[Opendnssec-user] key ID inconsistency
Pierre Lebrech
pierre.lebrech at laposte.net
Wed Jul 7 07:59:54 UTC 2010
Hello,
I've just tried to export a KSK key with 2 different ways. First, here
are my keys :
$ ods-ksmutil key list -v -z titi.com
SQLite database set to: /var/opendnssec/kasp.db
Keys:
Zone: Keytype: State: Date of next transition: CKA_ID: Repository: Keytag:
titi.com KSK active 2010-07-27 09:05:28 78bcf4906380be9fb4290293eb56b91a softHSM 21978
titi.com KSK dspublish 2010-07-07 13:59:47 9821a32b2053e075d8c94eecef366eda softHSM 41116
titi.com ZSK active 2010-07-16 16:39:40 a037f4610a9b78b71f6a0170a00d7b43 softHSM 24783
titi.com ZSK ready next rollover c490991028c96aa02abe9f82bf684c4b softHSM 12780
Now, I call ods-ksmutil :
$ ods-ksmutil key export -z titi.com --keytype KSK --keystate dspublish
SQLite database set to: /var/opendnssec/kasp.db
;dspublish KSK DNSKEY record:
titi.com. 3600 IN DNSKEY 257 3 7
AwEAAeN/vCwFhhtKNC9G1fQBdFxSZtqFtNMo4GbLGfO1FdDX15OXTW+FtW2zXj+HBsojlYczjrSY7AtxPo7TpmK9UfLmJH/ayDM47zKHA+bYNH+HAPtDk3TX1BbE3lRPQRH/cPGzBKdhM9Q+r3B+6lt0lcgWtlPbdHGz3MiKTpYnrOwAFr0RwcgmazenQUe/qd9oV1YovtyZYfFqG9T5TW30XfVBbVind2RYjDW+bC598HBN797OHOZF/FSGU4zv711aJYDfcpXypYu01P3kQ5hAO0/M2pM/HybHhe9W56m2FfnQEyJCG2rDUgY6lR65x4l6/eO4M9HQsMCfuw4BBKvnbBc=
;{id = 41116 (ksk), size = 2048b}
OK and now I call ods-hsmutil :
$ ods-hsmutil dnskey 9821a32b2053e075d8c94eecef366eda titi.com
titi.com. 3600 IN DNSKEY 256 3 5
AwEAAeN/vCwFhhtKNC9G1fQBdFxSZtqFtNMo4GbLGfO1FdDX15OXTW+FtW2zXj+HBsojlYczjrSY7AtxPo7TpmK9UfLmJH/ayDM47zKHA+bYNH+HAPtDk3TX1BbE3lRPQRH/cPGzBKdhM9Q+r3B+6lt0lcgWtlPbdHGz3MiKTpYnrOwAFr0RwcgmazenQUe/qd9oV1YovtyZYfFqG9T5TW30XfVBbVind2RYjDW+bC598HBN797OHOZF/FSGU4zv711aJYDfcpXypYu01P3kQ5hAO0/M2pM/HybHhe9W56m2FfnQEyJCG2rDUgY6lR65x4l6/eO4M9HQsMCfuw4BBKvnbBc=
;{id = 41113 (zsk), size = 2048b}
In this last result, I am surprised by the answer : the ID I get is 41113 (ZSK : 256). Well,
the key is correct though.
--
Pierre Lebrech
More information about the Opendnssec-user
mailing list