ecdsa256 keys bug #422

Habbie opened this Issue Apr 26, 2013 · 3 comments


None yet

1 participant

Habbie commented Apr 26, 2013

[Having just noticed the anon login details to the wiki, Im moving this here from the dev list]


:; pdnssec add-zone-key zsk ecdsa256

I get:

:; pdnssec show-zone

Zone has hashed NSEC3 semantics, configuration: 1 1 1 ab
Zone is not presigned
... [ previous keys elided ] ...
ID = 888 (ZSK), tag = 8888, algo = 8, bits = 256 Active: 0


:; dig @localhost dnskey +tcp
... [ other data elided ] ... 3600 IN DNSKEY 256 3 8 AAA=

(I've confirmed that the dig results I elided match the previous ksk
and zsk keys I also elided. Those previous keys are algo=8 and are
reported correcly as such.)

(The ID, tag and name were changed to protect the innocent. :)

I also tried using gost, but that errored out as unrecognized.

I'm currently running the version in debian sid:


@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
Habbie commented Apr 26, 2013

Author: peter
As replied on-list:

I've tried to reproduce your issue using the current SVN version of PowerDNS, and while I've run into a few minor glitches, I see nothing that looks like your problem. The weirdest thing about your report is the 'algo=8' (which is also the '8' in the DNSKEY response) - algorithm 8 is RSA/SHA256; ecdsa256 is algorithm 13. Are you sure you're looking at this right?

Habbie commented Apr 26, 2013

Author: peter
Your reply, copied from on-list:

Yes, that is exactly the bug. Even though it shows as 13 in psql, it is
output as 8 from the pdnssec cli and from actual lookups.

Habbie commented Apr 26, 2013

Author: peter
To clarify, I cannot reproduce with current SVN.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment