[Opendnssec-develop] [OpenDNSSEC] #108: key import strange behaviour

OpenDNSSEC owner-dnssec-trac at kirei.se
Tue Mar 9 13:35:13 UTC 2010

#108: key import strange behaviour
Reporter:  vincent.levigneron@…       |       Owner:  sion    
    Type:  defect                     |      Status:  new     
Priority:  major                      |   Component:  Enforcer
 Version:  1.0.0                      |    Keywords:          
 As I want to keep my KSK which is configured as a trusted key in all my
 name servers, I import it each Time I try a new ODS from-scratch
 configuration. These are the commands I use...

 > softhsm --import ksk.pem --slot 0 --pin 1234 --label Afnic1 --id F1D0

 The key appears in the HSM.

 > ods-hsmutil list

 Repository            ID                                Type
 ----------            --                                ----
 softHSM               f1d0                              RSA/2048

 I use the following command to import the key in ODS:

 > ods-ksmutil key import --cka_id f1d0 --repository softHSM --zone fr
 --keytype KSK --bits 2048 --algorithm 7 --keystate ACTIVE --time 20100202

 BUT when I list the keys, I have the following output...

 > ods-ksmutil --verbose key list
 SQLite database set to: /home/afnicreg/Key_Manager/ODS/var/kasp.db
 Zone:                           Keytype:      State:    Date of next
 transition:  CKA_ID:                           Repository:
 fr                              KSK           active    xpUÿ
 f1d0                              softHSM                           15858

 After several tries, the "Date of next transition" has never been human-

Ticket URL: <http://trac.opendnssec.org/ticket/108>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list