*FILE* can be a file with a list, one per line, of domain names to use for this.
If *FILE* is not specified, powerdns.com is used.
+OTHER TOOLS
+-----------
+ipencrypt *IP-ADDRESS* passsword
+ Encrypt an IP address according to the 'ipcipher' standard
+
+ipdecrypt *IP-ADDRESS* passsword
+ Encrypt an IP address according to the 'ipcipher' standard
+
See also
--------
#include "ipcrypt.hh"
#include "ext/ipcrypt/ipcrypt.h"
#include <openssl/aes.h>
+#include <openssl/evp.h>
+
+/*
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+ const unsigned char *salt, int saltlen, int iter,
+ int keylen, unsigned char *out);
+*/
+std::string makeIPCryptKey(const std::string& password)
+{
+ static const char* salt="ipcryptipcrypt";
+ unsigned char out[16];
+ PKCS5_PBKDF2_HMAC_SHA1(password.c_str(), password.size(), (const unsigned char*)salt, sizeof(salt), 50000, sizeof(out), out);
+
+ return std::string((const char*)out, (const char*)out + sizeof(out));
+}
static ComboAddress encryptCA4(const ComboAddress& ca, const std::string &key)
{
#include "zoneparser-tng.hh"
#include "signingpipe.hh"
#include "dns_random.hh"
+#include "ipcrypt.hh"
#include <fstream>
#include <termios.h> //termios, TCSANOW, ECHO, ICANON
#include "opensslsigners.hh"
return EXIT_SUCCESS;
}
+static int xcryptIP(const std::string& cmd, const std::string& ip, const std::string& key)
+{
+ string rkey = makeIPCryptKey(key);
+ ComboAddress ca(ip), ret;
+
+ if(cmd=="ipencrypt")
+ ret = encryptCA(ca, rkey);
+ else
+ ret = decryptCA(ca, rkey);
+
+ cout<<ret.toString()<<endl;
+ return EXIT_SUCCESS;
+}
+
int loadZone(DNSName zone, const string& fname) {
UeberBackend B;
cout<<"import-tsig-key NAME ALGORITHM KEY Import TSIG key"<<endl;
cout<<"import-zone-key ZONE FILE Import from a file a private key, ZSK or KSK"<<endl;
cout<<" [active|inactive] [ksk|zsk] Defaults to KSK and active"<<endl;
+ cout<<"ipdecrypt IP key Encrypt an IP address using 'key' (string or base64)"<<endl;
+ cout<<"ipencrypt IP key Encrypt an IP address using 'key' (string or base64)"<<endl;
cout<<"load-zone ZONE FILE Load ZONE from FILE, possibly creating zone or atomically"<<endl;
cout<<" replacing contents"<<endl;
cout<<"list-algorithms [with-backend] List all DNSSEC algorithms supported, optionally also listing the crypto library used"<<endl;
return 1;
}
+ if(cmds[0] == "ipencrypt" || cmds[0]=="ipdecrypt") {
+ if(cmds.size() != 3) {
+ cerr<<"Syntax: pdnsutil [ipencrypt|ipdecrypt] IP password"<<endl;
+ return 0;
+ }
+ exit(xcryptIP(cmds[0], cmds[1], cmds[2]));
+ }
+
+
if(cmds[0] == "test-algorithms") {
if (testAlgorithms())
return 0;
projects / thirdparty / pdns.git / commitdiff
