sign.sh 2.13 KB
Newer Older
1
#!/bin/sh -e
Michael Sawyer's avatar
Michael Sawyer committed
2
#
Automatic Updater's avatar
Automatic Updater committed
3
# Copyright (C) 2004, 2006-2009  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
4
# Copyright (C) 2000-2003  Internet Software Consortium.
5
#
Automatic Updater's avatar
Automatic Updater committed
6
# Permission to use, copy, modify, and/or distribute this software for any
Michael Sawyer's avatar
Michael Sawyer committed
7
8
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
9
#
Mark Andrews's avatar
Mark Andrews committed
10
11
12
13
14
15
16
17
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.

18
# $Id: sign.sh,v 1.35 2009/10/28 00:27:10 marka Exp $
David Lawrence's avatar
David Lawrence committed
19

20
21
22
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh

23
24
RANDFILE=../random.data

Andreas Gustafsson's avatar
Andreas Gustafsson committed
25
26
27
28
zone=example.
infile=example.db.in
zonefile=example.db

29
# Have the child generate a zone key and pass it to us.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
30
31

( cd ../ns3 && sh sign.sh )
32

33
34
for subdomain in secure bogus dynamic keyless nsec3 optout nsec3-unknown \
    optout-unknown multiple rsasha256 rsasha512
35
do
36
	cp ../ns3/dsset-$subdomain.example. .
37
done
Michael Sawyer's avatar
Michael Sawyer committed
38

39
40
keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
Andreas Gustafsson's avatar
Andreas Gustafsson committed
41

42
cat $infile $keyname1.key $keyname2.key >$zonefile
Andreas Gustafsson's avatar
Andreas Gustafsson committed
43

44
$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
Andreas Gustafsson's avatar
Andreas Gustafsson committed
45

46
# Sign the privately secure file
Andreas Gustafsson's avatar
Andreas Gustafsson committed
47

48
49
50
51
privzone=private.secure.example.
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db

52
privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`
53
54
55

cat $privinfile $privkeyname.key >$privzonefile

56
$SIGNER -P -g -r $RANDFILE -o $privzone -l dlv $privzonefile > /dev/null
57
58
59
60
61
62
63
64

# Sign the DLV secure zone.


dlvzone=dlv.
dlvinfile=dlv.db.in
dlvzonefile=dlv.db

65
dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
66
67
68

cat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile

69
$SIGNER -P -g -r $RANDFILE -o $dlvzone $dlvzonefile > /dev/null