.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.if !\nF .nr F 0
.if \nF>0 \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    if !\nF==2 \{\
.        nr % 0
.        nr F 2
.    \}
.\}
.\" ========================================================================
.\"
.IX Title "Net::DNS::SEC::Private 3pm"
.TH Net::DNS::SEC::Private 3pm "2016-10-20" "perl v5.24.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
Net::DNS::SEC::Private \- DNSSEC Private key object
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\&    use Net::DNS::SEC::Private;
\&
\&    $private = new Net::DNS::SEC::Private( $keypath );
\&
\&    $private = new Net::DNS::SEC::Private(
\&        \*(Aqalgorithm\*(Aq  => \*(Aq13\*(Aq,
\&        \*(Aqkeytag\*(Aq     => \*(Aq26512\*(Aq,
\&        \*(Aqprivatekey\*(Aq => \*(Aqh/mc+iq9VDUbNAjQgi8S8JzlEX29IALchwJmNM3QYKk=\*(Aq,
\&        \*(Aqsigname\*(Aq    => \*(Aqexample.com.\*(Aq
\&        );
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Class representing private keys as read from a keyfile generated by \s-1BIND\s0
dnssec-keygen. The class is written to be used only in the context of the
Net::DNS::RR::RRSIG create method. This class is not designed to interact
with any other system.
.SH "METHODS"
.IX Header "METHODS"
.SS "new (from private keyfile)"
.IX Subsection "new (from private keyfile)"
.Vb 2
\&    $keypath = \*(Aq/home/foo/Kexample.com.+013+26512.private\*(Aq;
\&    $private = new Net::DNS::SEC::Private( $keypath );
.Ve
.PP
The argument is the full path to a private key file generated by the
\&\s-1BIND\s0 dnssec-keygen tool.  Note that the filename contains information
about the algorithm and keytag.
.SS "new (from private key parameters)"
.IX Subsection "new (from private key parameters)"
.Vb 6
\&    $private = new Net::DNS::SEC::Private(
\&        \*(Aqalgorithm\*(Aq  => \*(Aq13\*(Aq,
\&        \*(Aqkeytag\*(Aq     => \*(Aq26512\*(Aq,
\&        \*(Aqprivatekey\*(Aq => \*(Aqh/mc+iq9VDUbNAjQgi8S8JzlEX29IALchwJmNM3QYKk=\*(Aq,
\&        \*(Aqsigname\*(Aq    => \*(Aqexample.com.\*(Aq
\&        );
.Ve
.PP
The arguments define the private key parameters as (name,value) pairs.
The name and data representation are identical to that used in a \s-1BIND\s0
private keyfile.
.SS "private_key_format"
.IX Subsection "private_key_format"
.Vb 1
\&    $format = $private\->private_key_format;
.Ve
.PP
Returns a string which identifies the format of the private key file.
.SS "algorithm, keytag, signame"
.IX Subsection "algorithm, keytag, signame"
.Vb 3
\&    $algorithm = $private\->algorithm;
\&    $keytag    = $private\->keytag;
\&    $signame   = $private\->signame;
.Ve
.PP
Returns the corresponding attribute determined from the filename.
.SS "Private key attributes"
.IX Subsection "Private key attributes"
.Vb 1
\&    $attribute = $private\->attribute;
.Ve
.PP
Returns the value as it appears in the private key file.
The attribute names correspond to the tag in the key file, modified
to form an acceptable Perl subroutine name.
.SS "created, publish, activate"
.IX Subsection "created, publish, activate"
.Vb 3
\&    $created  = $private\->created;
\&    $publish  = $private\->publish;
\&    $activate = $private\->activate;
.Ve
.PP
Returns a string which represents a date in the form 20141212123456.
Returns undefined value for key formats older than v1.3.
.SH "RSA SPECIFIC HELPER FUNCTIONS"
.IX Header "RSA SPECIFIC HELPER FUNCTIONS"
These functions may be useful to generate \s-1RSA\s0 private keys and
import \s-1PEM\s0 format \s-1RSA\s0 private keys.
.SS "new_rsa_priv"
.IX Subsection "new_rsa_priv"
.Vb 5
\&    $private = Net::DNS::SEC::Private\->new_rsa_priv( $keyblob,
\&                                                     $domain,
\&                                                     $flag,
\&                                                     $algorithm
\&                                                );
.Ve
.PP
Constructor method which creates a Net::DNS::SEC::Private object from
the supplied \s-1PEM\s0 keyblob.
.PP
The second argument specifies the domain name for which this key will
be used.
.PP
The flag argument should be either 257 or 256 for \s-1SEP\s0 and non-SEP key
respectively.
.PP
The keyblob should include the \-\-\-\-\-BEGIN...\-\-\-\-\- and \-\-\-\-\-END...\-\-\-\-\- lines.
The padding is set to \s-1PKCS1_OAEP.\s0
.SS "dump_rsa_priv"
.IX Subsection "dump_rsa_priv"
.Vb 1
\&    $BIND_private_key = $private\->dump_rsa_priv();
.Ve
.PP
Returns the content of a \s-1BIND\s0 private keyfile (Private-key-format: v1.2).
.SS "dump_rsa_pub"
.IX Subsection "dump_rsa_pub"
.Vb 1
\&    $public_key = $private\->dump_rsa_pub();
.Ve
.PP
Returns the public key field of the \s-1DNSKEY\s0 resource record.
.SS "dump_rsa_keytag"
.IX Subsection "dump_rsa_keytag"
.Vb 1
\&    $keytag = $private\->dump_rsa_keytag();
.Ve
.PP
Returns the keytag field of the \s-1DNSKEY\s0 resource record.
.SS "dump_rsa_private_pem"
.IX Subsection "dump_rsa_private_pem"
.Vb 1
\&    $keyblob = $private\->dump_rsa_private_pem();
.Ve
.PP
Return the PEM-encoded representation of the private key.
(Same format that can be read with the new_rsa_priv method.)
.SS "generate_rsa"
.IX Subsection "generate_rsa"
.Vb 4
\&    $newkey = Net::DNS::SEC::Private\->generate_rsa( "example.com",
\&                                        256, 1024, $random, $algorithm );
\&    print $newkey\->dump_rsa_priv();
\&    print $newkey\->dump_rsa_pub();
.Ve
.PP
Uses Crypt::OpenSSL::RSA generate_key to create a keypair.
.PP
The first argument is the name of the key.
.PP
The flag field takes the value of 257 for key-signing keys and ther
value of 256 for zone signing keys.
.PP
The 3rd argument is the keysize (default 1024).
.PP
The 4th argument, if defined, is passed to the Crypt::OpenSSL::Random
random_seed method (see Crypt::OpenSSL::RSA for details), not needed
with a proper /dev/random.
.PP
The 5th argument specifies the algorithm if not \s-1RSASHA1 \s0(the default).
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (c)2014 Dick Franks
.PP
All Rights Reserved
.SH "LICENSE"
.IX Header "LICENSE"
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted, provided
that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting
documentation, and that the name of the author not be used in advertising
or publicity pertaining to distribution of the software without specific
prior written permission.
.PP
\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
perl, Net::DNS, Net::DNS::SEC,
Net::DNS::RR::DNSKEY, Net::DNS::RR::KEY,
Net::DNS::RR::RRSIG, Net::DNS::RR::SIG