keymgr, TSIG key generation

Implement 'keymgr tsig generate'.

Added 2 commits:

• c8d99b85 - doc: remove reference to dnssec-keygen
• c26b4224 - doc: not Bind but BIND

What about stripping MD5 and keeping SHA1 with WARNING? You either have something that only supports MD5, but then you also have a tool that could generate that on their side, or you don't and in that case we should not allow MD5. MD5 is broken, really.

One more nit, we accept this:

key:
  - id: slave1_key
    algorithm: hmac-md5
    secret: Wg==

but the tool prints:

hmac-sha256:example.com:FOf+vRv98x99NYNfT4f/DLE8qVxtiPtIg5PbRLiQ++M=

My head doesn't wrap around that, I think you should:

1. make the keymgr tsig print the new keys in our conffile format, so you can directly import that into the configuration
2. (optional) have a default include dir (/etc/knot.d/knot.conf.d/) and directly generate files with new keys there.

MD5 and SHA1 are just not collision resistant. There is no known attack on HMAC-MD5 and the security proof for HMAC doesn't require the hash function to be collision resistant.

• https://tools.ietf.org/html/rfc6151
• http://cseweb.ucsd.edu/~mihir/papers/hmac-new.html

As for the output key format - this format is the only accepted format in our configuration file and by our utilities.

Oh - not by the config. Surprise.

I know about MD5 and SHA1, but I still consider it to be a bad practice to use it :).

I think that most people would like to do something like:

keymgr tsig generate example.com >> /etc/knot/knot.conf

or

keymgr tsig generate example.com > /etc/knot/tsig/example.com

and have include /etc/knot/tsig in knot.conf.

Printing raw string is not very cut&paste friendly.

And even the mentioned RFC says:

   however, since MD5 must not be used for
   digital signatures, new protocol designs should not employ HMAC-MD5.
   Alternatives to HMAC-MD5 include HMAC-SHA256 [HMAC] [HMAC-SHA256] and
   [AES-CMAC] when AES is more readily available than a hash function.

It's a bad practice to use it in new protocols. DNS is old. And HMAC-MD5 is still safe.

We can output something like this:

# hmac-sha256:example.com:FOf+vRv98x99NYNfT4f/DLE8qVxtiPtIg5PbRLiQ++M=

key:
 - id: example.com
   algorithm: hmac-sha256
   secret: FOf+vRv98x99NYNfT4f/DLE8qVxtiPtIg5PbRLiQ++M=

Then you could copy the line accepted on command line from the comment on the first line, which will be ignored by the config parser. But @dsalzman would have to teach utilities how to parse this key file format.

If you won't budge, then you won't budge :). MD5 should still die.

The new suggested output is fine by me.

Added 2 commits:

• b11a3348 - keymgr: tsig generate generic algorithm specification
• 869ca672 - keymgr, update documentation on tsig generate algorithm

Added 1 commit:

• 5e7f438b - keymgr, print both client and server TSIG key format

Added 1 commit:

• 17ce2685 - man: knotc, keymgr: reflect new format of generated TSIG key

mentioned in commit 5719692d

Status changed to merged