Commit 567a4e33 authored by Valentin Samir's avatar Valentin Samir

Add KSK and ZSK size to config.ini

parent 6b4b1542
......@@ -31,6 +31,17 @@ ksk_validity=366
# Valid algorithms are RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256, ECDSAP384SHA384.
algorithm=RSASHA256
# Size of the created KSK. Only the first created KSK of a zone will use this size.
# Any renewed key will use the exact same parameters (name, algorithm, size, and type)
# as the renewed key.
ksk_size=2024
# Size of the created ZSK. Only the first created ZSK of a zone will use this size.
# Any renewed key will use the exact same parameters (name, algorithm, size, and type)
# as the renewed key.
ksk_size=1024
[path]
# path to the dnssec-settime binary
......
......@@ -416,9 +416,9 @@ class Key(object):
path = os.path.join(BASE, name)
cmd = [DNSSEC_KEYGEN, "-a", ALGORITHM]
if typ == "KSK":
cmd.extend(["-b", "2048", "-f", "KSK"])
cmd.extend(["-b", KSK_SIZE, "-f", "KSK"])
elif typ == "ZSK":
cmd.extend(["-b", "1024"])
cmd.extend(["-b", ZSK_SIZE])
else:
raise ValueError("typ must be KSK or ZSK")
cmd.extend(options)
......@@ -701,6 +701,12 @@ if __name__ == '__main__':
"Supported algorithms are %s" % (ALGORITHM, ", ".join(SUPPORTED_ALGORITHMS))
)
if config_parser.has_option("dnssec", "zsk_size"):
ZSK_SIZE = config_parser.get("dnssec", "zsk_size")
if config_parser.has_option("dnssec", "ksk_size"):
KSK_SIZE = config_parser.get("dnssec", "ksk_size")
if config_parser.has_section("path"):
if config_parser.has_option("path", "dnssec_settime"):
DNSSEC_SETTIME = config_parser.get("path", "dnssec_settime")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment