Comments (10)
but why can't you just set priv.PublicKey
to whatever you want afterwards?
from dns.
For my usecase where I just want to load the private key to get the public key, I would have to invent a valid DNSKEY, use that to load the private key. Then I get a private key containing, possibly, another public key, which I then have to replace (if the public isn't live yet and therefore can't be queried using DNS). You also have a comment in the code that you should validate that the public key matches the private key which would, if implemented break, the above.
It would also offer the possibility of doing this without a DNSSEC struct and be consistent with how it is done for ED22519.
from dns.
from dns.
I don't think I was able to explain what I wanted to do and to be honest after reading the code further, I also changed about using the DNSKEY to load the PrivateKey. This new code should work as before, IF you are loading a PrivateKey into a DNSKEY with the corresponding PublicKey. I would say in any case the behaviour when mixing different keys should be an error as your comment suggested. Now the PublicKey would be overwritten which make sense to me.
from dns.
from dns.
Thanks for the quick reply. I will revisit the PR and add tests and/or documentation changes
from dns.
Ok I have now improved the PR with the following:
- Check that algorithm in the DNSKEY matches what the algorithm being loaded with NewPrivateKey
- Check that the PublicKey in the DNSKEY matches what the PublicKey contained in the PrivateKey being loaded with NewPrivateKey
- Test that both cases works
- Test that an empty(ish) DNSKEY can be used to load a PrivateKey
- Clarify in the docs that the PublicKey is set in the DNSKEY when it is used to load a PrivateKey
from dns.
0xf0D76D3B9042e7B01e647c9C24573B7d3fF8d650
from dns.
Override private key
from dns.
- OpenSSH_6.1p1, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 50: Applying options for *
debug1: Connecting to remotehost port 22.
debug1: Connection established.
debug1: identity file ./id_rsa type 1
debug1: identity file ./id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA
debug1: Host remotehost is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:10
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
Ubuntu 10.04.4 LTS
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: ./id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
from dns.
Related Issues (20)
- Message pack and unpack fails with an empty name in a RR header HOT 1
- Duplicate DNS rCode? HOT 2
- dns: overflow unpacking uint16 HOT 2
- Can't retrieve TXT records for some domains HOT 1
- Trailing backslash results in non-FQDN targets HOT 6
- RFC: Parsing record contents directly HOT 6
- Wildcard domains as per RFC-4592 HOT 10
- digest type 3 (GOST94) HOT 2
- Forwarding DNS Queries to other Handler in TCP Connections HOT 6
- Request timeout middleware dns.HandlerFunc HOT 1
- IsDomainName total length check issues HOT 1
- Idiomatic way of printing the IPs / A records returned by a query HOT 4
- NewRR accepts invalid RR string HOT 2
- Public Key size from DNSKEY HOT 3
- IsDomainName gives an ok for domains longer than the RFC maximum length HOT 2
- `Server.WriteTimeout` is unused HOT 1
- Passing context param to `ListenAndServe` method HOT 1
- TXT entry more than 255 characters will cause SERVFAIL HOT 1
- Is DoH supported?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dns.