**Connected: An Internet Encyclopedia**

*3.5 The KEY Algorithm Number and the MD5/RSA Algorithm*

**Up:**
Connected: An Internet Encyclopedia

**Up:**
Requests For Comments

**Up:**
RFC 2065

**Up:**
3. The KEY Resource Record

**Prev:** 3.4 The Protocol Octet

**Next:** 3.6 Interaction of Flags, Algorithm, and Protocol Bytes

### 3.5 The KEY Algorithm Number and the MD5/RSA Algorithm

3.5 The KEY Algorithm Number and the MD5/RSA Algorithm
This octet is the key algorithm parallel to the same field for the
SIG resource. The MD5/RSA algorithm described in this document is
number 1. Numbers 2 through 252 are available for assignment should
sufficient reason arise. However, the designation of a new algorithm
could have a major impact on interoperability and requires an IETF
standards action. Number 254 is reserved for private use and will
never be assigned a specific algorithm. For number 254, the public
key area shown in the packet diagram above will actually begin with a
length byte followed by an Object Identifier (OID) of that length.
The OID indicates the private algorithm in use and the remainder of
the area is whatever is required by that algorithm. Number 253 is
reserved as the "expiration date algorithm" for use where the
expiration date or other labeling fields of SIGs are desired without
any actual security. It is anticipated that this algorithm will only
be used in connection with some modes of DNS dynamic update. For
number 253, the public key area is null. Values 0 and 255 are
reserved.

If the type field does not have the "no key" value and the algorithm
field is 1, indicating the MD5/RSA algorithm, the public key field is
structured as follows:

1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| pub exp length| public key exponent /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| /
+- modulus /
| /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/

To promote interoperability, the exponent and modulus are each
limited to 2552 bits in length. The public key exponent is a
variable length unsigned integer. Its length in octets is
represented as one octet if it is in the range of 1 to 255 and by a
zero octet followed by a two octet unsigned length if it is longer
than 255 bytes. The public key modulus field is a multiprecision
unsigned integer. The length of the modulus can be determined from
the RDLENGTH and the preceding RDATA fields including the exponent.
Leading zero bytes are prohibited in the exponent and modulus.

**Next:** 3.6 Interaction of Flags, Algorithm, and Protocol Bytes

**Connected: An Internet Encyclopedia**

*3.5 The KEY Algorithm Number and the MD5/RSA Algorithm*