From 3f8fe6154293ee56204537e4573bfa604ce2b28b Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Sat, 23 Nov 2019 09:55:05 +0000
Subject: [PATCH] Generate a DS record as well

Just generate a DS record, so we don't need to reach for ldns-key2ds for
just this part.

Signed-off-by: Miek Gieben <miek@miek.nl>
---
 coredns-keygen/README.md | 11 +++++++----
 coredns-keygen/main.go   |  5 +++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/coredns-keygen/README.md b/coredns-keygen/README.md
index f29b592..195ff88 100644
--- a/coredns-keygen/README.md
+++ b/coredns-keygen/README.md
@@ -19,10 +19,11 @@ coredns-keygen ZONES...
 
 For each key pair the following files are created:
 
-* `K<zone>.+<algorithm>+<keytag>.key` for the DNSKEY RR, and
+* `K<zone>.+<algorithm>+<keytag>.key` for the DNSKEY RR,
+* `K<zone>.+<algorithm>+<keytag>.ds` for the DS RR, and,
 * `K<zone>.+<algorithm>+<keytag>.private` for the private one.
 
-For each generate key the base name of these file is printed to standard output once.
+For each generated key the base name of these file is printed to standard output once.
 
 ## Examples
 
@@ -36,5 +37,7 @@ Kexample.net.+013+00440
 
 ## Also See
 
-dnssec-keygen(8) can also used to generate keys and supports more options. See RFC 4033, 4034, 4035
-for the whole DNSSEC specification.
+dnssec-keygen(8) can also used to generate keys and supports more options. ldns-keygen(1) and
+ldns-key2ds(1) or similar utilities.
+
+See RFC 4033, 4034, 4035 for the DNSSEC specification.
diff --git a/coredns-keygen/main.go b/coredns-keygen/main.go
index 42d936f..0bd04a8 100644
--- a/coredns-keygen/main.go
+++ b/coredns-keygen/main.go
@@ -34,6 +34,8 @@ func main() {
 			log.Fatal(err)
 		}
 
+		ds := key.ToDS(dns.SHA256)
+
 		base := fmt.Sprintf("K%s+%03d+%05d", key.Header().Name, key.Algorithm, key.KeyTag())
 		if err := ioutil.WriteFile(base+".key", []byte(key.String()+"\n"), 0644); err != nil {
 			log.Fatal(err)
@@ -41,6 +43,9 @@ func main() {
 		if err := ioutil.WriteFile(base+".private", []byte(key.PrivateKeyString(priv)), 0600); err != nil {
 			log.Fatal(err)
 		}
+		if err := ioutil.WriteFile(base+".ds", []byte(ds.String()+"\n"), 0644); err != nil {
+			log.Fatal(err)
+		}
 		fmt.Println(base) // output keys generated to stdout to mimic dnssec-keygen
 	}
 }