Skip to content
Snippets Groups Projects

keymgr, TSIG key generation

Merged Jan Včelák requested to merge keymgr-tsig-generate into master

Implement 'keymgr tsig generate'.

Merge request reports

Approval is optional

Merged by avatar (Apr 18, 2025 6:24am UTC)

Merge details

  • Changes merged into master with 17ce2685.
  • Deleted the source branch.

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • What about stripping MD5 and keeping SHA1 with WARNING? You either have something that only supports MD5, but then you also have a tool that could generate that on their side, or you don't and in that case we should not allow MD5. MD5 is broken, really.

  • One more nit, we accept this:

    key:
      - id: slave1_key
        algorithm: hmac-md5
        secret: Wg==

    but the tool prints:

    hmac-sha256:example.com:FOf+vRv98x99NYNfT4f/DLE8qVxtiPtIg5PbRLiQ++M=

    My head doesn't wrap around that, I think you should:

    1. make the keymgr tsig print the new keys in our conffile format, so you can directly import that into the configuration
    2. (optional) have a default include dir (/etc/knot.d/knot.conf.d/) and directly generate files with new keys there.
  • Author Contributor

    MD5 and SHA1 are just not collision resistant. There is no known attack on HMAC-MD5 and the security proof for HMAC doesn't require the hash function to be collision resistant.

  • Author Contributor

    As for the output key format - this format is the only accepted format in our configuration file and by our utilities.

  • Author Contributor

    Oh - not by the config. Surprise.

  • I know about MD5 and SHA1, but I still consider it to be a bad practice to use it :).

    I think that most people would like to do something like:

    keymgr tsig generate example.com >> /etc/knot/knot.conf

    or

    keymgr tsig generate example.com > /etc/knot/tsig/example.com

    and have include /etc/knot/tsig in knot.conf.

    Printing raw string is not very cut&paste friendly.

  • And even the mentioned RFC says:

       however, since MD5 must not be used for
       digital signatures, new protocol designs should not employ HMAC-MD5.
       Alternatives to HMAC-MD5 include HMAC-SHA256 [HMAC] [HMAC-SHA256] and
       [AES-CMAC] when AES is more readily available than a hash function.
  • Author Contributor

    It's a bad practice to use it in new protocols. DNS is old. And HMAC-MD5 is still safe.

    We can output something like this:

    # hmac-sha256:example.com:FOf+vRv98x99NYNfT4f/DLE8qVxtiPtIg5PbRLiQ++M=
    
    key:
     - id: example.com
       algorithm: hmac-sha256
       secret: FOf+vRv98x99NYNfT4f/DLE8qVxtiPtIg5PbRLiQ++M=

    Then you could copy the line accepted on command line from the comment on the first line, which will be ignored by the config parser. But @dsalzman would have to teach utilities how to parse this key file format.

  • If you won't budge, then you won't budge :). MD5 should still die.

    The new suggested output is fine by me.

  • Jan Včelák Added 2 commits:

    Added 2 commits:

    • b11a3348 - keymgr: tsig generate generic algorithm specification
    • 869ca672 - keymgr, update documentation on tsig generate algorithm
  • Jan Včelák Added 1 commit:

    Added 1 commit:

    • 5e7f438b - keymgr, print both client and server TSIG key format
  • Jan Včelák Added 1 commit:

    Added 1 commit:

    • 17ce2685 - man: knotc, keymgr: reflect new format of generated TSIG key
  • Daniel Salzman mentioned in commit 5719692d

    mentioned in commit 5719692d

  • Daniel Salzman Status changed to merged

    Status changed to merged

  • Please register or sign in to reply
    Loading