = Net::DNS::RR->new($keyrr_txt); if ($verbose) { print("Creating Keyset\n"); } my @keys = ($keyrr); use Net::DNS::Keyset; my $keyset = Net::DNS::Keyset->new(\@keys, "$directory") or die("$progname: unable to create keyset. $Net::DNS::Keyset::keyset_err.\n"); if ($verbose) { print("Verifying Keyset\n"); } $keyset->verify() or die("$progname: unable to verify keyset. $Net::DNS::Keyset::keyset_err.\n"); if ($verbose) { print("Keyset:\n"); $keyset->print(); print("Writing Keyset\n"); } $keyset->writekeyset("signed-") or die("$progname: unable to write keyset. $Net::DNS::Keyset::keyset_err.\n"); if ($printds) { if ($verbose) { print("Extracting DS RR\n"); } my @ds=$keyset->extract_ds(); foreach $ds (@ds) { $ds->print(); } } } =head1 NAME make-signed-keyset - create a self-signed keyset =head1 SYNOPSIS make-signed-keyset [-v] file =head1 DESCRIPTION make-signed-keyset is a program that creates a self-signed keyset from a BIND public key file specified on the command line. The options are as follows: =over =item -v Be verbose. -d Print the DS record for each key in the keyset. =head2 Author Contributed by Wes Griffin <wgriffin@jtan.com> =back