[Opendnssec-user] key state definition
Miek Gieben
miek at miek.nl
Mon Jul 19 17:30:17 UTC 2010
[ Quoting Miek Gieben in "[Opendnssec-user] key state definit"... ]
> Hello,
>
> I'm writing an export function to export the OpenDNSSEC keys from
> the database to a format understood by BIND. This already works
> very nicely[*]:
>
> [*] The shell scripts are alpha quality, but I'm happy to post them to
> this list if somebody wants to see them.
We (SIDN) are going to use these scripts in production -- soonish.
Currently the ods-export consists out of 4 scripts that read
the kasp.db, convert the keys found from the HSM to bind9 format and
set the timing paramaters (dnssec-keyfromlabel).
Futher more there is a small Perl script that parses the signconf.xml
to create the options for dnssec-signzone (-A -j -k, -T and -s
<salt>), so that the signing parameters are in sync.
Then dnssec-signzone -S <sign_options> is called to sign the zone.
Our offer still stands, if people are interested in these scripts
please contact me or SIDN.
Kind regards,
Miek Gieben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100719/dc3d8b98/attachment.bin>
More information about the Opendnssec-user
mailing list