Tagged: dnssec

I needed a way to get the KeyTag for a DNSKEY from only the public key

The SIDN EPP gives you the current keys from a domain but does not give you the keytag you need to remove the key.
This code seems to work on all my tested keys.

(Sorry the plugin/wordpress seems to remove all indentation)

function generate_keytag($flags, $prot, $algo, $key){
$rdata = base64_decode($key);
$sum=0;
$wire = pack("ncc", $flags, 3, $algo) . $rdata;
if($algo == 1) {
$keytag = 0xffff & unpack("n", substr($wire,-3,2)) ;
} else {
$sum=0;
for($i = 0; $i < strlen($wire); $i++) {
$a = unpack("C", substr($wire,$i,1));
$sum += ($i & 1) ? $a[1] : $a[1] << 8;
}
$keytag = 0xffff & ($sum + ($sum >> 16));
}
return $keytag;
}

Just call it like:

$key=generate_keytag('257','3', '7', "AwEAAb4blA1icFmw8q9s....");

Please make sure there are no spaces and other formating codes in the key (\n\r\t).

No guarantees,Ā it works for me ,maybe I can help someone else with this code..

Robin..