[Opendnssec-user] softHSM : export/import or backup/restore question

[Pierre Lebrech]

Hello,

I'm trying to move a softHSM to another machine.

First thing I tried is to simply move my slot0.db file to my new
machine but it does not work. ods-ksmutil works but it displays "softHSM
not in repository". "ods-hsmutil list" do not find any keys : it's
empty.

So then, I tried to export the keys with this command (found in "man
softhsm") :
sqlite3 slot0.db .dump | sqlite3 copy.db

I got no error, good.

Now, I'm trying to import this copy.db into my new machine but with no
success.
Currently, my knowledge tells me that copy.db is a copy of my token.

Here are the 2 methods I followed :
method 1 :
The man page of softhsm (at the end of the file), I can read :

##################################### snip
"A token can be backed up by issuing the command:

      sqlite3 <PATH TO TOKEN> .dump | sqlite3 copy.db

Move  the file "copy.db" to a secure location.  To restore the
token, just copy the file back to the system and add it to a slot in the
configuration (softhsm.conf)."
##################################### snip

So, I have added the file to a new slot but when I run the command
"softhsm --show-slots", it tells me that the token is not initialized.
But if I initialize it, then data are removed.

method 2:

So, I have my token in a new slot : 2, and it is initialized, and empty.
So, I want to populate the database.

The export/import function seems to work on a unique key, not all the
keys.

I dumped the token with : sqlite3 slot0.db .dump > dump

But I don't how to import it. Well, in fact, if I try to import the dump, sqlite3
tells me that primary keys already exists or that tables already exists.

And I had to edit the dump to remove lines like "CREATE TABLE".

Anyway, currently, my token is not successfully moved yet.


So, what is the best solution to move an existing token (database) to a new system?

Thanks.


-- 

Pierre Lebrech