Connected: An Internet Encyclopedia
3.5 The KEY Algorithm Number and the MD5/RSA Algorithm

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Up: 3. The KEY Resource Record
Prev: 3.4 The Protocol Octet
Next: 3.6 Interaction of Flags, Algorithm, and Protocol Bytes

3.5 The KEY Algorithm Number and the MD5/RSA Algorithm

3.5 The KEY Algorithm Number and the MD5/RSA Algorithm

This octet is the key algorithm parallel to the same field for the SIG resource. The MD5/RSA algorithm described in this document is number 1. Numbers 2 through 252 are available for assignment should sufficient reason arise. However, the designation of a new algorithm could have a major impact on interoperability and requires an IETF standards action. Number 254 is reserved for private use and will never be assigned a specific algorithm. For number 254, the public key area shown in the packet diagram above will actually begin with a length byte followed by an Object Identifier (OID) of that length. The OID indicates the private algorithm in use and the remainder of the area is whatever is required by that algorithm. Number 253 is reserved as the "expiration date algorithm" for use where the expiration date or other labeling fields of SIGs are desired without any actual security. It is anticipated that this algorithm will only be used in connection with some modes of DNS dynamic update. For number 253, the public key area is null. Values 0 and 255 are reserved.

If the type field does not have the "no key" value and the algorithm field is 1, indicating the MD5/RSA algorithm, the public key field is structured as follows:

                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | pub exp length|        public key exponent                    /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               /
   +-                           modulus                            /
   |                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/

To promote interoperability, the exponent and modulus are each limited to 2552 bits in length. The public key exponent is a variable length unsigned integer. Its length in octets is represented as one octet if it is in the range of 1 to 255 and by a zero octet followed by a two octet unsigned length if it is longer than 255 bytes. The public key modulus field is a multiprecision unsigned integer. The length of the modulus can be determined from the RDLENGTH and the preceding RDATA fields including the exponent. Leading zero bytes are prohibited in the exponent and modulus.


Next: 3.6 Interaction of Flags, Algorithm, and Protocol Bytes

Connected: An Internet Encyclopedia
3.5 The KEY Algorithm Number and the MD5/RSA Algorithm