[Opendnssec-user] key state definition
Miek Gieben
miek at miek.nl
Wed Jun 30 09:59:35 UTC 2010
Hello,
I'm writing an export function to export the OpenDNSSEC keys from
the database to a format understood by BIND. This already works
very nicely[*]:
* I lookup the labels of the keys in the database and then use
dnssec-keyfromlabel to extract the keys from the HSM.
* Next I use dnssec-signzone to sign a zone with those keys.
There is only one issue: determining the state of the keys.
In the openDNSSEC database you have the keydata_view, which
has a state column which holds an integer. Now the question.
Are these integers defined in enforcer/ksm/include/ksm/ksm.h?
#define KSM_STATE_GENERATE 1
#define KSM_STATE_GENERATE_STRING "generate"
#define KSM_STATE_PUBLISH 2
#define KSM_STATE_PUBLISH_STRING "publish
....
....
And will they be kept stable in upcoming openDNSSEC releases?
Kind regards,
Miek Gieben
[*] The shell scripts are alpha quality, but I'm happy to post them to
this list if somebody wants to see them.
--
Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100630/969f2e09/attachment.bin>
More information about the Opendnssec-user
mailing list