OpenNIC Wiki : ksknzsk

• Categories
• PageIndex
• RecentChanges
• RecentlyCommented
• Login/Register
• Search:

Root Zone Keys

As stated on the project page, the root keys are used to sign the root zone. These keys need to be generated on the server. Before this is done, a direcotry structure needs to be agreed upon to store the keys in. This dir will also have 700 permissions. Currently I propose /etc/bind/dnssec/ with the zsk and zsk dir's inside.

The root keys need to be generated on ns0. The issue with the nature of OpenNIC is it's diversity. Thus trust of the actually creation of the keys is an issue. To solve this I propose the actuall key generation be done in a multi screen session. The members who would witness are Brian and Jeff. Below are the commands that will be run to create the keys.

In the zsk dir:
dnssec-keygen -r /dev/urandom -a RSASHA1 -b 1024 -n ZONE .

In the ksk dir:
dnssec-keygen -r /dev/urandom -a RSASHA1 -b 4096 -n ZONE -f KSK .

• [Source]
• [History]
• 2011-07-28 21:03:24
• Owner: JulianDemarchi
• Your hostname is ec2-13-59-153-178.us-east-2.compute.amazonaws.com

Valid XHTML :: Valid CSS: :: Powered by WikkaWiki