[Opendnssec-develop] RE: Signconf
rick.zijlker at sidn.nl
Thu May 20 14:27:50 UTC 2010
When you say that you can manually create keys, do you mean that you can run ods-ksmutil key generate?
If you have not tried that could you do so?
They were manually created with the Luna SA client. When using 'key generate' nothing would be generated.
By running 'ods-ksmutil setup' and clearing the HSM of any keys, it is running again. But I don't understand why the keys in the kasp.db weren't purged since they were not in use by any zone. It was also not corresponding to the key list listed by the HSM at that time:
[root at signer1 ~]# ods-hsmutil list luna
Listing keys in repository: luna
14 keys found.
Repository ID Type
---------- -- ----
luna 4cbe955b68f0201299537e51ca391a9f RSA/1024
luna c24a8dd3ab0f409d25c1ffce6eb7acad RSA/2048
luna eb4a7c10f974cdc23edf2bf19bd7925e RSA/2048
luna 404baab6dc60fef4342d1680d8ba700990d55197 RSA/1024
luna 829c9404b3b8b0f504904419691d587de9b34614 RSA/2048
luna 3d1c8641da88ba9e14af9f647d1c69cf RSA/1024
luna c04797e33c6ccc998ecf9e67d1d76a872d643172 RSA/1024
luna cf33fc0fd6758124bf45e375c057631fb722a555 RSA/1024
luna f0aa22d8c7d2e84ca9645fabec41de1d RSA/2048
luna 955506bafe1fbfac64454489f3189667 RSA/2048
luna d1b3af3e062ed1413c7785df7197228b RSA/2048
luna 61a39bbb3dc9287509c7955ffcd8a8d3 RSA/2048
luna e5bd27be08ab78c1cebe152b91aa4620 RSA/1024
luna 5ed8fbe39e752e7760fdf4c7580e24dd RSA/1024
Not all of these keys were present in kasp.db. Also didn't pregenerate any keys when comparing, so I would expect the old keys to be purged.
I am gonna do some more testing on this matter and let you know as soon as I have any new findings.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-develop