| Internet Engineering Task Force | J. Jansen |
| Internet-Draft | SIDN |
| Intended status: Experimental | M. Sivaraman |
| Expires: October 12, 2017 | Internet Systems Consortium |
| April 10, 2017 |
Use of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC
draft-muks-dnsop-dnssec-sha3-01
This document specifies the use of SHA-3 (Keccak) hash functions in DNSSEC. It also specifies the use of the RSASSA-PSS signature scheme for RSA keys.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 12, 2017.
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The Domain Name System (DNS) is the global, hierarchical distributed database for Internet Naming. The DNS has been extended to use cryptographic keys and digital signatures for the verification of the authenticity and integrity of its data. [RFC4033], [RFC4034], and [RFC4035] describe these DNS Security Extensions, called DNSSEC.
[RFC4033] described how to store DNSKEY and RRSIG resource records, and specified a list of cryptographic algorithms to use. It was updated by [RFC5702] to add the SHA-2 family of hash algorithms using the RSASSA-PKCS1-v1_5 signature scheme [RFC3447].
PKCS #1 v2.1 [RFC3447] introduced RSASSA-PSS which is a much better signature scheme than RSASSA-PKCS1-v1_5. The main advantage of RSASSA-PSS over RSASSA-PKCS1-v1_5 is that analysis can relate its security to that of the RSA problem (Section 8.1 of [RFC8017]), whereas the connection of RSASSA-PKCS1-v1_5 to the RSA problem has not been proved. With RSASSA-PSS, an attacker also does not know in advance what the encoded message EM will be due to the use of random salt that makes fault analysis attacks more difficult to mount. Although no attacks are known against RSASSA-PKCS1-v1_5, in the interest of increased robustness, RSASSA-PSS is REQUIRED in new applications (Section 8 of [RFC8017]).
SHA-3 is a family of hash functions based on the cryptographic primitive family Keccak. [FIPS.202.2015] states: "The four SHA-3 hash functions in this Standard supplement the hash functions that are specified in [FIPS.180-4.2015]: SHA-1 and the SHA-2 family. Together, both Standards provide resilience against future advances in hash function analysis, because they rely on fundamentally different design principles." Now that SHA-1's security is known to be weakened and the SHA-2 hash algorithms are currently the last line of defence for use with RSA in DNSKEYs, and in DS records, it is sensible to introduce the SHA-3 hash function family to DNSSEC now to prepare for any eventuality. The SHA-3 hash function family uses a sponge construction algorithm that is different from the SHA-2 hash function family which uses a Merkle-Damgaerd construction, so the possibility that an attack on SHA-2 will affect SHA-3 or vice versa is unlikely.
This document extends the list of DNSKEY algorithms with the RSASSA-PSS signature scheme [RFC8017] using the SHA-2 and SHA-3 family of hash functions. It also adds DNSKEY algorithms for ECDSA using the SHA-3 family of hash functions.
[RFC3658] first described the use of DS resource records. It was updated by [RFC4509] and [RFC6605] to add SHA-256 and SHA-384 digest types respectively. This document extends that list with the SHA-3 algorithms SHA3-256 and SHA3-384.
Familiarity with DNSSEC, RSA, ECDSA, and the SHA-2 [FIPS.180-4.2015] and SHA-3 [FIPS.202.2015] hash function families is assumed in this document.
To refer to SHA2-256 and SHA2-512, this document will use the name SHA-2. Similarly, to refer to SHA3-256, SHA3-384, and SHA3-512, this document will use the name SHA-3. This is done to improve readability. When a part of text is specific for a particular SHA-2 or SHA-3 hash function, their specific names are used. The same goes for RSA/SHA3-256 and RSA/SHA3-512 which will be grouped using the name RSA/SHA-2, and RSA/SHA3-256, RSA/SHA3-384, and RSA/SHA3-512, which will be grouped using the name RSA/SHA-3.
The SHA2-224, SHA2-384, and SHA3-224 algorithms are not used in RSASSA-PSS DNSKEYs and RRSIGs. The SHA3-512 algorithm is not used in ECDSA with SHA-3. The SHA3-224 and SHA3-512 algorithms are not used as DS digest types.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
An experimental BIND implementation of this draft can be found in the "sha3" branch in the git repository at: https://github.com/muks/bind9
There is also an experimental implementation based on the ldns library, which can be found in the "sha3_and_pss" branch in the git repository at https://github.com/tjeb/ldns.
These can be used to check for interoperability by other DNSSEC implementations.
The format of the DNSKEY RR can be found in [RFC4034]. [RFC3110] and [RFC5702] describe the use of RSASSA-PKCS1-v1_5 signature scheme with SHA-1 and SHA-2 hash functions for DNSSEC signatures respectively. [RFC6605] describes the use of ECDSA with SHA-2 in DNSSEC.
RSA public keys for use with RSASSA-PSS signature scheme using SHA-2 and SHA-3 hash functions are stored in DNSKEY resource records (RRs) with the algorithm numbers as specified in Section 9.
The key size of RSA/SHA2-256 and RSA/SHA3-256 keys MUST NOT be less than 1024 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 256-bit value, the RSA modulus be at least 522 bits long.
The key size of RSA/SHA3-384 keys MUST NOT be less than 1024 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 384-bit value, the RSA modulus be at least 778 bits long.
The key size of RSA/SHA2-512 and RSA/SHA3-512 keys MUST NOT be less than 1280 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 512-bit value, the RSA modulus be at least 1034 bits long.
P-256 and P-384 ECDSA public keys for use with SHA3-256 and SHA3-384 hash functions are stored in DNSKEY resource records (RRs) with the algorithm numbers as specified in Section 9.
The generation of P-256 and P-384 ECDSA keys follows the same method as for [RFC6605].
For signature calculation, this section uses the specifications of RSASSA-PSS in PKCS #1 v2.2 (Section 8.1 of [RFC8017]) incorporating EMSA-PSS encoding (Section 9.1 of [RFC8017]).
The values for the RRSIG RDATA fields that precede the signature data are specified in [RFC4034]. The value of the signature field in the RRSIG RDATA follows the RSASSA-PSS signature scheme and is calculated as described in Section 8.1.1 of [RFC8017]. The message M used in signature calculation is the argument to the sign() function as specified in Section 3.1.8.1 of [RFC4034].
Within EMSA-PSS-ENCODE, the hash function "Hash" used is one among SHA2-256, SHA2-512, SHA3-256, SHA3-384, and SHA3-512 for RSA/SHA2-256, RSA/SHA2-512, RSA/SHA3-256, RSA/SHA3-384, and RSA/SHA3-512 respectively.
The mask generation function is MGF1 (Section B.2.1. of [RFC8017]) and the hash function used within the mask generation function is also "Hash".
The length of salt in octets MUST be equal to the length of the output of the hash function "Hash" in octets. The value of salt SHOULD be random per signature computation. A random salt value enhances the security of the scheme by affording a "tighter" security proof. However, the randomness is not critical to security. See Section 8.1 of [RFC8017] for the tradeoffs in security due to a non-random salt.
These RSASSA-PSS signatures are stored in the DNS using RRSIG resource records (RRs) with algorithm number as specified in Section 9.
P-256 and P-384 ECDSA signatures using SHA3-256 and SHA3-384 hash functions are stored in the DNS using RRSIG resource records (RRs) with algorithm number as specified in Section 9.
The generation of P-256 and P-384 ECDSA/SHA-3 signatures follows the same method as for [RFC6605], except the collision-resistant hash function "H" (see Section 10.4 of [RFC6090]) for P-256 and P-384 ECDSA/SHA-3 signatures are SHA3-256 and SHA3-384 respectively.
The format of the DS RR can be found in [RFC4034]. [RFC3658], [RFC4509], and [RFC6605] describe the use of SHA-1, SHA-256, and SHA-384 for the DS digest type respectively.
The implementation of SHA3-256 in DS RRs follows the implementation of SHA-256 as specified in [RFC4509] except that the underlying algorithm is SHA3-256, the digest value is 32 bytes long, and the digest type code is specified in Section 9.
The implementation of SHA3-384 in DS RRs follows the implementation of SHA-256 as specified in [RFC4509] except that the underlying algorithm is SHA3-384, the digest value is 48 bytes long, and the digest type code is specified in Section 9.
Apart from the restrictions in Section 2, this document will not specify what size of keys to use. That is an operational issue and depends largely on the environment and intended use. A good starting point for more information would be [NIST800-57].
In this family of signing algorithms, the size of signatures is related to the size of the key and not to the hashing algorithm used in the signing process. Therefore, RRSIG resource records produced with RSA/SHA2-256, RSA/SHA2-512, RSA/SHA3-256, RSA/SHA3-384, or RSA/SHA3-512 will have the same size as those produced with RSA/SHA-1 and RSA/SHA-2 hash algorithms, if the keys have the same length.
DS RDATA with digest type SHA3-256 has the same size as DS RDATA with digest type SHA-256 (32 bytes). DS RDATA with digest type SHA3-384 has the same size as DS RDATA with digest type SHA-384 (48 bytes). Corresponding to these existing digest types, it should be possible to understand the impact of the size of DS RDATA when using the new SHA-3 digest types.
DNSSEC-aware implementations SHOULD be able to support RRSIG and DNSKEY resource records created with the RSA/SHA-2, RSA/SHA-3, and ECDSA/SHA-3 algorithms defined in this document.
DNSSEC-aware implementations SHOULD be able to support DS resource records created with the SHA3-256 and SHA3-384 algorithms defined in this document.
[RFC5155] defines new algorithm identifiers for existing signing algorithms, to indicate that zones signed with these algorithm identifiers can use NSEC3 as well as NSEC records to provide denial of existence. That mechanism was chosen to protect implementations predating [RFC5155] from encountering resource records about which they could not know. This document does not define such algorithm aliases.
A DNSSEC validator that implements RSA/SHA-2 and/or RSA/SHA-3 MUST be able to validate negative answers in the form of both NSEC and NSEC3 with hash algorithm 1, as defined in [RFC5155]. An authoritative server that does not implement NSEC3 MAY still serve zones that use RSA/SHA-2 or RSA/SHA-3 with NSEC denial of existence.
Given a 1024-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 247 (RSASHA2-256)
Modulus: 0xP+0iFPdhzUUmeYeZZZvddMG1lkpbvbcjSH/mLf/XksiFHq/legqzLQd5QajI3Tc7bIcRuuHPtib2nKm7k4R1SduNxzUyv5z/T9MDOqlQrUOsBveuC5Wf1b+36PLjWJNqnzFkZ9wuQIDF0uDZwGnebWZDJavq306j/XTA/iZtc=
PublicExponent: AQAB
PrivateExponent: uVnMoR7JFTG5rGb1+IbzZQYC+d0kyXhN+lpwtQyEHqPiXA57KT8vgkYL04WFTrlX3ju6hcBFw4Nn6+fdF6Os6zXGgexNh2PqDG+BSSO8P+dH7hNiuV2qSONgkKrJco0aX0q0sAyo7RzRHkAtUUFum//2qMQ7wGZRaVk3FPsFmQE=
Prime1: 8BHCdC21Zfw8cs4IUKSDqg6JZh6GkdHIHyRpgtPQ7pSx99QtIbU9+VoTcJHw09TId7MOm3fZ4nrALYQHFow7gQ==
Prime2: 4RW9O6uh52sNxjpYVqheZj+6Z2LvkIPsbgJQYsqhNLr/vf5apact+WXz5pWMlHOguiXu8qiZa86B1dxmHAkuVw==
Exponent1: t1p5D86RSxE5Ad4GT8E2pj1wB0StNtXoaJCg3UD1xCJhQo0U4zfP25BGZKWyL7fGXFWvhGInUWi7Oogp+bilAQ==
Exponent2: u5c+q2iT+ydBx6AA19hjNJyQYnIWbz9D4TuUe4GdcTEYy+Qc8EqxClZqPBcPnvnvTrUmvJ6/nxXxJ6gUgfE06Q==
Coefficient: m9t6RWOcmP1MLC8YiaxLvsJ1MLe+JTiu+Tzx7plz7bVd9cw0SCbD/X+VXBiDheu2ZyaZ8tuprEX7FdjiTU1Hdg==
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 247 AwEAAdMT/tIhT3Yc1FJnmHmWWb3XTBtZZKW723I0h/5i3/15LIhR6v5X oKsy0HeUGoyN03O2yHEbrhz7Ym9pypu5OEdUnbjcc1Mr+c/0/TAzqpUK 1DrAb3rguVn9W/t+jy41iTap8xZGfcLkCAxdLg2cBp3m1mQyWr6t9Oo/ 10wP4mbX
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (42 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
42 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
C9c2AuyA6rB3XL08i3PgDtMZC2+sNiY/B94+
flfdxYz1OVmm7+byEVVxmAqw7nEn3MfUGpwj
2E1Thin2pYZ4jF4ep2kz1kDxXWTFnKwwxgAl
nFGeZihBJUUpfXpzIWVOGwkIJIWL+aB3mS3M
Z1EJ2Iok1n37ZO9Uf6tLcZDYLck= )
3600 NS invalid.
3600 RRSIG NS 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
y/qVMuKsW5dqkXBLQmTj+RJ1UCe8JUpLw7/x
yjlwH8qtUxJ3YxkfeDbx7Lah4+mZtYebib2Q
gSedJE/ZERTwsB7njLio/hoMTUIXD/BBGbd3
LyNHj7v6ujZO6HJ2ai46+qtYAXo2PHDV7i4I
AtOJQR1+Lz5Q/Bd6zJKuHiHft6E= )
3600 A 192.0.2.1
3600 RRSIG A 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
SjJvbsHI77EZFZnNFYGoFXhKPe8yJy7Jb4Td
mHFabTlpaqjByYlgQUyvB165KrvUBfSm/qMS
NqBJF7t8TmmsMkVpaL90GLYMvkKQexv4qI/X
PKZ++nynOa9HObcjUfgR0x3jLc5K+sRfnYwW
oJqjh+1z0Kb3hq3wawGVmRgZZwA= )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
Tkleo5JjLcMDz+JzfG1Pfan4YNVrsLn0z8jJ
RME2LEionhZqLLAScmHy4yBg3RQQI/Ak+516
nBLwr1F23Kh5dkO9ApefKryn1SZP6LndOcBu
tdlq6MzNkqwgpXwFYwTsQtxG0SJPZxA7x5du
0F4QoBe/bC9vK69gra0Zkc0IPos= )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 247 2 7200 (
20300101000000 20000101000000 30005 example.org.
CNggBNHd8AmjG3TGV34Mb6oMycx1OXLU645d
aDvA/LGZ5qBF8Oz5W56rYzpbcUS11rZBBBAb
nscR73oqF89BaHEMzQCpsVkoA8ao/xRAkMl1
N49iKGB5vCR2XnVkhH5b9JVDSK2Td+cWzDN3
O/0Fjg9cviMI/rEt1w29YFkYZxU= )
3600 DNSKEY 256 3 247 (
AwEAAdMT/tIhT3Yc1FJnmHmWWb3XTBtZZKW7
23I0h/5i3/15LIhR6v5XoKsy0HeUGoyN03O2
yHEbrhz7Ym9pypu5OEdUnbjcc1Mr+c/0/TAz
qpUK1DrAb3rguVn9W/t+jy41iTap8xZGfcLk
CAxdLg2cBp3m1mQyWr6t9Oo/10wP4mbX
) ; ZSK; alg = RSASHA2-256 ; key id = 30005
3600 RRSIG DNSKEY 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
RHImUBMtz6LOEkEZLeeUKY30z1LgknkyawpZ
GLRLiE84UkBAjF559Yk8O6Dm9qTPa7jpu0ja
HAl1WGAHQU45w7t17/onSLJfE+6C9kS6F3N+
qhWu+WWMz6/fvbaoe5EG5v/AkXA/iF3sEPIt
Y5bA3d1IR9bs36fyk3c5c0vb170= )
Given a 1280-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 248 (RSASHA2-512)
Modulus: v4LMvpU2sPxQHPOos4PFROf1U02gmzkOdeBjWiY1iEsyDgaGEJ/3x1D4oIVHI9pMVS47JoQvvhnnOnJv5/tslA5ivWsTp0i6rFzY3+F+zDUCA1AcD/rcECgfizC/VZSHvH3aThpjqiwCN6HtC9ofPNqxAikdwMeJP3oUSl3Pg/Y3S8pX2ykHNoq2+tROcypY4VUmbFqJa6SAxBT8EeWgTw==
PublicExponent: AQAB
PrivateExponent: uIbklwIZN4F2A992/rmJ23IRPNoAVXAtkcDKmjNUw2WI7mC0ztIEIgXP+oNQ36fYgv7PubYGdopo9TUMxJ7KqQIPe+nvfvEiBTBVO6r/zOveAJXvq3RuNJ0DCBnhvMhWMha7rRcqp3FixJ9J7cBEwRmJQn+KjrrOZJ9zCFJZ+CQZ5yTTFAdrkjDtpFrg8XUSuDqo85/RFtFUQiMHNzLZsQ==
Prime1: 8ji5lppCo7FCVENMf+a9u5EpXNwH8P+VFHaw99NAKqEV+pWBS24Op8yoRxt6f7mmRe4FTNyTfkkdSpMo5aN6oa1h/vFo14ifFTMU46Vm8ec=
Prime2: ymed+9gYJ/z4ulOPOBrJV6BSVIZgE1hxSkyR68h8fzGvc6iPCf7+JsM7XrIK3Z5dxFQ8WBg7YgbKn05mD1dqU3sJJpIstvKdhvUmaJyVYVk=
Exponent1: J/A+eZyZ3E+/9hDarkQniKPYxBzrmksqE6O2bkaA0AabjyPTm9JbzEMsg/z9581+ow0qBpBgKXR4xfEZzzNzZvEltVmsxc0bHe28RgThwoU=
Exponent2: jWsESRhdGGN57cXARXUBxIWxwHj628lprn39Xn5/7ebrLaZR+qv9K1wxOSKw0NN7tFceqnaT1xPjspb2XDW5hoZqiFaNg23Ufpz+rwzomlE=
Coefficient: 2hX/dV/0jj0IUyAbx5N1I2kIsjf9FJmQHQjktr63YG0CMMBMRNUWF2Y4B3Z3RJHHdeBRvD4r3q7JlkhXvuOWn1EyLFx8ZGOZVboKIcePgUU=
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 248 AwEAAb+CzL6VNrD8UBzzqLODxUTn9VNNoJs5DnXgY1omNYhLMg4GhhCf 98dQ+KCFRyPaTFUuOyaEL74Z5zpyb+f7bJQOYr1rE6dIuqxc2N/hfsw1 AgNQHA/63BAoH4swv1WUh7x92k4aY6osAjeh7QvaHzzasQIpHcDHiT96 FEpdz4P2N0vKV9spBzaKtvrUTnMqWOFVJmxaiWukgMQU/BHloE8=
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (43 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
43 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
LIqNhZMZthJKDab51kfzn9TtMyWSZ+Z+yOZU
Ukg9j6gAzcezPNiPer9A0FtgDsXFU2ICRDOx
kGeWjhgEN1JGOxA7robpGjOTLWAAYbzSihBE
ehqkpDTJHsmTv3lnjioAFaalFKwisClR1GH9
t7T9sZMEc1G25a4izULX6PiKAjBBegbJ6sGK
6OgCbuxE3yTwJTiPb3/W5IfPbv/bRnETWA== )
3600 NS invalid.
3600 RRSIG NS 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
Sj3JxLM0kH9UDcyO09Zhrupw+0iafH8Yk20I
a2m1S8jnjWrwCQplg/RRcM+9B5rz9AoNZJg7
iHWEwmP9jLK5umbQXP/zCt/5UffdiPSNpGb7
epJ5aNVVfvS00QeqL/yOhwkZcpVd9YszYq+V
Sx6hMHJ9SSqx/CBZZzwjJopOPP4zabha41RY
J/3PG3ohQh7hAigUcNgO4AwxAoV+D/3yQQ== )
3600 A 192.0.2.1
3600 RRSIG A 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
GZY8uKkZ2pKhtL9Dh6NKq8GES4WUn9AFOtNc
PHvXVANuMadMh8LwgmtKe7H6HujPW8Ghj0wJ
XRkGJ8kinCRp51eSF0gsr6vIsLiYCx/2XJW5
4dCufvxbbZe3e1yHOOSExLDICT6SQ775CavX
cjnFsI4NAzPO5S+55nq2EvUug7stYeS89mUQ
Wq24FZOnONIY1dbRfpzCkBSs09wXSBtqPQ== )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
MY2ha2+UIdeHSEeBLqlb6Ls9gTCO7yUQkz3c
yM3A3Als78y/nz9GsEUjpQ6JGmt3c0Gs64mx
WFl15oo/LWrum/HLwvoXciwZOueCSzIpwjQY
zlqUNNbtKLYLChzMdq07x1Cak/kjF8ROsSpz
rQ5MbQDnLN25IOLy3JodvcZFnzsoxmx2LAJ1
g80Ps4+p5QbTEoASNGGPUR84LPrZ7j4Nrw== )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 248 2 7200 (
20300101000000 20000101000000 50019 example.org.
l2RkbZqizyfnWMThvlt/F2zltQ/DVOmSCQve
JsIe++bJgbyloiLhDnia9ZqwT/apob6VHAgg
KXEII+R6WGuPCBHe3Px2xVFWgh1EU3GnoTWv
JCS1cQ98PpzBiLxIwMAQCp0ItUFj2M2LmZc9
JzvSFW2UCtUK64BCS5aj0qWPPfWuWjM1bJ1d
weyYT+oCKY/GurJbRcjOs4r4Jmsq1PctDA== )
3600 DNSKEY 256 3 248 (
AwEAAb+CzL6VNrD8UBzzqLODxUTn9VNNoJs5
DnXgY1omNYhLMg4GhhCf98dQ+KCFRyPaTFUu
OyaEL74Z5zpyb+f7bJQOYr1rE6dIuqxc2N/h
fsw1AgNQHA/63BAoH4swv1WUh7x92k4aY6os
Ajeh7QvaHzzasQIpHcDHiT96FEpdz4P2N0vK
V9spBzaKtvrUTnMqWOFVJmxaiWukgMQU/BHl
oE8=
) ; ZSK; alg = RSASHA2-512 ; key id = 50019
3600 RRSIG DNSKEY 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
gGFb305M15oFs/+Mc4r9II2nmqARCt52Rj2y
7aQNKIk7PXqxfdsnRpswmvRL/J0zUsoP/Ecj
E+yLZQpJz0Chycs5UszXCeHxGqx1GandpQaw
LOu02AFI2rdpamD242i3RUSfxjKUpo2MFuS7
c92xUOOkjwn1MAZruUKWPbVzCm3pvqIHTytL
JyGDHI8LqCbhbnf3hP2G45BCzh1cp41EYA== )
Given a 1024-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 249 (RSASHA3-256)
Modulus: uI99tnWEAZ5j8hnh29acjTWKUncLZpGWYCWjmz7KB7q8NCiGdA7dgkIBpGrsry0jF8PVGP8jm2omdMaPDX2N0UcEVKrUSKczNQb3Kdiihl1J8/IC9KZuHqQJHr8E4Gu/S4P1EbpaM00F1YPCkldl7yTyXEA6waP2Qs6lfRETffU=
PublicExponent: AQAB
PrivateExponent: ceGgqZBzxufsNfxAgH05lmx+EIqCT2TwTB2NiYLB+OkBrpF+/WgayIBgMQsFRsZsTAK7oDP2zbQ/THkk1ict9PHByDAAedOo+sjYqja7/NMqHZV2y5nfOV2gr/Qkx8Ns/JhcZ6bD0TtS+mTTGZPKxHZYoZKp/EYaRpY/FH/tgBU=
Prime1: 8a4Tyux12glzCP4cLndnDi2MT9M4WRR0B+8SjU1zoZVgOiF7WnCD6go3LAGl8SbiMzX491cJFKuK7/0qY4wTcw==
Prime2: w37/PBybwbTCtWJeGQo5sZUmAfcB4G9KPb0Xx7attTlVcvS3BsNxQ6u5CJS6PkxrRLJhObY0co97esbRlfXe9w==
Exponent1: X5pyH/LcR+03AVasRUFclgI0oBs5DhwGLmFHYHhEBqZ1k2lNR6B8vmdeHd1lDHlKP+HY49cdM30MkBUA4LI3uw==
Exponent2: P7FYptULSgkChuYNkkrqkRju0SUQz3Zy0bqRzNePsMOFO3bPSrzSYiHInysVosZzDGaxloPugoSMzmuITTtV8Q==
Coefficient: NdPPfYznkez2NNKsVydeZleq+jOBaQ3O98YZteXreOrH8L+pqKxkymKIvqjiTzWdA+fDV7KfFrbv0ZFwGymsNQ==
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 249 AwEAAbiPfbZ1hAGeY/IZ4dvWnI01ilJ3C2aRlmAlo5s+yge6vDQohnQO 3YJCAaRq7K8tIxfD1Rj/I5tqJnTGjw19jdFHBFSq1EinMzUG9ynYooZd SfPyAvSmbh6kCR6/BOBrv0uD9RG6WjNNBdWDwpJXZe8k8lxAOsGj9kLO pX0RE331
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (44 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
44 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
Uwq4O7WnX3WgD4gqrE931DqCByyWgf6+YfZe
vRCTzMe+/q/36pWhYhej6wI3Fo2JRImMeL85
IEdQNEUOcZ4SyfbnC/x44Tj3xlF1imf40dWy
/HDLAdAlCfL1bZVxd6KNPBoGsZmWqqdePguC
Kvv6KpZB5bmQhlPJHmcevUajG80= )
3600 NS invalid.
3600 RRSIG NS 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
WXtpjYg9ZGDYBn01HBZwrHiJ8pccXicaLt6e
ck1lYFER1/Gw3oroFvHeI7l8WuyGyjm7QnXP
/avYGX7tAmObgKRh08gk2tDj8Ku6aKYRunVh
jobJi2WEsKBMCScwhjK64WJV90pOrWiU7/j6
D8fwTySTSmQJXn7mG/0ynIiwruw= )
3600 A 192.0.2.1
3600 RRSIG A 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
K718CGTXBAKJ3ug5YsHGtr4tPvHrrPFw0YCN
v97mU25mhBerDNLyNISCsMQPw0NVnXyV7BR0
8dpwnmZqGIhId4ojaSKCZtQkUkNiqrF77sZe
2jryHi8VvuT9JqFa+JI3vUHLavnGabc40qEC
zTtP8g1I3CEopnp6QDkLxyjwVhQ= )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
e8EgXwu/7VvU83ZW8gEiS+51HUfgkowoichs
9L7U5eX1axrynM7c3r7WvFy1hNGLxrzZOU7e
r8R+0QG989x1lwPSHeETryQ/5sUApOeoaFYj
3D+IZEzI0gGfHIXP+zZ2kRW3tQx0Bn1JHPWx
1+JOwFdfJB4jczG6YwydRVaWd3M= )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 249 2 7200 (
20300101000000 20000101000000 23809 example.org.
rfCOWKNWnlLoXuLPqE5fhq7yN10BZbZ0cCj7
8c4DROMIXistBFRoNhYngTDratXojbJGCO4F
nbA3kSOh91RaSevASHDF9SvAysKUqWIYw4Mx
hLROhu9TjE7i3VgYt6rEHoQIMroOry3dao48
12mcadWl4MgoDyJAxTbUGZyTeFY= )
3600 DNSKEY 256 3 249 (
AwEAAbiPfbZ1hAGeY/IZ4dvWnI01ilJ3C2aR
lmAlo5s+yge6vDQohnQO3YJCAaRq7K8tIxfD
1Rj/I5tqJnTGjw19jdFHBFSq1EinMzUG9ynY
ooZdSfPyAvSmbh6kCR6/BOBrv0uD9RG6WjNN
BdWDwpJXZe8k8lxAOsGj9kLOpX0RE331
) ; ZSK; alg = RSASHA3-256 ; key id = 23809
3600 RRSIG DNSKEY 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
hgKUSu/6JOKBEA9LavThiPFsDk0JOK4fsCiJ
cR8Y/uAKyTlZ77m7olSWnbhSmAkzM2dST4eb
KfCKgz+v6B0H+TGuuVZ9nriFggRsUu0uddsD
sgOVuWB2XC0e0lJMxpYht/DQd6ZLc++XhWyK
a9a0Iw9/bcIFaKY+bhn0zWp3y9k= )
Given a 1024-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 250 (RSASHA3-384)
Modulus: xHuxiHax4XcfW9yCIdCVdrqs+L1lfTZKdOK7C+J8yDptcyS7DC8Su0X4hqJxA3M0gZFfpwSpuc1/XSwm0pDCqByy1qehIZgJMQ9dm6whqokGgqcpOxEbLhKDHoUl6dq6MVZAoys2wYgpEwK9E0GPx1OT80EeO/8txqyIx1b3X1s=
PublicExponent: AQAB
PrivateExponent: vFr/xBxVRhkWPM/VCGmW/uzR6NpXsoMbOZYpTalfietJBTrO/U0bHeBj8V1EDdShHxynn8r+khoH4N/0j6MqlqEnKmL7lTDeGV5ezKLu3uLFa6RISolasqpQBqptImJ+hbXtozDKPhfjI/+d9FZBB6J1g2RlwujGX6VJMbSefvE=
Prime1: /fmeKF6OHGM9aWJq4j2/tNgbdTdy9tP2pi7VG4w7MZcXtt5jRuwDt9RfBb0i01+KOROWyIklTeHC3OIdU6otLw==
Prime2: xgy6/HX5aChVos1eunk1ZezvweGNfBuZr4TcpcTShzLs8ftGs/fAZ6Ea44p7EZizB1yaEspfcvTMHFnC709dlQ==
Exponent1: 3UV/P9ixo5XqyUgPqzD1NxAZTBSVOusNN1gSH0AbymbDKHW0tPOngZ+rcgqIrvPML1IbyneCYspQxbTSrDPVzQ==
Exponent2: BOFlbjk+ByoPSi7Dadb40OUw11dGlEtd0yxz/4XFJl3D5wapLGArlqIqtnbAJ6ParZDDnzjrdzq/GOfBXQJYrQ==
Coefficient: NPxHl0td8V/7Sk7dnGfF6Fbde3Kwt8PUUsVulh3rsr1wjmWeW6JFBxd8R104k+HicCXrLj+YthGmLS3jCwnidQ==
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 250 AwEAAcR7sYh2seF3H1vcgiHQlXa6rPi9ZX02SnTiuwvifMg6bXMkuwwv ErtF+IaicQNzNIGRX6cEqbnNf10sJtKQwqgcstanoSGYCTEPXZusIaqJ BoKnKTsRGy4Sgx6FJenaujFWQKMrNsGIKRMCvRNBj8dTk/NBHjv/Lcas iMdW919b
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (45 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
45 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
i7x4t2CwGks6qLxRxbdp+pakfK27TzN91vug
UPyU+TmOzPYqQoS2MOjJn8TVuje9vZ4EnuzZ
cTZCkO44r9XIgqth4tY5aJfK8otr30DYYwYd
GOv719RBypf11JOk9FW4+rcgsSfTu3z3+a78
PuGh5oR7fUGlg/d0//WraW+Zg+E= )
3600 NS invalid.
3600 RRSIG NS 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
c1o2/g51y3eo3E3+28Ot1k4vg4sE8MEIHdel
rD35/XAOzDZ8PH0HmrBzYEGUTk7Dxv8ts0Yj
M9xtoF9HIxlmOF19yjKrT7LNpXmbcbxA/NNH
kNOqX3EzsLZFD1t7btDqKtj+CaslkxMe6JnH
m03CtRj6b2YF4TROa8swzElwMSc= )
3600 A 192.0.2.1
3600 RRSIG A 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
UXoGfLBwSu4b0bMrUvf6QC4Yn/WspMpv5ARf
Z2aZPZABB5ZTdmSLXuvRP4XG9OZNiQhBKCVs
4gLi2MutsVD8AB6N3inJcvNefty8l7+wdnUk
HKuLk8O+/GCB0394nIJTKnazGPhUJtlZucZV
jSNlo+OVLqCqcKtUjG+YB63J5V0= )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
hMN/J/JZEyMhC9RqJpowhidhSRQCOeiTWyhX
i7+prwrtJ0CccOmakac2QjuKBOEkeXOzUpLL
nXY83uObZCvWg3HouhZX+y9CgLueqRjfK2Sr
KrBLM1zXceqg2zjjxr7UjYn9ty6sJeOJbQLk
LDEOW7fPPSLPELa0S8kS6Z5X/6E= )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 250 2 7200 (
20300101000000 20000101000000 54407 example.org.
ZTSVWOyH0HY6OYKDhjAqDlhdPjgzSx6ihA5/
Nu1tOJgtxXR+/55PGdplIfS3Q4vujqbbwjD1
EcSGUgVP9lnL4wqq2YwSALj3e5K216wRhBKz
G5YwFrduYZAP57nGdykzeNQZRB1bEpLUEzrP
/u+TQCTrLDSTMv4s61gN9d02gl0= )
3600 DNSKEY 256 3 250 (
AwEAAcR7sYh2seF3H1vcgiHQlXa6rPi9ZX02
SnTiuwvifMg6bXMkuwwvErtF+IaicQNzNIGR
X6cEqbnNf10sJtKQwqgcstanoSGYCTEPXZus
IaqJBoKnKTsRGy4Sgx6FJenaujFWQKMrNsGI
KRMCvRNBj8dTk/NBHjv/LcasiMdW919b
) ; ZSK; alg = RSASHA3-384 ; key id = 54407
3600 RRSIG DNSKEY 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
iFy/6jk0In+egxxxOGzvknZ2gufOFAlrvZ4Q
2Ufa2hLKvJOhsQrpcEfHtB5vGivZJ9WwShjw
5n5YlBE/VKyy/IpycgJwybrBBPimNViwfn8y
BunXT7x/OJ0tSeDxr1ab/CwPBl+0uq3RsDqs
5qJTL5pmN5JD6kR2tRVvy3MicTM= )
Given a 1280-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 251 (RSASHA3-512)
Modulus: o+YkFXrbuWtwzgjWTMxKWL/mxKmZiIEwZQocnh0XN8ON6AIFc+aECjkxwO5pWG171NCXt2acYWnKakpCmpiSHh9ggj8hL5O67Zs409xo0vqRpXzxY27IvBtKNurtD48RiPknLh3fEhuRnHEj8X2fpuOUx0yN5wOZx3PRjNxMeLnTglxHfRqah/tApQnCTvBAWX5vSYmPP1u/4I/UR1Zpyw==
PublicExponent: AQAB
PrivateExponent: TJqZTOzSW7SK0dGxj82ABkETM+HtH676Fo+GVqRUIL0my0R+lfAs0LZwubL0y97IHOytrIuqFaGjeNBilu0uhiO2MMoe0aTjnoCJLAR9ffXdqZb1FGMn8kWkmmtZJbm3LzFYHMs4B0exGq4vI2DfX5UF0LZV1YN4WIk2jgMPgRdJRZOOr0ZyJs8dz4VwhuVZx6SRa4ADB22QIRUdCCEESQ==
Prime1: 0fpRrO03qcRgQpwNiiw0sjBguAClUVMY9H+ZLwUrAsiP65/ikHOOXTve7aAW/OMnAmKdmpaA0jeMiYdwidMcdwVJbZM0qHsqkxrVZmtgFy8=
Prime2: x9Jgn/DLIVzcPl8VazyWcn51hbM2xd8J5fZYp/ZPVJBDlfvlICT6YbpYg8CyPjUpoDM4JnAH9v0sICO7GgrvQIY5XEYnLmUttdBj8+D58CU=
Exponent1: lXLZcQABrzYS4TXauS5Pb0fZfv0OrPw89cBfkcTW4QtIzAanJfLpL9iuCWj5E5LFMABqdh2KoJRi1XvtkFsOlnPP2Ep+ny/SlJLzsgrYgIc=
Exponent2: fsVfe9keZhotuHxGcHRN1nGYSax7MWnhM73oXRcNGU81MbBPmuca2mmIwn28F29O603Tb79frjjMh89jYpBRXZRKS9pN/Uc/iruczhqLNuk=
Coefficient: JF5wby8oSnh2Hqff02l7tA80wNf99YWUPSn3yHfuoQKgn274V2N/QE4XgcpJd+ioSkKNX+GV6RpG+b8gUiR1hCxHBPpmeb/QcA9ivnrW0L0=
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 251 AwEAAaPmJBV627lrcM4I1kzMSli/5sSpmYiBMGUKHJ4dFzfDjegCBXPm hAo5McDuaVhte9TQl7dmnGFpympKQpqYkh4fYII/IS+Tuu2bONPcaNL6 kaV88WNuyLwbSjbq7Q+PEYj5Jy4d3xIbkZxxI/F9n6bjlMdMjecDmcdz 0YzcTHi504JcR30amof7QKUJwk7wQFl+b0mJjz9bv+CP1EdWacs=
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (46 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
46 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
OLszLePpxC9kXYEHP+xnQ/5VVGUuIECXHzEG
ksSPKttAmztjP3GVZpNCqYsahV7yKKkkd6TX
h45w9pho8ZWDabPdCjzCiwl5aL+OvzUWXeGJ
chObfU1AFsW3I03V5/8KUzH6o1CCTDbYbLeP
saI/HH+G4k6mbLU1vNBCKjT8U2wY2T3mtCry
a9heSY0UbORoQpilzljhtmyU86LfItD7tg== )
3600 NS invalid.
3600 RRSIG NS 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
LtjteiIhqrJWOJDvVHB2YBdpOPtc62N40uGe
GoSj9S9pU8UEte8K4T+TQGefc89SQQMBKMl+
LtdKY4G9pTLBSVzpUw1ht4hZvwU5mKURWDJ7
+ZR14ic4Sh91R79U4BZCxe7DbQa+3JWhBLVo
KFsmsFwlStpWSe97xoQNiyC33Y0TRl2S/7TF
p3ewL2owYRraSZZqj+UAM3oLXPyYJoD71A== )
3600 A 192.0.2.1
3600 RRSIG A 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
HcOfonaxmSgcjmoRCkrf0mm3K/6zbQQyseI5
u/dmqN04jGjO8OfinRX6wWe2uaQUCTSITyD+
BONJa9BotX36uDJgtm+UYqz+xFSrF/Wolb9X
GrKBzRJXwKGL8z/gcIJMn1VchSwcFIhh+w4K
QAxWmpm2mNdbL83D1Ep+dRgLgsawubhwc2t0
UM6kLJgsx8qYEDDVk6f0UKFWBobseyP5pQ== )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
AvBYmq6oMCOAQi4DpSpo5+cRUX+vZQgvaNH8
JnT68vibTlyxlUOa5BlxQv7IrrjrM7af73Ny
6tdZfUoQouSpThCs22cPC4T5RPZvSvWzejGc
Fc8ElNOFmftx4d3ag6cIn9Wj74gEAgmqmp+j
uB7/hYK12A2/shgDr0S1UEax2YehBNXdViHZ
aSwSQoLrW25zN4ENgnVkMKUQ/2OIOhyKrg== )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 251 2 7200 (
20300101000000 20000101000000 23118 example.org.
MeDqwUq8KuJiSLZBefoJqgvuQ6Nlm+IPDFMA
jZUkov419KPqItr29YIG+7lL8Ow/PRVbb0mM
VfVUTIKWC1bfAhO2FBAQJTIzAeFELnUSsTaa
jcNdRSen8VosEh3822rwjqcQD5hhm52v7ZCT
QgrRrgoZBuCHU9dDHNfauUie0mrnCqiuFRjR
DafCZeqYzzIpZVDIjyFDwu2LRzkyKduHug== )
3600 DNSKEY 256 3 251 (
AwEAAaPmJBV627lrcM4I1kzMSli/5sSpmYiB
MGUKHJ4dFzfDjegCBXPmhAo5McDuaVhte9TQ
l7dmnGFpympKQpqYkh4fYII/IS+Tuu2bONPc
aNL6kaV88WNuyLwbSjbq7Q+PEYj5Jy4d3xIb
kZxxI/F9n6bjlMdMjecDmcdz0YzcTHi504Jc
R30amof7QKUJwk7wQFl+b0mJjz9bv+CP1EdW
acs=
) ; ZSK; alg = RSASHA3-512 ; key id = 23118
3600 RRSIG DNSKEY 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
SUr4RUGNadiJ7pJe8X2bnnUuHbNY3yq1S+/W
NRpfXT5RReL8Ag5QuBQAnKwkqbV0UFeM3D0S
xX46BY/75LerOIqy8FHaXbk9qiLBaX9E7/cV
vUhkf9Dbp26Irc59AQCAB0OQ/e55onU3NRsY
TWrujs0cyOo2B8eSHPcd8M2Yvwyh/ZEQNfUj
YXKwAO6a+DZeId9BwU0KiEcrLs/KP2gzEQ== )
Given a private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 245 (ECDSAP256SHA3-256)
PrivateKey: FHj8A/R6a/L9gP0cEyi/2ILg8d7ooxrS332FZNuED2c=
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 245 5DuYfUIL3CQAibLVRZkHNX8RsmMgXYMVwSWsWvSFqhULW6UhzF0NV4wT Vw6eFTWrJMH421Uk+SI1YFxSL5a77g==
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (40 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
If the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
40 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
Lwigfv/bGllB3Oy8VwxiocNv9Gzcmkm3I90x
dRR2EE8m7mAB6STKrCAWb/W6FS0idcQPiSgL
8uCb0yepcmbtFw== )
3600 NS invalid.
3600 RRSIG NS 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
I/z7I5Q7L6Gec/NynbXGg5gtbVh9DBMFuvX2
6eD6OOeORC7As6/oQmb1kXaHPpLj4amg+f/n
HnJHUfYweLuq+Q== )
3600 A 192.0.2.1
3600 RRSIG A 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
PuehYLyx2uSSTe1lsmCmu0fe9Lty4IMB7BMY
q106Q95EmDU9NE93aNn/N3jY3aXSrr2Omumg
UDixTS/b3WTI7A== )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
jmQwgJCvCC1JLGLpOTUYq8p4w3x3RQ4U1Qaj
Wg1w/PZUX2L931+UScQCgxEeUMEsPBQfDRD2
ngjaSy3EPacAmg== )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 245 2 7200 (
20300101000000 20000101000000 43839 example.org.
7TtsB8CoVLjTGx3yDVDwOcGsG3+1FdC4S9zl
jSOPIYfRD3KnlBPE+9fyl/5YIz9JDLu+AiJI
49gk+PHBru63EA== )
3600 DNSKEY 256 3 245 (
5DuYfUIL3CQAibLVRZkHNX8RsmMgXYMVwSWs
WvSFqhULW6UhzF0NV4wTVw6eFTWrJMH421Uk
+SI1YFxSL5a77g==
) ; ZSK; alg = ECDSAP256SHA3-256 ; key id = 43839
3600 RRSIG DNSKEY 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
oRrJQrqVwC+fAtXzUQELelLopUXZEcOLkGiP
kyOtu5/K9/PlTPibU9szJeVJwS1L8FBHetsq
NWw6YKBpRzZQGw== )
Given a private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 246 (ECDSAP384SHA3-384)
PrivateKey: FaHBWT7qWcJF2J4ExUPgBZ1poxJ/Cwvzv6+BF5rGT3KuIs83ABt51ITt4hVwaGfc
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 246 KQdbXXFXMQBV7lAOrRwFYRitDHNxZEXbVYz7FxAkwlGNYdkEePKE7Wfz AgatdexHHeKTG61+3bkW5tf+pSanH8pV6y9fhZQt6gf6v2XD8jPI3rMa 9ucGNf8PThBzVAVT
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (41 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
If the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
41 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
ZPWX28z79mJc3UbHfubZOdEKPg1BiKy9vdLV
GiGIDU6QDFSci3NmGdjFKfuS31EEjmehVu1M
CaJRFmbl/q1HhoFzuRVnGLkdHr+krBCon9Uo
3l5EEyorRFCOg5Ro5i/z )
3600 NS invalid.
3600 RRSIG NS 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
nAwt7QstHenYC2h9eX7J0p33QRE3S+C7+Wz/
LTOEWqtm0AfU10hnFmnw6OGmxkp2ll2d2qh1
JjrkEPDwg0jlM12SFDTQmwW5TnRQV89N16R2
0KKnoxrdnMSO8WhhnaYG )
3600 A 192.0.2.1
3600 RRSIG A 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
ATgXx7BFVUQYFBXx/xiTq2T1CWUAuFmNpqF/
JYVXi0elgImh3a+q6ZCUATUmSvlmDMW6KEhY
ggr2MdJnT4nm0Qo3ellq8mUAvY2X9/yON9Eh
D+Ist8SZ7WDe7UX8Pe9H )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
T7DAgHgxAFNXp5I/alyc5Vp4jsE/L/C9v6NY
6j+I3RyiCCGY0PY8JY4R4iEd2QB9GPl0zByF
bGVz3MfxiyF/r/BB1zdzgqCcsZ7O932sOuRj
PQFHV7TuKabl0INvnjAs )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 246 2 7200 (
20300101000000 20000101000000 34779 example.org.
Tc7HYK4o1ZYYdkSbykdG1aR3dgK/Ah8evaKp
4hfBm9R9GiWlusEhD6OWPGKjw2Y8zC/yb9h0
S4lj5TvbzRFY8xfvoys6w9x4KSo89bAAIIkQ
ojBivLF8GlXOhDApeqr3 )
3600 DNSKEY 256 3 246 (
KQdbXXFXMQBV7lAOrRwFYRitDHNxZEXbVYz7
FxAkwlGNYdkEePKE7WfzAgatdexHHeKTG61+
3bkW5tf+pSanH8pV6y9fhZQt6gf6v2XD8jPI
3rMa9ucGNf8PThBzVAVT
) ; ZSK; alg = ECDSAP384SHA3-384 ; key id = 34779
3600 RRSIG DNSKEY 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
WpuLvqdHWbmggF7tTgXkFuoHFgPgY7Tl35zg
jLEEgZJJUXDEDOC2pFpYVJljVPGptUW4EWOM
CoCu70UTPpTJUnXWQgYH/2lW2SjWk7KM36rH
nWkRklSxtL8y00IV1/Nt )
Given a 1024-bit RSA/SHA-256 DNSKEY with the following contents:
example.org. IN DNSKEY 256 3 8 AwEAAbljrZZb1Qyq8ui+vnYL5exWSrQYFkCFD6VvJoJr5ADo7CxZiyxu sJM6oVHF7pA22rKJqjgIR9lksZ1+nT2WcwdXQuAFLrLFAI5L42mQKOHS hx1S3vHosO0iSIX47IyyR2O+J9qLhy7B+T4cJzAq2dOtSziqL1l5BCtw 5ZNYJX8N
The DS record for this key with digest type SHA3-256 would be:
example.org. IN DS 25803 8 252 AE03EA9388D4BA12725999B8E2C4ED14E06EAE8B78229B81154F61FE8EDBAA5F
Given a 1024-bit RSA/SHA-256 DNSKEY with the following contents:
example.org. IN DNSKEY 256 3 8 AwEAAbljrZZb1Qyq8ui+vnYL5exWSrQYFkCFD6VvJoJr5ADo7CxZiyxu sJM6oVHF7pA22rKJqjgIR9lksZ1+nT2WcwdXQuAFLrLFAI5L42mQKOHS hx1S3vHosO0iSIX47IyyR2O+J9qLhy7B+T4cJzAq2dOtSziqL1l5BCtw 5ZNYJX8N
The DS record for this key with digest type SHA3-384 would be:
example.org. IN DS 25803 8 253 BA8A4350F844CCCB8308694B3ADD478FC7EFBAC936D82D482D88F792FAB0766567E1F58F3A1075708CCC0457C9435ECA
DNSSEC implementations are encouraged to implement the new algorithms in this document as soon as possible now that SHA-1's security is known to be degraded and the SHA-2 hash algorithms are currently the last line of defence for use with RSA in DNSSEC.
Users of DNS software are encouraged to deploy these new algorithms with DNSSEC when software implementations allow for it. Users are encouraged to run DNSSEC validator implementations that support these new algorithms when they are available.
The RSASSA-PSS signature scheme and the SHA-3 hash function family are considered sufficiently strong for the immediate future, but predictions about future development in cryptography and cryptanalysis are beyond the scope of this document.
Since each RRSet MUST be signed with each algorithm present in the DNSKEY RRSet at the zone apex (see Section 2.2 of [RFC4035]), a malicious party cannot filter out the RSASSA-PSS RRSIG and force the validator to use a RSA/SHA-1 signature if both are present in the zone. This should provide resilience against algorithm downgrade attacks, if the validator supports RSASSA-PSS.
This document updates the IANA registry "Domain Name System Security (DNSSEC) Algorithm Numbers" (http://www.iana.org/protocols). The following entries are added to the registry:
| No. | Description | Mnemonic | Z.S. | T.S. | Ref. |
|---|---|---|---|---|---|
| 245 [TBD] | ECDSA Curve P-256 with SHA3-256 | ECDSAP256SHA3-256 | Y | * | [TBD] |
| 256 [TBD] | ECDSA Curve P-384 with SHA3-384 | ECDSAP256SHA3-384 | Y | * | [TBD] |
| 247 [TBD] | RSA/SHA2-256 with RSASSA-PSS | RSASHA2-256 | Y | * | [TBD] |
| 248 [TBD] | RSA/SHA2-512 with RSASSA-PSS | RSASHA2-512 | Y | * | [TBD] |
| 249 [TBD] | RSA/SHA3-256 with RSASSA-PSS | RSASHA3-256 | Y | * | [TBD] |
| 250 [TBD] | RSA/SHA3-384 with RSASSA-PSS | RSASHA3-384 | Y | * | [TBD] |
| 251 [TBD] | RSA/SHA3-512 with RSASSA-PSS | RSASHA3-512 | Y | * | [TBD] |
This document updates the IANA registry "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms" (http://www.iana.org/protocols). The following entries are added to the registry:
| Value | Description | Status | References |
|---|---|---|---|
| 252 [TBD] | SHA3-256 | OPTIONAL | [TBD] |
| 253 [TBD] | SHA3-384 | OPTIONAL | [TBD] |
Thanks to Francis Dupont and Paul Hoffman for review and suggestions.
| [NIST800-57] | Barker, E., Barker, W., Burr, W., Polk, W. and M. Smid, "Recommendation for Key Management", NIST SP 800-57, March 2007. |