Use key tag ranges when generating multisigner keys

diff --git a/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in b/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in
index 7b775f14b802f9aa574bba7dbe00ec9b20172821..93ca7293cbaab99e14b3620ac6ee1b76a9319c10 100644 (file)
--- a/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in
+++ b/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in
@@ -37,8 +37,8 @@ dnssec-policy "multisigner-model2" {
        inline-signing no;
 
        keys {
-               ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
-               zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+               ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@ tag-range 32768 65535;
+               zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@ tag-range 32768 65535;
        };
 };
 

diff --git a/bin/tests/system/kasp/ns3/setup.sh b/bin/tests/system/kasp/ns3/setup.sh
index 69150ada52da6367423309d28710c8bfbbb760ea..ccf05206f6c80aded8afa6bb3fec6d09068a89e8 100644 (file)
--- a/bin/tests/system/kasp/ns3/setup.sh
+++ b/bin/tests/system/kasp/ns3/setup.sh
@@ -130,8 +130,8 @@ $KEYGEN -G -k rsasha256 -l policies/kasp.conf $zone >keygen.out.$zone.2 2>&1
 zone="multisigner-model2.kasp"
 echo_i "setting up zone: $zone"
 # Import the ZSK sets of the other providers into their DNSKEY RRset.
-ZSK1=$($KEYGEN -K ../ -a $DEFAULT_ALGORITHM -L 3600 $zone 2>keygen.out.$zone.1)
-ZSK2=$($KEYGEN -K ../ -a $DEFAULT_ALGORITHM -L 3600 $zone 2>keygen.out.$zone.2)
+ZSK1=$($KEYGEN -K ../ -a $DEFAULT_ALGORITHM -L 3600 -M 0:32767 $zone 2>keygen.out.$zone.1)
+ZSK2=$($KEYGEN -K ../ -a $DEFAULT_ALGORITHM -L 3600 -M 0:32767 $zone 2>keygen.out.$zone.2)
 # ZSK1 will be added to the unsigned zonefile.
 cat "../${ZSK1}.key" | grep -v ";.*" >>"${zone}.db"
 cat "../${ZSK1}.key" | grep -v ";.*" >"${zone}.zsk1"