为 DNSKEY 资源记录创建有效的 RSA/SHA256 密钥
Creating valid RSA/SHA256 Key for DNSKEY Resource Record
我正在 python 上编写 DNS 服务器,目前卡在 DNSSEC 的 DNSKEY 资源记录中。根据 RFC5702 RSA/SHA256 关键组件是:
Given a private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGm
idzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q==
PublicExponent: AQAB
PrivateExponent: UR44xX6zB3eaeyvTRzmskHADrPCmPWnr8dxsNwiDGHzrMKLN+i/
HAam+97HxIKVWNDH2ba9Mf1SA8xu9dcHZAQ==
Prime1: 4c8IvFu1AVXGWeFLLFh5vs7fbdzdC6U82fduE6KkSWk=
Prime2: 2zZpBE8ZXVnL74QjG4zINlDfH+EOEtjJJ3RtaYDugvE=
Exponent1: G2xAPFfK0KGxGANDVNxd1K1c9wOmmJ51mGbzKFFNMFk=
Exponent2: GYxP1Pa7CAwtHm8SAGX594qZVofOMhgd6YFCNyeVpKE=
Coefficient: icQdNRjlZGPmuJm2TIadubcO8X7V4y07aVhX464tx8Q=
The DNSKEY record for this key would be:
example.net. 3600 IN DNSKEY (256 3 8 AwEAAcFcGsaxxdgiuuGmCkVI
my4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8P
kxUdp6p/DlUmObdk= );{id = 9033 (zsk), size = 512b}
使用这个示例,我试图通过解码 base64 示例值来获取原始键值:
newkey_n = int.from_bytes(base64.b64decode('wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGmidzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q=='), byteorder='big')
newkey_e = int.from_bytes(base64.b64decode('AQAB'), byteorder='big')
newkey_d = int.from_bytes(base64.b64decode('UR44xX6zB3eaeyvTRzmskHADrPCmPWnr8dxsNwiDGHzrMKLN+i/HAam+97HxIKVWNDH2ba9Mf1SA8xu9dcHZAQ=='), byteorder='big')
newkey_p = int.from_bytes(base64.b64decode('4c8IvFu1AVXGWeFLLFh5vs7fbdzdC6U82fduE6KkSWk='), byteorder='big')
newkey_q = int.from_bytes(base64.b64decode('2zZpBE8ZXVnL74QjG4zINlDfH+EOEtjJJ3RtaYDugvE='), byteorder='big')
newkey_u = int.from_bytes(base64.b64decode('icQdNRjlZGPmuJm2TIadubcO8X7V4y07aVhX464tx8Q='), byteorder='big')
newkey_exp1 = int.from_bytes(base64.b64decode('G2xAPFfK0KGxGANDVNxd1K1c9wOmmJ51mGbzKFFNMFk='), byteorder='big')
newkey_exp2 = int.from_bytes(base64.b64decode('GYxP1Pa7CAwtHm8SAGX594qZVofOMhgd6YFCNyeVpKE='), byteorder='big')
在此之后,我获得了构建 RSA 密钥所需的所有值:
from Crypto.PublicKey import RSA
key = RSA.construct((newkey_n, newkey_e, newkey_d, newkey_p, newkey_q, newkey_u))
但是收到一个错误:
ValueError: RSA factors do not match modulus
我做错了什么?似乎 RSA/SHA 密钥生成几乎没有记录,或者我找不到完整的文档。
很高兴得到任何帮助。
从前 3 个参数构造 RSA:
key = RSA.construct((newkey_n, newkey_e, newkey_d))
我自己找到了答案。 post 如果有人遇到这个问题
DNSKEY Public 关键域组成:Public指数长度+Public指数+模数。所以:
import base64
from bitstring import BitArray
import math
modulus = int.from_bytes(base64.b64decode('wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGmidzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q=='), byteorder='big')
pe = int.from_bytes(base64.b64decode('AQAB'), byteorder='big')
len_pe = format(math.ceil(len(format(pe, 'b')) / 8), 'b').zfill(8)
pe = format(pe, 'b').zfill(8 * math.ceil(len(format(pe, 'b')) / 8))
modulus = format(modulus, 'b').zfill(8 * math.ceil(len(format(modulus, 'b')) / 8))
base64.b64encode(BitArray(bin=len_pe + pe + modulus).bytes)
print(base64.b64encode(BitArray(bin=len_pe + pe + modulus).bytes))
>> b'AwEAAcFcGsaxxdgiuuGmCkVImy4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8PkxUdp6p/DlUmObdk='
结果与示例显示的相符
我正在 python 上编写 DNS 服务器,目前卡在 DNSSEC 的 DNSKEY 资源记录中。根据 RFC5702 RSA/SHA256 关键组件是:
Given a private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGm
idzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q==
PublicExponent: AQAB
PrivateExponent: UR44xX6zB3eaeyvTRzmskHADrPCmPWnr8dxsNwiDGHzrMKLN+i/
HAam+97HxIKVWNDH2ba9Mf1SA8xu9dcHZAQ==
Prime1: 4c8IvFu1AVXGWeFLLFh5vs7fbdzdC6U82fduE6KkSWk=
Prime2: 2zZpBE8ZXVnL74QjG4zINlDfH+EOEtjJJ3RtaYDugvE=
Exponent1: G2xAPFfK0KGxGANDVNxd1K1c9wOmmJ51mGbzKFFNMFk=
Exponent2: GYxP1Pa7CAwtHm8SAGX594qZVofOMhgd6YFCNyeVpKE=
Coefficient: icQdNRjlZGPmuJm2TIadubcO8X7V4y07aVhX464tx8Q=
The DNSKEY record for this key would be:
example.net. 3600 IN DNSKEY (256 3 8 AwEAAcFcGsaxxdgiuuGmCkVI
my4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8P
kxUdp6p/DlUmObdk= );{id = 9033 (zsk), size = 512b}
使用这个示例,我试图通过解码 base64 示例值来获取原始键值:
newkey_n = int.from_bytes(base64.b64decode('wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGmidzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q=='), byteorder='big')
newkey_e = int.from_bytes(base64.b64decode('AQAB'), byteorder='big')
newkey_d = int.from_bytes(base64.b64decode('UR44xX6zB3eaeyvTRzmskHADrPCmPWnr8dxsNwiDGHzrMKLN+i/HAam+97HxIKVWNDH2ba9Mf1SA8xu9dcHZAQ=='), byteorder='big')
newkey_p = int.from_bytes(base64.b64decode('4c8IvFu1AVXGWeFLLFh5vs7fbdzdC6U82fduE6KkSWk='), byteorder='big')
newkey_q = int.from_bytes(base64.b64decode('2zZpBE8ZXVnL74QjG4zINlDfH+EOEtjJJ3RtaYDugvE='), byteorder='big')
newkey_u = int.from_bytes(base64.b64decode('icQdNRjlZGPmuJm2TIadubcO8X7V4y07aVhX464tx8Q='), byteorder='big')
newkey_exp1 = int.from_bytes(base64.b64decode('G2xAPFfK0KGxGANDVNxd1K1c9wOmmJ51mGbzKFFNMFk='), byteorder='big')
newkey_exp2 = int.from_bytes(base64.b64decode('GYxP1Pa7CAwtHm8SAGX594qZVofOMhgd6YFCNyeVpKE='), byteorder='big')
在此之后,我获得了构建 RSA 密钥所需的所有值:
from Crypto.PublicKey import RSA
key = RSA.construct((newkey_n, newkey_e, newkey_d, newkey_p, newkey_q, newkey_u))
但是收到一个错误:
ValueError: RSA factors do not match modulus
我做错了什么?似乎 RSA/SHA 密钥生成几乎没有记录,或者我找不到完整的文档。 很高兴得到任何帮助。
从前 3 个参数构造 RSA:
key = RSA.construct((newkey_n, newkey_e, newkey_d))
我自己找到了答案。 post 如果有人遇到这个问题
DNSKEY Public 关键域组成:Public指数长度+Public指数+模数。所以:
import base64
from bitstring import BitArray
import math
modulus = int.from_bytes(base64.b64decode('wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGmidzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q=='), byteorder='big')
pe = int.from_bytes(base64.b64decode('AQAB'), byteorder='big')
len_pe = format(math.ceil(len(format(pe, 'b')) / 8), 'b').zfill(8)
pe = format(pe, 'b').zfill(8 * math.ceil(len(format(pe, 'b')) / 8))
modulus = format(modulus, 'b').zfill(8 * math.ceil(len(format(modulus, 'b')) / 8))
base64.b64encode(BitArray(bin=len_pe + pe + modulus).bytes)
print(base64.b64encode(BitArray(bin=len_pe + pe + modulus).bytes))
>> b'AwEAAcFcGsaxxdgiuuGmCkVImy4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8PkxUdp6p/DlUmObdk='
结果与示例显示的相符