NAME

ldns_pkt_tsig_verify, ldns_pkt_tsig_sign - tsig signing and verification

SYNOPSIS

#include <stdint.h>
#include <stdbool.h>

#include <ldns/ldns.h>

bool ldns_pkt_tsig_verify(ldns_pkt *pkt, const uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, const ldns_rdf *mac);

ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, const ldns_rdf *query_mac);

DESCRIPTION

ldns_pkt_tsig_verify() verifies the tsig rr for the given packet and key. The wire must be given too because tsig does not sign normalized packets.
pkt: the packet to verify
wire: needed to verify the mac
wire_size: size of wire
key_name: the name of the shared key
key_data: the key in base 64 format
mac: original mac
Returns true if tsig is correct, false if not, or if tsig is not set

ldns_pkt_tsig_sign() creates a tsig rr for the given packet and key.
pkt: the packet to sign
key_name: the name of the shared key
key_data: the key in base 64 format
fudge: seconds of error permitted in time signed
algorithm_name: the name of the algorithm used
query_mac: is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
Returns status (OK if success)

AUTHOR

The ldns team at NLnet Labs.

REPORTING BUGS

Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at http://www.nlnetlabs.nl/bugs/index.html

COPYRIGHT

Copyright (c) 2004 - 2006 NLnet Labs.

Licensed under the BSD License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SEE ALSO

ldns_key. And perldoc Net::DNS, RFC1034, RFC1035, RFC4033, RFC4034 and RFC4035.

REMARKS

This manpage was automatically generated from the ldns source code.