Internet Engineering Task Force J. Jansen
Internet-Draft SIDN
Intended status: Experimental M. Sivaraman
Expires: October 12, 2017 Internet Systems Consortium
April 10, 2017

Use of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC
draft-muks-dnsop-dnssec-sha3-01

Abstract

This document specifies the use of SHA-3 (Keccak) hash functions in DNSSEC. It also specifies the use of the RSASSA-PSS signature scheme for RSA keys.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on October 12, 2017.

Copyright Notice

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

The Domain Name System (DNS) is the global, hierarchical distributed database for Internet Naming. The DNS has been extended to use cryptographic keys and digital signatures for the verification of the authenticity and integrity of its data. [RFC4033], [RFC4034], and [RFC4035] describe these DNS Security Extensions, called DNSSEC.

[RFC4033] described how to store DNSKEY and RRSIG resource records, and specified a list of cryptographic algorithms to use. It was updated by [RFC5702] to add the SHA-2 family of hash algorithms using the RSASSA-PKCS1-v1_5 signature scheme [RFC3447].

PKCS #1 v2.1 [RFC3447] introduced RSASSA-PSS which is a much better signature scheme than RSASSA-PKCS1-v1_5. The main advantage of RSASSA-PSS over RSASSA-PKCS1-v1_5 is that analysis can relate its security to that of the RSA problem (Section 8.1 of [RFC8017]), whereas the connection of RSASSA-PKCS1-v1_5 to the RSA problem has not been proved. With RSASSA-PSS, an attacker also does not know in advance what the encoded message EM will be due to the use of random salt that makes fault analysis attacks more difficult to mount. Although no attacks are known against RSASSA-PKCS1-v1_5, in the interest of increased robustness, RSASSA-PSS is REQUIRED in new applications (Section 8 of [RFC8017]).

SHA-3 is a family of hash functions based on the cryptographic primitive family Keccak. [FIPS.202.2015] states: "The four SHA-3 hash functions in this Standard supplement the hash functions that are specified in [FIPS.180-4.2015]: SHA-1 and the SHA-2 family. Together, both Standards provide resilience against future advances in hash function analysis, because they rely on fundamentally different design principles." Now that SHA-1's security is known to be weakened and the SHA-2 hash algorithms are currently the last line of defence for use with RSA in DNSKEYs, and in DS records, it is sensible to introduce the SHA-3 hash function family to DNSSEC now to prepare for any eventuality. The SHA-3 hash function family uses a sponge construction algorithm that is different from the SHA-2 hash function family which uses a Merkle-Damgaerd construction, so the possibility that an attack on SHA-2 will affect SHA-3 or vice versa is unlikely.

This document extends the list of DNSKEY algorithms with the RSASSA-PSS signature scheme [RFC8017] using the SHA-2 and SHA-3 family of hash functions. It also adds DNSKEY algorithms for ECDSA using the SHA-3 family of hash functions.

[RFC3658] first described the use of DS resource records. It was updated by [RFC4509] and [RFC6605] to add SHA-256 and SHA-384 digest types respectively. This document extends that list with the SHA-3 algorithms SHA3-256 and SHA3-384.

Familiarity with DNSSEC, RSA, ECDSA, and the SHA-2 [FIPS.180-4.2015] and SHA-3 [FIPS.202.2015] hash function families is assumed in this document.

To refer to SHA2-256 and SHA2-512, this document will use the name SHA-2. Similarly, to refer to SHA3-256, SHA3-384, and SHA3-512, this document will use the name SHA-3. This is done to improve readability. When a part of text is specific for a particular SHA-2 or SHA-3 hash function, their specific names are used. The same goes for RSA/SHA3-256 and RSA/SHA3-512 which will be grouped using the name RSA/SHA-2, and RSA/SHA3-256, RSA/SHA3-384, and RSA/SHA3-512, which will be grouped using the name RSA/SHA-3.

The SHA2-224, SHA2-384, and SHA3-224 algorithms are not used in RSASSA-PSS DNSKEYs and RRSIGs. The SHA3-512 algorithm is not used in ECDSA with SHA-3. The SHA3-224 and SHA3-512 algorithms are not used as DS digest types.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

1.1. Implementations (Editor: to be removed before publication)

An experimental BIND implementation of this draft can be found in the "sha3" branch in the git repository at: https://github.com/muks/bind9

There is also an experimental implementation based on the ldns library, which can be found in the "sha3_and_pss" branch in the git repository at https://github.com/tjeb/ldns.

These can be used to check for interoperability by other DNSSEC implementations.

2. DNSKEY Resource Records

The format of the DNSKEY RR can be found in [RFC4034]. [RFC3110] and [RFC5702] describe the use of RSASSA-PKCS1-v1_5 signature scheme with SHA-1 and SHA-2 hash functions for DNSSEC signatures respectively. [RFC6605] describes the use of ECDSA with SHA-2 in DNSSEC.

2.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signing keys

RSA public keys for use with RSASSA-PSS signature scheme using SHA-2 and SHA-3 hash functions are stored in DNSKEY resource records (RRs) with the algorithm numbers as specified in Section 9.

The key size of RSA/SHA2-256 and RSA/SHA3-256 keys MUST NOT be less than 1024 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 256-bit value, the RSA modulus be at least 522 bits long.

The key size of RSA/SHA3-384 keys MUST NOT be less than 1024 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 384-bit value, the RSA modulus be at least 778 bits long.

The key size of RSA/SHA2-512 and RSA/SHA3-512 keys MUST NOT be less than 1280 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 512-bit value, the RSA modulus be at least 1034 bits long.

2.2. ECDSA/SHA-3 signing keys

P-256 and P-384 ECDSA public keys for use with SHA3-256 and SHA3-384 hash functions are stored in DNSKEY resource records (RRs) with the algorithm numbers as specified in Section 9.

The generation of P-256 and P-384 ECDSA keys follows the same method as for [RFC6605].

3. RRSIG Resource Records

3.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signatures

For signature calculation, this section uses the specifications of RSASSA-PSS in PKCS #1 v2.2 (Section 8.1 of [RFC8017]) incorporating EMSA-PSS encoding (Section 9.1 of [RFC8017]).

The values for the RRSIG RDATA fields that precede the signature data are specified in [RFC4034]. The value of the signature field in the RRSIG RDATA follows the RSASSA-PSS signature scheme and is calculated as described in Section 8.1.1 of [RFC8017]. The message M used in signature calculation is the argument to the sign() function as specified in Section 3.1.8.1 of [RFC4034].

Within EMSA-PSS-ENCODE, the hash function "Hash" used is one among SHA2-256, SHA2-512, SHA3-256, SHA3-384, and SHA3-512 for RSA/SHA2-256, RSA/SHA2-512, RSA/SHA3-256, RSA/SHA3-384, and RSA/SHA3-512 respectively.

The mask generation function is MGF1 (Section B.2.1. of [RFC8017]) and the hash function used within the mask generation function is also "Hash".

The length of salt in octets MUST be equal to the length of the output of the hash function "Hash" in octets. The value of salt SHOULD be random per signature computation. A random salt value enhances the security of the scheme by affording a "tighter" security proof. However, the randomness is not critical to security. See Section 8.1 of [RFC8017] for the tradeoffs in security due to a non-random salt.

These RSASSA-PSS signatures are stored in the DNS using RRSIG resource records (RRs) with algorithm number as specified in Section 9.

3.2. ECDSA/SHA-3 signatures

P-256 and P-384 ECDSA signatures using SHA3-256 and SHA3-384 hash functions are stored in the DNS using RRSIG resource records (RRs) with algorithm number as specified in Section 9.

The generation of P-256 and P-384 ECDSA/SHA-3 signatures follows the same method as for [RFC6605], except the collision-resistant hash function "H" (see Section 10.4 of [RFC6090]) for P-256 and P-384 ECDSA/SHA-3 signatures are SHA3-256 and SHA3-384 respectively.

4. DS Resource Records

The format of the DS RR can be found in [RFC4034]. [RFC3658], [RFC4509], and [RFC6605] describe the use of SHA-1, SHA-256, and SHA-384 for the DS digest type respectively.

4.1. SHA3-256 digest type DS Resource Records

The implementation of SHA3-256 in DS RRs follows the implementation of SHA-256 as specified in [RFC4509] except that the underlying algorithm is SHA3-256, the digest value is 32 bytes long, and the digest type code is specified in Section 9.

4.2. SHA3-384 digest type DS Resource Records

The implementation of SHA3-384 in DS RRs follows the implementation of SHA-256 as specified in [RFC4509] except that the underlying algorithm is SHA3-384, the digest value is 48 bytes long, and the digest type code is specified in Section 9.

5. Deployment Considerations

5.1. Key Sizes

Apart from the restrictions in Section 2, this document will not specify what size of keys to use. That is an operational issue and depends largely on the environment and intended use. A good starting point for more information would be [NIST800-57].

5.2. Signature Sizes

In this family of signing algorithms, the size of signatures is related to the size of the key and not to the hashing algorithm used in the signing process. Therefore, RRSIG resource records produced with RSA/SHA2-256, RSA/SHA2-512, RSA/SHA3-256, RSA/SHA3-384, or RSA/SHA3-512 will have the same size as those produced with RSA/SHA-1 and RSA/SHA-2 hash algorithms, if the keys have the same length.

5.3. DS Sigest Sizes

DS RDATA with digest type SHA3-256 has the same size as DS RDATA with digest type SHA-256 (32 bytes). DS RDATA with digest type SHA3-384 has the same size as DS RDATA with digest type SHA-384 (48 bytes). Corresponding to these existing digest types, it should be possible to understand the impact of the size of DS RDATA when using the new SHA-3 digest types.

6. Implementation Considerations

6.1. Support for SHA-3 Signatures

DNSSEC-aware implementations SHOULD be able to support RRSIG and DNSKEY resource records created with the RSA/SHA-2, RSA/SHA-3, and ECDSA/SHA-3 algorithms defined in this document.

6.2. Support for SHA-3 DS Digest Types

DNSSEC-aware implementations SHOULD be able to support DS resource records created with the SHA3-256 and SHA3-384 algorithms defined in this document.

6.3. Support for NSEC3 Denial of Existence

[RFC5155] defines new algorithm identifiers for existing signing algorithms, to indicate that zones signed with these algorithm identifiers can use NSEC3 as well as NSEC records to provide denial of existence. That mechanism was chosen to protect implementations predating [RFC5155] from encountering resource records about which they could not know. This document does not define such algorithm aliases.

A DNSSEC validator that implements RSA/SHA-2 and/or RSA/SHA-3 MUST be able to validate negative answers in the form of both NSEC and NSEC3 with hash algorithm 1, as defined in [RFC5155]. An authoritative server that does not implement NSEC3 MAY still serve zones that use RSA/SHA-2 or RSA/SHA-3 with NSEC denial of existence.

7. Examples

7.1. RSA/SHA2-256 (RSASSA-PSS) Key and Signature

Given a 1024-bit private key with the following values (in Base64):

Private-key-format: v1.2
Algorithm: 247 (RSASHA2-256)
Modulus: 0xP+0iFPdhzUUmeYeZZZvddMG1lkpbvbcjSH/mLf/XksiFHq/legqzLQd5QajI3Tc7bIcRuuHPtib2nKm7k4R1SduNxzUyv5z/T9MDOqlQrUOsBveuC5Wf1b+36PLjWJNqnzFkZ9wuQIDF0uDZwGnebWZDJavq306j/XTA/iZtc=
PublicExponent: AQAB
PrivateExponent: uVnMoR7JFTG5rGb1+IbzZQYC+d0kyXhN+lpwtQyEHqPiXA57KT8vgkYL04WFTrlX3ju6hcBFw4Nn6+fdF6Os6zXGgexNh2PqDG+BSSO8P+dH7hNiuV2qSONgkKrJco0aX0q0sAyo7RzRHkAtUUFum//2qMQ7wGZRaVk3FPsFmQE=
Prime1: 8BHCdC21Zfw8cs4IUKSDqg6JZh6GkdHIHyRpgtPQ7pSx99QtIbU9+VoTcJHw09TId7MOm3fZ4nrALYQHFow7gQ==
Prime2: 4RW9O6uh52sNxjpYVqheZj+6Z2LvkIPsbgJQYsqhNLr/vf5apact+WXz5pWMlHOguiXu8qiZa86B1dxmHAkuVw==
Exponent1: t1p5D86RSxE5Ad4GT8E2pj1wB0StNtXoaJCg3UD1xCJhQo0U4zfP25BGZKWyL7fGXFWvhGInUWi7Oogp+bilAQ==
Exponent2: u5c+q2iT+ydBx6AA19hjNJyQYnIWbz9D4TuUe4GdcTEYy+Qc8EqxClZqPBcPnvnvTrUmvJ6/nxXxJ6gUgfE06Q==
Coefficient: m9t6RWOcmP1MLC8YiaxLvsJ1MLe+JTiu+Tzx7plz7bVd9cw0SCbD/X+VXBiDheu2ZyaZ8tuprEX7FdjiTU1Hdg==
          

The DNSKEY record for this key would be:

example.org. IN DNSKEY 256 3 247 AwEAAdMT/tIhT3Yc1FJnmHmWWb3XTBtZZKW723I0h/5i3/15LIhR6v5X oKsy0HeUGoyN03O2yHEbrhz7Ym9pypu5OEdUnbjcc1Mr+c/0/TAzqpUK 1DrAb3rguVn9W/t+jy41iTap8xZGfcLkCAxdLg2cBp3m1mQyWr6t9Oo/ 10wP4mbX
          

With this key, sign the following zone consisting of 4 RRs:

example.org. 3600 IN SOA invalid. hostmaster.example.org. (42 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
          

Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:

example.org.            3600    IN SOA  invalid. hostmaster.example.org. (
                                        42         ; serial
                                        43200      ; refresh (12 hours)
                                        900        ; retry (15 minutes)
                                        1814400    ; expire (3 weeks)
                                        7200       ; minimum (2 hours)
                                        )
                        3600    RRSIG   SOA 247 2 3600 (
                                        20300101000000 20000101000000 30005 example.org.
                                        C9c2AuyA6rB3XL08i3PgDtMZC2+sNiY/B94+
                                        flfdxYz1OVmm7+byEVVxmAqw7nEn3MfUGpwj
                                        2E1Thin2pYZ4jF4ep2kz1kDxXWTFnKwwxgAl
                                        nFGeZihBJUUpfXpzIWVOGwkIJIWL+aB3mS3M
                                        Z1EJ2Iok1n37ZO9Uf6tLcZDYLck= )
                        3600    NS      invalid.
                        3600    RRSIG   NS 247 2 3600 (
                                        20300101000000 20000101000000 30005 example.org.
                                        y/qVMuKsW5dqkXBLQmTj+RJ1UCe8JUpLw7/x
                                        yjlwH8qtUxJ3YxkfeDbx7Lah4+mZtYebib2Q
                                        gSedJE/ZERTwsB7njLio/hoMTUIXD/BBGbd3
                                        LyNHj7v6ujZO6HJ2ai46+qtYAXo2PHDV7i4I
                                        AtOJQR1+Lz5Q/Bd6zJKuHiHft6E= )
                        3600    A       192.0.2.1
                        3600    RRSIG   A 247 2 3600 (
                                        20300101000000 20000101000000 30005 example.org.
                                        SjJvbsHI77EZFZnNFYGoFXhKPe8yJy7Jb4Td
                                        mHFabTlpaqjByYlgQUyvB165KrvUBfSm/qMS
                                        NqBJF7t8TmmsMkVpaL90GLYMvkKQexv4qI/X
                                        PKZ++nynOa9HObcjUfgR0x3jLc5K+sRfnYwW
                                        oJqjh+1z0Kb3hq3wawGVmRgZZwA= )
                        3600    AAAA    2:2001:db8::1
                        3600    RRSIG   AAAA 247 2 3600 (
                                        20300101000000 20000101000000 30005 example.org.
                                        Tkleo5JjLcMDz+JzfG1Pfan4YNVrsLn0z8jJ
                                        RME2LEionhZqLLAScmHy4yBg3RQQI/Ak+516
                                        nBLwr1F23Kh5dkO9ApefKryn1SZP6LndOcBu
                                        tdlq6MzNkqwgpXwFYwTsQtxG0SJPZxA7x5du
                                        0F4QoBe/bC9vK69gra0Zkc0IPos= )
                        7200    NSEC    example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
                        7200    RRSIG   NSEC 247 2 7200 (
                                        20300101000000 20000101000000 30005 example.org.
                                        CNggBNHd8AmjG3TGV34Mb6oMycx1OXLU645d
                                        aDvA/LGZ5qBF8Oz5W56rYzpbcUS11rZBBBAb
                                        nscR73oqF89BaHEMzQCpsVkoA8ao/xRAkMl1
                                        N49iKGB5vCR2XnVkhH5b9JVDSK2Td+cWzDN3
                                        O/0Fjg9cviMI/rEt1w29YFkYZxU= )
                        3600    DNSKEY  256 3 247 (
                                        AwEAAdMT/tIhT3Yc1FJnmHmWWb3XTBtZZKW7
                                        23I0h/5i3/15LIhR6v5XoKsy0HeUGoyN03O2
                                        yHEbrhz7Ym9pypu5OEdUnbjcc1Mr+c/0/TAz
                                        qpUK1DrAb3rguVn9W/t+jy41iTap8xZGfcLk
                                        CAxdLg2cBp3m1mQyWr6t9Oo/10wP4mbX
                                        ) ; ZSK; alg = RSASHA2-256 ; key id = 30005
                        3600    RRSIG   DNSKEY 247 2 3600 (
                                        20300101000000 20000101000000 30005 example.org.
                                        RHImUBMtz6LOEkEZLeeUKY30z1LgknkyawpZ
                                        GLRLiE84UkBAjF559Yk8O6Dm9qTPa7jpu0ja
                                        HAl1WGAHQU45w7t17/onSLJfE+6C9kS6F3N+
                                        qhWu+WWMz6/fvbaoe5EG5v/AkXA/iF3sEPIt
                                        Y5bA3d1IR9bs36fyk3c5c0vb170= )
          

7.2. RSA/SHA2-512 (RSASSA-PSS) Key and Signature

Given a 1280-bit private key with the following values (in Base64):

Private-key-format: v1.2
Algorithm: 248 (RSASHA2-512)
Modulus: v4LMvpU2sPxQHPOos4PFROf1U02gmzkOdeBjWiY1iEsyDgaGEJ/3x1D4oIVHI9pMVS47JoQvvhnnOnJv5/tslA5ivWsTp0i6rFzY3+F+zDUCA1AcD/rcECgfizC/VZSHvH3aThpjqiwCN6HtC9ofPNqxAikdwMeJP3oUSl3Pg/Y3S8pX2ykHNoq2+tROcypY4VUmbFqJa6SAxBT8EeWgTw==
PublicExponent: AQAB
PrivateExponent: uIbklwIZN4F2A992/rmJ23IRPNoAVXAtkcDKmjNUw2WI7mC0ztIEIgXP+oNQ36fYgv7PubYGdopo9TUMxJ7KqQIPe+nvfvEiBTBVO6r/zOveAJXvq3RuNJ0DCBnhvMhWMha7rRcqp3FixJ9J7cBEwRmJQn+KjrrOZJ9zCFJZ+CQZ5yTTFAdrkjDtpFrg8XUSuDqo85/RFtFUQiMHNzLZsQ==
Prime1: 8ji5lppCo7FCVENMf+a9u5EpXNwH8P+VFHaw99NAKqEV+pWBS24Op8yoRxt6f7mmRe4FTNyTfkkdSpMo5aN6oa1h/vFo14ifFTMU46Vm8ec=
Prime2: ymed+9gYJ/z4ulOPOBrJV6BSVIZgE1hxSkyR68h8fzGvc6iPCf7+JsM7XrIK3Z5dxFQ8WBg7YgbKn05mD1dqU3sJJpIstvKdhvUmaJyVYVk=
Exponent1: J/A+eZyZ3E+/9hDarkQniKPYxBzrmksqE6O2bkaA0AabjyPTm9JbzEMsg/z9581+ow0qBpBgKXR4xfEZzzNzZvEltVmsxc0bHe28RgThwoU=
Exponent2: jWsESRhdGGN57cXARXUBxIWxwHj628lprn39Xn5/7ebrLaZR+qv9K1wxOSKw0NN7tFceqnaT1xPjspb2XDW5hoZqiFaNg23Ufpz+rwzomlE=
Coefficient: 2hX/dV/0jj0IUyAbx5N1I2kIsjf9FJmQHQjktr63YG0CMMBMRNUWF2Y4B3Z3RJHHdeBRvD4r3q7JlkhXvuOWn1EyLFx8ZGOZVboKIcePgUU=
          

The DNSKEY record for this key would be:

example.org. IN DNSKEY 256 3 248 AwEAAb+CzL6VNrD8UBzzqLODxUTn9VNNoJs5DnXgY1omNYhLMg4GhhCf 98dQ+KCFRyPaTFUuOyaEL74Z5zpyb+f7bJQOYr1rE6dIuqxc2N/hfsw1 AgNQHA/63BAoH4swv1WUh7x92k4aY6osAjeh7QvaHzzasQIpHcDHiT96 FEpdz4P2N0vKV9spBzaKtvrUTnMqWOFVJmxaiWukgMQU/BHloE8=
          

With this key, sign the following zone consisting of 4 RRs:

example.org. 3600 IN SOA invalid. hostmaster.example.org. (43 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
          

Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:

example.org.            3600    IN SOA  invalid. hostmaster.example.org. (
                                        43         ; serial
                                        43200      ; refresh (12 hours)
                                        900        ; retry (15 minutes)
                                        1814400    ; expire (3 weeks)
                                        7200       ; minimum (2 hours)
                                        )
                        3600    RRSIG   SOA 248 2 3600 (
                                        20300101000000 20000101000000 50019 example.org.
                                        LIqNhZMZthJKDab51kfzn9TtMyWSZ+Z+yOZU
                                        Ukg9j6gAzcezPNiPer9A0FtgDsXFU2ICRDOx
                                        kGeWjhgEN1JGOxA7robpGjOTLWAAYbzSihBE
                                        ehqkpDTJHsmTv3lnjioAFaalFKwisClR1GH9
                                        t7T9sZMEc1G25a4izULX6PiKAjBBegbJ6sGK
                                        6OgCbuxE3yTwJTiPb3/W5IfPbv/bRnETWA== )
                        3600    NS      invalid.
                        3600    RRSIG   NS 248 2 3600 (
                                        20300101000000 20000101000000 50019 example.org.
                                        Sj3JxLM0kH9UDcyO09Zhrupw+0iafH8Yk20I
                                        a2m1S8jnjWrwCQplg/RRcM+9B5rz9AoNZJg7
                                        iHWEwmP9jLK5umbQXP/zCt/5UffdiPSNpGb7
                                        epJ5aNVVfvS00QeqL/yOhwkZcpVd9YszYq+V
                                        Sx6hMHJ9SSqx/CBZZzwjJopOPP4zabha41RY
                                        J/3PG3ohQh7hAigUcNgO4AwxAoV+D/3yQQ== )
                        3600    A       192.0.2.1
                        3600    RRSIG   A 248 2 3600 (
                                        20300101000000 20000101000000 50019 example.org.
                                        GZY8uKkZ2pKhtL9Dh6NKq8GES4WUn9AFOtNc
                                        PHvXVANuMadMh8LwgmtKe7H6HujPW8Ghj0wJ
                                        XRkGJ8kinCRp51eSF0gsr6vIsLiYCx/2XJW5
                                        4dCufvxbbZe3e1yHOOSExLDICT6SQ775CavX
                                        cjnFsI4NAzPO5S+55nq2EvUug7stYeS89mUQ
                                        Wq24FZOnONIY1dbRfpzCkBSs09wXSBtqPQ== )
                        3600    AAAA    2:2001:db8::1
                        3600    RRSIG   AAAA 248 2 3600 (
                                        20300101000000 20000101000000 50019 example.org.
                                        MY2ha2+UIdeHSEeBLqlb6Ls9gTCO7yUQkz3c
                                        yM3A3Als78y/nz9GsEUjpQ6JGmt3c0Gs64mx
                                        WFl15oo/LWrum/HLwvoXciwZOueCSzIpwjQY
                                        zlqUNNbtKLYLChzMdq07x1Cak/kjF8ROsSpz
                                        rQ5MbQDnLN25IOLy3JodvcZFnzsoxmx2LAJ1
                                        g80Ps4+p5QbTEoASNGGPUR84LPrZ7j4Nrw== )
                        7200    NSEC    example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
                        7200    RRSIG   NSEC 248 2 7200 (
                                        20300101000000 20000101000000 50019 example.org.
                                        l2RkbZqizyfnWMThvlt/F2zltQ/DVOmSCQve
                                        JsIe++bJgbyloiLhDnia9ZqwT/apob6VHAgg
                                        KXEII+R6WGuPCBHe3Px2xVFWgh1EU3GnoTWv
                                        JCS1cQ98PpzBiLxIwMAQCp0ItUFj2M2LmZc9
                                        JzvSFW2UCtUK64BCS5aj0qWPPfWuWjM1bJ1d
                                        weyYT+oCKY/GurJbRcjOs4r4Jmsq1PctDA== )
                        3600    DNSKEY  256 3 248 (
                                        AwEAAb+CzL6VNrD8UBzzqLODxUTn9VNNoJs5
                                        DnXgY1omNYhLMg4GhhCf98dQ+KCFRyPaTFUu
                                        OyaEL74Z5zpyb+f7bJQOYr1rE6dIuqxc2N/h
                                        fsw1AgNQHA/63BAoH4swv1WUh7x92k4aY6os
                                        Ajeh7QvaHzzasQIpHcDHiT96FEpdz4P2N0vK
                                        V9spBzaKtvrUTnMqWOFVJmxaiWukgMQU/BHl
                                        oE8=
                                        ) ; ZSK; alg = RSASHA2-512 ; key id = 50019
                        3600    RRSIG   DNSKEY 248 2 3600 (
                                        20300101000000 20000101000000 50019 example.org.
                                        gGFb305M15oFs/+Mc4r9II2nmqARCt52Rj2y
                                        7aQNKIk7PXqxfdsnRpswmvRL/J0zUsoP/Ecj
                                        E+yLZQpJz0Chycs5UszXCeHxGqx1GandpQaw
                                        LOu02AFI2rdpamD242i3RUSfxjKUpo2MFuS7
                                        c92xUOOkjwn1MAZruUKWPbVzCm3pvqIHTytL
                                        JyGDHI8LqCbhbnf3hP2G45BCzh1cp41EYA== )
          

7.3. RSA/SHA3-256 (RSASSA-PSS) Key and Signature

Given a 1024-bit private key with the following values (in Base64):

Private-key-format: v1.2
Algorithm: 249 (RSASHA3-256)
Modulus: uI99tnWEAZ5j8hnh29acjTWKUncLZpGWYCWjmz7KB7q8NCiGdA7dgkIBpGrsry0jF8PVGP8jm2omdMaPDX2N0UcEVKrUSKczNQb3Kdiihl1J8/IC9KZuHqQJHr8E4Gu/S4P1EbpaM00F1YPCkldl7yTyXEA6waP2Qs6lfRETffU=
PublicExponent: AQAB
PrivateExponent: ceGgqZBzxufsNfxAgH05lmx+EIqCT2TwTB2NiYLB+OkBrpF+/WgayIBgMQsFRsZsTAK7oDP2zbQ/THkk1ict9PHByDAAedOo+sjYqja7/NMqHZV2y5nfOV2gr/Qkx8Ns/JhcZ6bD0TtS+mTTGZPKxHZYoZKp/EYaRpY/FH/tgBU=
Prime1: 8a4Tyux12glzCP4cLndnDi2MT9M4WRR0B+8SjU1zoZVgOiF7WnCD6go3LAGl8SbiMzX491cJFKuK7/0qY4wTcw==
Prime2: w37/PBybwbTCtWJeGQo5sZUmAfcB4G9KPb0Xx7attTlVcvS3BsNxQ6u5CJS6PkxrRLJhObY0co97esbRlfXe9w==
Exponent1: X5pyH/LcR+03AVasRUFclgI0oBs5DhwGLmFHYHhEBqZ1k2lNR6B8vmdeHd1lDHlKP+HY49cdM30MkBUA4LI3uw==
Exponent2: P7FYptULSgkChuYNkkrqkRju0SUQz3Zy0bqRzNePsMOFO3bPSrzSYiHInysVosZzDGaxloPugoSMzmuITTtV8Q==
Coefficient: NdPPfYznkez2NNKsVydeZleq+jOBaQ3O98YZteXreOrH8L+pqKxkymKIvqjiTzWdA+fDV7KfFrbv0ZFwGymsNQ==
          

The DNSKEY record for this key would be:

example.org. IN DNSKEY 256 3 249 AwEAAbiPfbZ1hAGeY/IZ4dvWnI01ilJ3C2aRlmAlo5s+yge6vDQohnQO 3YJCAaRq7K8tIxfD1Rj/I5tqJnTGjw19jdFHBFSq1EinMzUG9ynYooZd SfPyAvSmbh6kCR6/BOBrv0uD9RG6WjNNBdWDwpJXZe8k8lxAOsGj9kLO pX0RE331
          

With this key, sign the following zone consisting of 4 RRs:

example.org. 3600 IN SOA invalid. hostmaster.example.org. (44 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
          

Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:

example.org.            3600    IN SOA  invalid. hostmaster.example.org. (
                                        44         ; serial
                                        43200      ; refresh (12 hours)
                                        900        ; retry (15 minutes)
                                        1814400    ; expire (3 weeks)
                                        7200       ; minimum (2 hours)
                                        )
                        3600    RRSIG   SOA 249 2 3600 (
                                        20300101000000 20000101000000 23809 example.org.
                                        Uwq4O7WnX3WgD4gqrE931DqCByyWgf6+YfZe
                                        vRCTzMe+/q/36pWhYhej6wI3Fo2JRImMeL85
                                        IEdQNEUOcZ4SyfbnC/x44Tj3xlF1imf40dWy
                                        /HDLAdAlCfL1bZVxd6KNPBoGsZmWqqdePguC
                                        Kvv6KpZB5bmQhlPJHmcevUajG80= )
                        3600    NS      invalid.
                        3600    RRSIG   NS 249 2 3600 (
                                        20300101000000 20000101000000 23809 example.org.
                                        WXtpjYg9ZGDYBn01HBZwrHiJ8pccXicaLt6e
                                        ck1lYFER1/Gw3oroFvHeI7l8WuyGyjm7QnXP
                                        /avYGX7tAmObgKRh08gk2tDj8Ku6aKYRunVh
                                        jobJi2WEsKBMCScwhjK64WJV90pOrWiU7/j6
                                        D8fwTySTSmQJXn7mG/0ynIiwruw= )
                        3600    A       192.0.2.1
                        3600    RRSIG   A 249 2 3600 (
                                        20300101000000 20000101000000 23809 example.org.
                                        K718CGTXBAKJ3ug5YsHGtr4tPvHrrPFw0YCN
                                        v97mU25mhBerDNLyNISCsMQPw0NVnXyV7BR0
                                        8dpwnmZqGIhId4ojaSKCZtQkUkNiqrF77sZe
                                        2jryHi8VvuT9JqFa+JI3vUHLavnGabc40qEC
                                        zTtP8g1I3CEopnp6QDkLxyjwVhQ= )
                        3600    AAAA    2:2001:db8::1
                        3600    RRSIG   AAAA 249 2 3600 (
                                        20300101000000 20000101000000 23809 example.org.
                                        e8EgXwu/7VvU83ZW8gEiS+51HUfgkowoichs
                                        9L7U5eX1axrynM7c3r7WvFy1hNGLxrzZOU7e
                                        r8R+0QG989x1lwPSHeETryQ/5sUApOeoaFYj
                                        3D+IZEzI0gGfHIXP+zZ2kRW3tQx0Bn1JHPWx
                                        1+JOwFdfJB4jczG6YwydRVaWd3M= )
                        7200    NSEC    example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
                        7200    RRSIG   NSEC 249 2 7200 (
                                        20300101000000 20000101000000 23809 example.org.
                                        rfCOWKNWnlLoXuLPqE5fhq7yN10BZbZ0cCj7
                                        8c4DROMIXistBFRoNhYngTDratXojbJGCO4F
                                        nbA3kSOh91RaSevASHDF9SvAysKUqWIYw4Mx
                                        hLROhu9TjE7i3VgYt6rEHoQIMroOry3dao48
                                        12mcadWl4MgoDyJAxTbUGZyTeFY= )
                        3600    DNSKEY  256 3 249 (
                                        AwEAAbiPfbZ1hAGeY/IZ4dvWnI01ilJ3C2aR
                                        lmAlo5s+yge6vDQohnQO3YJCAaRq7K8tIxfD
                                        1Rj/I5tqJnTGjw19jdFHBFSq1EinMzUG9ynY
                                        ooZdSfPyAvSmbh6kCR6/BOBrv0uD9RG6WjNN
                                        BdWDwpJXZe8k8lxAOsGj9kLOpX0RE331
                                        ) ; ZSK; alg = RSASHA3-256 ; key id = 23809
                        3600    RRSIG   DNSKEY 249 2 3600 (
                                        20300101000000 20000101000000 23809 example.org.
                                        hgKUSu/6JOKBEA9LavThiPFsDk0JOK4fsCiJ
                                        cR8Y/uAKyTlZ77m7olSWnbhSmAkzM2dST4eb
                                        KfCKgz+v6B0H+TGuuVZ9nriFggRsUu0uddsD
                                        sgOVuWB2XC0e0lJMxpYht/DQd6ZLc++XhWyK
                                        a9a0Iw9/bcIFaKY+bhn0zWp3y9k= )
          

7.4. RSA/SHA3-384 (RSASSA-PSS) Key and Signature

Given a 1024-bit private key with the following values (in Base64):

Private-key-format: v1.2
Algorithm: 250 (RSASHA3-384)
Modulus: xHuxiHax4XcfW9yCIdCVdrqs+L1lfTZKdOK7C+J8yDptcyS7DC8Su0X4hqJxA3M0gZFfpwSpuc1/XSwm0pDCqByy1qehIZgJMQ9dm6whqokGgqcpOxEbLhKDHoUl6dq6MVZAoys2wYgpEwK9E0GPx1OT80EeO/8txqyIx1b3X1s=
PublicExponent: AQAB
PrivateExponent: vFr/xBxVRhkWPM/VCGmW/uzR6NpXsoMbOZYpTalfietJBTrO/U0bHeBj8V1EDdShHxynn8r+khoH4N/0j6MqlqEnKmL7lTDeGV5ezKLu3uLFa6RISolasqpQBqptImJ+hbXtozDKPhfjI/+d9FZBB6J1g2RlwujGX6VJMbSefvE=
Prime1: /fmeKF6OHGM9aWJq4j2/tNgbdTdy9tP2pi7VG4w7MZcXtt5jRuwDt9RfBb0i01+KOROWyIklTeHC3OIdU6otLw==
Prime2: xgy6/HX5aChVos1eunk1ZezvweGNfBuZr4TcpcTShzLs8ftGs/fAZ6Ea44p7EZizB1yaEspfcvTMHFnC709dlQ==
Exponent1: 3UV/P9ixo5XqyUgPqzD1NxAZTBSVOusNN1gSH0AbymbDKHW0tPOngZ+rcgqIrvPML1IbyneCYspQxbTSrDPVzQ==
Exponent2: BOFlbjk+ByoPSi7Dadb40OUw11dGlEtd0yxz/4XFJl3D5wapLGArlqIqtnbAJ6ParZDDnzjrdzq/GOfBXQJYrQ==
Coefficient: NPxHl0td8V/7Sk7dnGfF6Fbde3Kwt8PUUsVulh3rsr1wjmWeW6JFBxd8R104k+HicCXrLj+YthGmLS3jCwnidQ==
          

The DNSKEY record for this key would be:

example.org. IN DNSKEY 256 3 250 AwEAAcR7sYh2seF3H1vcgiHQlXa6rPi9ZX02SnTiuwvifMg6bXMkuwwv ErtF+IaicQNzNIGRX6cEqbnNf10sJtKQwqgcstanoSGYCTEPXZusIaqJ BoKnKTsRGy4Sgx6FJenaujFWQKMrNsGIKRMCvRNBj8dTk/NBHjv/Lcas iMdW919b
          

With this key, sign the following zone consisting of 4 RRs:

example.org. 3600 IN SOA invalid. hostmaster.example.org. (45 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
          

Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:

example.org.            3600    IN SOA  invalid. hostmaster.example.org. (
                                        45         ; serial
                                        43200      ; refresh (12 hours)
                                        900        ; retry (15 minutes)
                                        1814400    ; expire (3 weeks)
                                        7200       ; minimum (2 hours)
                                        )
                        3600    RRSIG   SOA 250 2 3600 (
                                        20300101000000 20000101000000 54407 example.org.
                                        i7x4t2CwGks6qLxRxbdp+pakfK27TzN91vug
                                        UPyU+TmOzPYqQoS2MOjJn8TVuje9vZ4EnuzZ
                                        cTZCkO44r9XIgqth4tY5aJfK8otr30DYYwYd
                                        GOv719RBypf11JOk9FW4+rcgsSfTu3z3+a78
                                        PuGh5oR7fUGlg/d0//WraW+Zg+E= )
                        3600    NS      invalid.
                        3600    RRSIG   NS 250 2 3600 (
                                        20300101000000 20000101000000 54407 example.org.
                                        c1o2/g51y3eo3E3+28Ot1k4vg4sE8MEIHdel
                                        rD35/XAOzDZ8PH0HmrBzYEGUTk7Dxv8ts0Yj
                                        M9xtoF9HIxlmOF19yjKrT7LNpXmbcbxA/NNH
                                        kNOqX3EzsLZFD1t7btDqKtj+CaslkxMe6JnH
                                        m03CtRj6b2YF4TROa8swzElwMSc= )
                        3600    A       192.0.2.1
                        3600    RRSIG   A 250 2 3600 (
                                        20300101000000 20000101000000 54407 example.org.
                                        UXoGfLBwSu4b0bMrUvf6QC4Yn/WspMpv5ARf
                                        Z2aZPZABB5ZTdmSLXuvRP4XG9OZNiQhBKCVs
                                        4gLi2MutsVD8AB6N3inJcvNefty8l7+wdnUk
                                        HKuLk8O+/GCB0394nIJTKnazGPhUJtlZucZV
                                        jSNlo+OVLqCqcKtUjG+YB63J5V0= )
                        3600    AAAA    2:2001:db8::1
                        3600    RRSIG   AAAA 250 2 3600 (
                                        20300101000000 20000101000000 54407 example.org.
                                        hMN/J/JZEyMhC9RqJpowhidhSRQCOeiTWyhX
                                        i7+prwrtJ0CccOmakac2QjuKBOEkeXOzUpLL
                                        nXY83uObZCvWg3HouhZX+y9CgLueqRjfK2Sr
                                        KrBLM1zXceqg2zjjxr7UjYn9ty6sJeOJbQLk
                                        LDEOW7fPPSLPELa0S8kS6Z5X/6E= )
                        7200    NSEC    example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
                        7200    RRSIG   NSEC 250 2 7200 (
                                        20300101000000 20000101000000 54407 example.org.
                                        ZTSVWOyH0HY6OYKDhjAqDlhdPjgzSx6ihA5/
                                        Nu1tOJgtxXR+/55PGdplIfS3Q4vujqbbwjD1
                                        EcSGUgVP9lnL4wqq2YwSALj3e5K216wRhBKz
                                        G5YwFrduYZAP57nGdykzeNQZRB1bEpLUEzrP
                                        /u+TQCTrLDSTMv4s61gN9d02gl0= )
                        3600    DNSKEY  256 3 250 (
                                        AwEAAcR7sYh2seF3H1vcgiHQlXa6rPi9ZX02
                                        SnTiuwvifMg6bXMkuwwvErtF+IaicQNzNIGR
                                        X6cEqbnNf10sJtKQwqgcstanoSGYCTEPXZus
                                        IaqJBoKnKTsRGy4Sgx6FJenaujFWQKMrNsGI
                                        KRMCvRNBj8dTk/NBHjv/LcasiMdW919b
                                        ) ; ZSK; alg = RSASHA3-384 ; key id = 54407
                        3600    RRSIG   DNSKEY 250 2 3600 (
                                        20300101000000 20000101000000 54407 example.org.
                                        iFy/6jk0In+egxxxOGzvknZ2gufOFAlrvZ4Q
                                        2Ufa2hLKvJOhsQrpcEfHtB5vGivZJ9WwShjw
                                        5n5YlBE/VKyy/IpycgJwybrBBPimNViwfn8y
                                        BunXT7x/OJ0tSeDxr1ab/CwPBl+0uq3RsDqs
                                        5qJTL5pmN5JD6kR2tRVvy3MicTM= )
          

7.5. RSA/SHA3-512 (RSASSA-PSS) Key and Signature

Given a 1280-bit private key with the following values (in Base64):

Private-key-format: v1.2
Algorithm: 251 (RSASHA3-512)
Modulus: o+YkFXrbuWtwzgjWTMxKWL/mxKmZiIEwZQocnh0XN8ON6AIFc+aECjkxwO5pWG171NCXt2acYWnKakpCmpiSHh9ggj8hL5O67Zs409xo0vqRpXzxY27IvBtKNurtD48RiPknLh3fEhuRnHEj8X2fpuOUx0yN5wOZx3PRjNxMeLnTglxHfRqah/tApQnCTvBAWX5vSYmPP1u/4I/UR1Zpyw==
PublicExponent: AQAB
PrivateExponent: TJqZTOzSW7SK0dGxj82ABkETM+HtH676Fo+GVqRUIL0my0R+lfAs0LZwubL0y97IHOytrIuqFaGjeNBilu0uhiO2MMoe0aTjnoCJLAR9ffXdqZb1FGMn8kWkmmtZJbm3LzFYHMs4B0exGq4vI2DfX5UF0LZV1YN4WIk2jgMPgRdJRZOOr0ZyJs8dz4VwhuVZx6SRa4ADB22QIRUdCCEESQ==
Prime1: 0fpRrO03qcRgQpwNiiw0sjBguAClUVMY9H+ZLwUrAsiP65/ikHOOXTve7aAW/OMnAmKdmpaA0jeMiYdwidMcdwVJbZM0qHsqkxrVZmtgFy8=
Prime2: x9Jgn/DLIVzcPl8VazyWcn51hbM2xd8J5fZYp/ZPVJBDlfvlICT6YbpYg8CyPjUpoDM4JnAH9v0sICO7GgrvQIY5XEYnLmUttdBj8+D58CU=
Exponent1: lXLZcQABrzYS4TXauS5Pb0fZfv0OrPw89cBfkcTW4QtIzAanJfLpL9iuCWj5E5LFMABqdh2KoJRi1XvtkFsOlnPP2Ep+ny/SlJLzsgrYgIc=
Exponent2: fsVfe9keZhotuHxGcHRN1nGYSax7MWnhM73oXRcNGU81MbBPmuca2mmIwn28F29O603Tb79frjjMh89jYpBRXZRKS9pN/Uc/iruczhqLNuk=
Coefficient: JF5wby8oSnh2Hqff02l7tA80wNf99YWUPSn3yHfuoQKgn274V2N/QE4XgcpJd+ioSkKNX+GV6RpG+b8gUiR1hCxHBPpmeb/QcA9ivnrW0L0=
          

The DNSKEY record for this key would be:

example.org. IN DNSKEY 256 3 251 AwEAAaPmJBV627lrcM4I1kzMSli/5sSpmYiBMGUKHJ4dFzfDjegCBXPm hAo5McDuaVhte9TQl7dmnGFpympKQpqYkh4fYII/IS+Tuu2bONPcaNL6 kaV88WNuyLwbSjbq7Q+PEYj5Jy4d3xIbkZxxI/F9n6bjlMdMjecDmcdz 0YzcTHi504JcR30amof7QKUJwk7wQFl+b0mJjz9bv+CP1EdWacs=
          

With this key, sign the following zone consisting of 4 RRs:

example.org. 3600 IN SOA invalid. hostmaster.example.org. (46 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
          

Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:

example.org.            3600    IN SOA  invalid. hostmaster.example.org. (
                                        46         ; serial
                                        43200      ; refresh (12 hours)
                                        900        ; retry (15 minutes)
                                        1814400    ; expire (3 weeks)
                                        7200       ; minimum (2 hours)
                                        )
                        3600    RRSIG   SOA 251 2 3600 (
                                        20300101000000 20000101000000 23118 example.org.
                                        OLszLePpxC9kXYEHP+xnQ/5VVGUuIECXHzEG
                                        ksSPKttAmztjP3GVZpNCqYsahV7yKKkkd6TX
                                        h45w9pho8ZWDabPdCjzCiwl5aL+OvzUWXeGJ
                                        chObfU1AFsW3I03V5/8KUzH6o1CCTDbYbLeP
                                        saI/HH+G4k6mbLU1vNBCKjT8U2wY2T3mtCry
                                        a9heSY0UbORoQpilzljhtmyU86LfItD7tg== )
                        3600    NS      invalid.
                        3600    RRSIG   NS 251 2 3600 (
                                        20300101000000 20000101000000 23118 example.org.
                                        LtjteiIhqrJWOJDvVHB2YBdpOPtc62N40uGe
                                        GoSj9S9pU8UEte8K4T+TQGefc89SQQMBKMl+
                                        LtdKY4G9pTLBSVzpUw1ht4hZvwU5mKURWDJ7
                                        +ZR14ic4Sh91R79U4BZCxe7DbQa+3JWhBLVo
                                        KFsmsFwlStpWSe97xoQNiyC33Y0TRl2S/7TF
                                        p3ewL2owYRraSZZqj+UAM3oLXPyYJoD71A== )
                        3600    A       192.0.2.1
                        3600    RRSIG   A 251 2 3600 (
                                        20300101000000 20000101000000 23118 example.org.
                                        HcOfonaxmSgcjmoRCkrf0mm3K/6zbQQyseI5
                                        u/dmqN04jGjO8OfinRX6wWe2uaQUCTSITyD+
                                        BONJa9BotX36uDJgtm+UYqz+xFSrF/Wolb9X
                                        GrKBzRJXwKGL8z/gcIJMn1VchSwcFIhh+w4K
                                        QAxWmpm2mNdbL83D1Ep+dRgLgsawubhwc2t0
                                        UM6kLJgsx8qYEDDVk6f0UKFWBobseyP5pQ== )
                        3600    AAAA    2:2001:db8::1
                        3600    RRSIG   AAAA 251 2 3600 (
                                        20300101000000 20000101000000 23118 example.org.
                                        AvBYmq6oMCOAQi4DpSpo5+cRUX+vZQgvaNH8
                                        JnT68vibTlyxlUOa5BlxQv7IrrjrM7af73Ny
                                        6tdZfUoQouSpThCs22cPC4T5RPZvSvWzejGc
                                        Fc8ElNOFmftx4d3ag6cIn9Wj74gEAgmqmp+j
                                        uB7/hYK12A2/shgDr0S1UEax2YehBNXdViHZ
                                        aSwSQoLrW25zN4ENgnVkMKUQ/2OIOhyKrg== )
                        7200    NSEC    example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
                        7200    RRSIG   NSEC 251 2 7200 (
                                        20300101000000 20000101000000 23118 example.org.
                                        MeDqwUq8KuJiSLZBefoJqgvuQ6Nlm+IPDFMA
                                        jZUkov419KPqItr29YIG+7lL8Ow/PRVbb0mM
                                        VfVUTIKWC1bfAhO2FBAQJTIzAeFELnUSsTaa
                                        jcNdRSen8VosEh3822rwjqcQD5hhm52v7ZCT
                                        QgrRrgoZBuCHU9dDHNfauUie0mrnCqiuFRjR
                                        DafCZeqYzzIpZVDIjyFDwu2LRzkyKduHug== )
                        3600    DNSKEY  256 3 251 (
                                        AwEAAaPmJBV627lrcM4I1kzMSli/5sSpmYiB
                                        MGUKHJ4dFzfDjegCBXPmhAo5McDuaVhte9TQ
                                        l7dmnGFpympKQpqYkh4fYII/IS+Tuu2bONPc
                                        aNL6kaV88WNuyLwbSjbq7Q+PEYj5Jy4d3xIb
                                        kZxxI/F9n6bjlMdMjecDmcdz0YzcTHi504Jc
                                        R30amof7QKUJwk7wQFl+b0mJjz9bv+CP1EdW
                                        acs=
                                        ) ; ZSK; alg = RSASHA3-512 ; key id = 23118
                        3600    RRSIG   DNSKEY 251 2 3600 (
                                        20300101000000 20000101000000 23118 example.org.
                                        SUr4RUGNadiJ7pJe8X2bnnUuHbNY3yq1S+/W
                                        NRpfXT5RReL8Ag5QuBQAnKwkqbV0UFeM3D0S
                                        xX46BY/75LerOIqy8FHaXbk9qiLBaX9E7/cV
                                        vUhkf9Dbp26Irc59AQCAB0OQ/e55onU3NRsY
                                        TWrujs0cyOo2B8eSHPcd8M2Yvwyh/ZEQNfUj
                                        YXKwAO6a+DZeId9BwU0KiEcrLs/KP2gzEQ== )
          

7.6. ECDSA Curve P-256 with SHA3-256 Key and Signature

Given a private key with the following values (in Base64):

Private-key-format: v1.2
Algorithm: 245 (ECDSAP256SHA3-256)
PrivateKey: FHj8A/R6a/L9gP0cEyi/2ILg8d7ooxrS332FZNuED2c=
          

The DNSKEY record for this key would be:

example.org. IN DNSKEY 256 3 245 5DuYfUIL3CQAibLVRZkHNX8RsmMgXYMVwSWsWvSFqhULW6UhzF0NV4wT Vw6eFTWrJMH421Uk+SI1YFxSL5a77g==
          

With this key, sign the following zone consisting of 4 RRs:

example.org. 3600 IN SOA invalid. hostmaster.example.org. (40 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
          

If the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:

example.org.            3600    IN SOA  invalid. hostmaster.example.org. (
                                        40         ; serial
                                        43200      ; refresh (12 hours)
                                        900        ; retry (15 minutes)
                                        1814400    ; expire (3 weeks)
                                        7200       ; minimum (2 hours)
                                        )
                        3600    RRSIG   SOA 245 2 3600 (
                                        20300101000000 20000101000000 43839 example.org.
                                        Lwigfv/bGllB3Oy8VwxiocNv9Gzcmkm3I90x
                                        dRR2EE8m7mAB6STKrCAWb/W6FS0idcQPiSgL
                                        8uCb0yepcmbtFw== )
                        3600    NS      invalid.
                        3600    RRSIG   NS 245 2 3600 (
                                        20300101000000 20000101000000 43839 example.org.
                                        I/z7I5Q7L6Gec/NynbXGg5gtbVh9DBMFuvX2
                                        6eD6OOeORC7As6/oQmb1kXaHPpLj4amg+f/n
                                        HnJHUfYweLuq+Q== )
                        3600    A       192.0.2.1
                        3600    RRSIG   A 245 2 3600 (
                                        20300101000000 20000101000000 43839 example.org.
                                        PuehYLyx2uSSTe1lsmCmu0fe9Lty4IMB7BMY
                                        q106Q95EmDU9NE93aNn/N3jY3aXSrr2Omumg
                                        UDixTS/b3WTI7A== )
                        3600    AAAA    2:2001:db8::1
                        3600    RRSIG   AAAA 245 2 3600 (
                                        20300101000000 20000101000000 43839 example.org.
                                        jmQwgJCvCC1JLGLpOTUYq8p4w3x3RQ4U1Qaj
                                        Wg1w/PZUX2L931+UScQCgxEeUMEsPBQfDRD2
                                        ngjaSy3EPacAmg== )
                        7200    NSEC    example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
                        7200    RRSIG   NSEC 245 2 7200 (
                                        20300101000000 20000101000000 43839 example.org.
                                        7TtsB8CoVLjTGx3yDVDwOcGsG3+1FdC4S9zl
                                        jSOPIYfRD3KnlBPE+9fyl/5YIz9JDLu+AiJI
                                        49gk+PHBru63EA== )
                        3600    DNSKEY  256 3 245 (
                                        5DuYfUIL3CQAibLVRZkHNX8RsmMgXYMVwSWs
                                        WvSFqhULW6UhzF0NV4wTVw6eFTWrJMH421Uk
                                        +SI1YFxSL5a77g==
                                        ) ; ZSK; alg = ECDSAP256SHA3-256 ; key id = 43839
                        3600    RRSIG   DNSKEY 245 2 3600 (
                                        20300101000000 20000101000000 43839 example.org.
                                        oRrJQrqVwC+fAtXzUQELelLopUXZEcOLkGiP
                                        kyOtu5/K9/PlTPibU9szJeVJwS1L8FBHetsq
                                        NWw6YKBpRzZQGw== )
          

7.7. ECDSA Curve P-384 with SHA3-384 Key and Signature

Given a private key with the following values (in Base64):

Private-key-format: v1.2
Algorithm: 246 (ECDSAP384SHA3-384)
PrivateKey: FaHBWT7qWcJF2J4ExUPgBZ1poxJ/Cwvzv6+BF5rGT3KuIs83ABt51ITt4hVwaGfc
          

The DNSKEY record for this key would be:

example.org. IN DNSKEY 256 3 246 KQdbXXFXMQBV7lAOrRwFYRitDHNxZEXbVYz7FxAkwlGNYdkEePKE7Wfz AgatdexHHeKTG61+3bkW5tf+pSanH8pV6y9fhZQt6gf6v2XD8jPI3rMa 9ucGNf8PThBzVAVT
          

With this key, sign the following zone consisting of 4 RRs:

example.org. 3600 IN SOA invalid. hostmaster.example.org. (41 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
          

If the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created:

example.org.            3600    IN SOA  invalid. hostmaster.example.org. (
                                        41         ; serial
                                        43200      ; refresh (12 hours)
                                        900        ; retry (15 minutes)
                                        1814400    ; expire (3 weeks)
                                        7200       ; minimum (2 hours)
                                        )
                        3600    RRSIG   SOA 246 2 3600 (
                                        20300101000000 20000101000000 34779 example.org.
                                        ZPWX28z79mJc3UbHfubZOdEKPg1BiKy9vdLV
                                        GiGIDU6QDFSci3NmGdjFKfuS31EEjmehVu1M
                                        CaJRFmbl/q1HhoFzuRVnGLkdHr+krBCon9Uo
                                        3l5EEyorRFCOg5Ro5i/z )
                        3600    NS      invalid.
                        3600    RRSIG   NS 246 2 3600 (
                                        20300101000000 20000101000000 34779 example.org.
                                        nAwt7QstHenYC2h9eX7J0p33QRE3S+C7+Wz/
                                        LTOEWqtm0AfU10hnFmnw6OGmxkp2ll2d2qh1
                                        JjrkEPDwg0jlM12SFDTQmwW5TnRQV89N16R2
                                        0KKnoxrdnMSO8WhhnaYG )
                        3600    A       192.0.2.1
                        3600    RRSIG   A 246 2 3600 (
                                        20300101000000 20000101000000 34779 example.org.
                                        ATgXx7BFVUQYFBXx/xiTq2T1CWUAuFmNpqF/
                                        JYVXi0elgImh3a+q6ZCUATUmSvlmDMW6KEhY
                                        ggr2MdJnT4nm0Qo3ellq8mUAvY2X9/yON9Eh
                                        D+Ist8SZ7WDe7UX8Pe9H )
                        3600    AAAA    2:2001:db8::1
                        3600    RRSIG   AAAA 246 2 3600 (
                                        20300101000000 20000101000000 34779 example.org.
                                        T7DAgHgxAFNXp5I/alyc5Vp4jsE/L/C9v6NY
                                        6j+I3RyiCCGY0PY8JY4R4iEd2QB9GPl0zByF
                                        bGVz3MfxiyF/r/BB1zdzgqCcsZ7O932sOuRj
                                        PQFHV7TuKabl0INvnjAs )
                        7200    NSEC    example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
                        7200    RRSIG   NSEC 246 2 7200 (
                                        20300101000000 20000101000000 34779 example.org.
                                        Tc7HYK4o1ZYYdkSbykdG1aR3dgK/Ah8evaKp
                                        4hfBm9R9GiWlusEhD6OWPGKjw2Y8zC/yb9h0
                                        S4lj5TvbzRFY8xfvoys6w9x4KSo89bAAIIkQ
                                        ojBivLF8GlXOhDApeqr3 )
                        3600    DNSKEY  256 3 246 (
                                        KQdbXXFXMQBV7lAOrRwFYRitDHNxZEXbVYz7
                                        FxAkwlGNYdkEePKE7WfzAgatdexHHeKTG61+
                                        3bkW5tf+pSanH8pV6y9fhZQt6gf6v2XD8jPI
                                        3rMa9ucGNf8PThBzVAVT
                                        ) ; ZSK; alg = ECDSAP384SHA3-384 ; key id = 34779
                        3600    RRSIG   DNSKEY 246 2 3600 (
                                        20300101000000 20000101000000 34779 example.org.
                                        WpuLvqdHWbmggF7tTgXkFuoHFgPgY7Tl35zg
                                        jLEEgZJJUXDEDOC2pFpYVJljVPGptUW4EWOM
                                        CoCu70UTPpTJUnXWQgYH/2lW2SjWk7KM36rH
                                        nWkRklSxtL8y00IV1/Nt )
          

7.8. SHA3-256 as DS Digest Type

Given a 1024-bit RSA/SHA-256 DNSKEY with the following contents:

      example.org. IN DNSKEY 256 3 8 AwEAAbljrZZb1Qyq8ui+vnYL5exWSrQYFkCFD6VvJoJr5ADo7CxZiyxu sJM6oVHF7pA22rKJqjgIR9lksZ1+nT2WcwdXQuAFLrLFAI5L42mQKOHS hx1S3vHosO0iSIX47IyyR2O+J9qLhy7B+T4cJzAq2dOtSziqL1l5BCtw 5ZNYJX8N
          

The DS record for this key with digest type SHA3-256 would be:

      example.org. IN DS 25803 8 252 AE03EA9388D4BA12725999B8E2C4ED14E06EAE8B78229B81154F61FE8EDBAA5F
          

7.9. SHA3-384 as DS Digest Type

Given a 1024-bit RSA/SHA-256 DNSKEY with the following contents:

      example.org. IN DNSKEY 256 3 8 AwEAAbljrZZb1Qyq8ui+vnYL5exWSrQYFkCFD6VvJoJr5ADo7CxZiyxu sJM6oVHF7pA22rKJqjgIR9lksZ1+nT2WcwdXQuAFLrLFAI5L42mQKOHS hx1S3vHosO0iSIX47IyyR2O+J9qLhy7B+T4cJzAq2dOtSziqL1l5BCtw 5ZNYJX8N
          

The DS record for this key with digest type SHA3-384 would be:

      example.org. IN DS 25803 8 253 BA8A4350F844CCCB8308694B3ADD478FC7EFBAC936D82D482D88F792FAB0766567E1F58F3A1075708CCC0457C9435ECA
          

8. Security considerations

8.1. Considerations for RRSIG Resource Records

DNSSEC implementations are encouraged to implement the new algorithms in this document as soon as possible now that SHA-1's security is known to be degraded and the SHA-2 hash algorithms are currently the last line of defence for use with RSA in DNSSEC.

Users of DNS software are encouraged to deploy these new algorithms with DNSSEC when software implementations allow for it. Users are encouraged to run DNSSEC validator implementations that support these new algorithms when they are available.

The RSASSA-PSS signature scheme and the SHA-3 hash function family are considered sufficiently strong for the immediate future, but predictions about future development in cryptography and cryptanalysis are beyond the scope of this document.

8.2. Signature Type Downgrade Attacks

Since each RRSet MUST be signed with each algorithm present in the DNSKEY RRSet at the zone apex (see Section 2.2 of [RFC4035]), a malicious party cannot filter out the RSASSA-PSS RRSIG and force the validator to use a RSA/SHA-1 signature if both are present in the zone. This should provide resilience against algorithm downgrade attacks, if the validator supports RSASSA-PSS.

9. IANA considerations

This document updates the IANA registry "Domain Name System Security (DNSSEC) Algorithm Numbers" (http://www.iana.org/protocols). The following entries are added to the registry:

No. Description Mnemonic Z.S. T.S. Ref.
245 [TBD] ECDSA Curve P-256 with SHA3-256 ECDSAP256SHA3-256 Y * [TBD]
256 [TBD] ECDSA Curve P-384 with SHA3-384 ECDSAP256SHA3-384 Y * [TBD]
247 [TBD] RSA/SHA2-256 with RSASSA-PSS RSASHA2-256 Y * [TBD]
248 [TBD] RSA/SHA2-512 with RSASSA-PSS RSASHA2-512 Y * [TBD]
249 [TBD] RSA/SHA3-256 with RSASSA-PSS RSASHA3-256 Y * [TBD]
250 [TBD] RSA/SHA3-384 with RSASSA-PSS RSASHA3-384 Y * [TBD]
251 [TBD] RSA/SHA3-512 with RSASSA-PSS RSASHA3-512 Y * [TBD]

This document updates the IANA registry "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms" (http://www.iana.org/protocols). The following entries are added to the registry:

Value Description Status References
252 [TBD] SHA3-256 OPTIONAL [TBD]
253 [TBD] SHA3-384 OPTIONAL [TBD]

10. Acknowledgements

Thanks to Francis Dupont and Paul Hoffman for review and suggestions.

11. References

11.1. Normative references

[FIPS.180-4.2015] National Institute of Standards and Technology, "Secure Hash Standard", FIPS PUB 180-4, August 2015.
[FIPS.202.2015] National Institute of Standards and Technology, "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions", FIPS PUB 202, August 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC3110] Eastlake 3rd, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)", RFC 3110, DOI 10.17487/RFC3110, May 2001.
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, DOI 10.17487/RFC3447, February 2003.
[RFC3658] Gudmundsson, O., "Delegation Signer (DS) Resource Record (RR)", RFC 3658, DOI 10.17487/RFC3658, December 2003.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, DOI 10.17487/RFC4033, March 2005.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, DOI 10.17487/RFC4034, March 2005.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose, "Protocol Modifications for the DNS Security Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005.
[RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)", RFC 4509, DOI 10.17487/RFC4509, May 2006.
[RFC5155] Laurie, B., Sisson, G., Arends, R. and D. Blacka, "DNS Security (DNSSEC) Hashed Authenticated Denial of Existence", RFC 5155, DOI 10.17487/RFC5155, March 2008.
[RFC5702] Jansen, J., "Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC", RFC 5702, DOI 10.17487/RFC5702, October 2009.
[RFC6090] McGrew, D., Igoe, K. and M. Salter, "Fundamental Elliptic Curve Cryptography Algorithms", RFC 6090, DOI 10.17487/RFC6090, February 2011.
[RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, DOI 10.17487/RFC6605, April 2012.
[RFC8017] Moriarty, K., Kaliski, B., Jonsson, J. and A. Rusch, "PKCS #1: RSA Cryptography Specifications Version 2.2", RFC 8017, DOI 10.17487/RFC8017, November 2016.

11.2. Informative references

[NIST800-57] Barker, E., Barker, W., Burr, W., Polk, W. and M. Smid, "Recommendation for Key Management", NIST SP 800-57, March 2007.

Appendix A. Change history (Editor: to be removed before publication)

Authors' Addresses

Jelte Jansen SIDN Meander 501 Arnhem, 6825 MD The Netherlands EMail: jelte.jansen@sidn.nl URI: https://www.sidn.nl/
Mukund Sivaraman Internet Systems Consortium 950 Charter Street Redwood City, CA 94063 US EMail: muks@mukund.org URI: https://www.isc.org/