We have a new Net::DNS::SEC release version 0.22.
This release introduces the following new features and improvements:
- RRSIG::siginception and RRSIG::siginception in time values
- RRSIG::siginception and RRSIG::siginception now return, besides the format date in string context like before, the date as seconds since epoch in numeric context.
- ECDSA and GOST signature creation and verification
- The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and Digest::GOST need to be available to enable this feature.
- Version requirements detection for optional modules
- Besides the optional modules just mentioned, Crypt::OpenSSL::Random is an optional module which enables private key generation and Digest::BubbleBabble enables Net::DNS::RR::DS::babble
Besides these features, architectural modifications have been made to loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so that they can be added to the regular Net::DNS in the future, although without cryptographic operations.
To this end, all cryptographic operations are now concentrated in their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA, Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.
An affected module of this rework is Net::DNS::SEC::Private. This module previously performed cryptographic operations with the generate_rsa, new_rsa_priv and dump_rsa_* methods.
The generate_rsa and new_rsa_priv methods are still available as before, but the dump_rsa_* methods are now available only if the generate_rsa or new_rsa_priv function were used to create the Net::DNS::SEC::Private object. This is different from previous behaviour (i.e. not backwards compatible).
For a complete list of changes and bugfixes see the CHANGES file.