[Opendnssec-user] key state definition

Miek Gieben miek at miek.nl
Mon Jul 19 17:30:17 UTC 2010


[ Quoting Miek Gieben in "[Opendnssec-user] key state definit"... ]
> Hello,
> 
> I'm writing an export function to export the OpenDNSSEC keys from
> the database to a format understood by BIND. This already works
> very nicely[*]:
>
> [*] The shell scripts are alpha quality, but I'm happy to post them to
> this list if somebody wants to see them.

We (SIDN) are going to use these scripts in production -- soonish.

Currently the ods-export consists out of 4 scripts that read
the kasp.db, convert the keys found from the HSM to bind9 format and
set the timing paramaters (dnssec-keyfromlabel).

Futher more there is a small Perl script that parses the signconf.xml
to create the options for dnssec-signzone (-A -j -k, -T and -s
<salt>), so that the signing parameters are in sync.

Then dnssec-signzone -S <sign_options> is called to sign the zone.

Our offer still stands, if people are interested in these scripts
please contact me or SIDN.

Kind regards,
Miek Gieben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100719/dc3d8b98/attachment.bin>


More information about the Opendnssec-user mailing list