[Opendnssec-user] key state definition
miek at miek.nl
Wed Jun 30 09:59:35 UTC 2010
I'm writing an export function to export the OpenDNSSEC keys from
the database to a format understood by BIND. This already works
* I lookup the labels of the keys in the database and then use
dnssec-keyfromlabel to extract the keys from the HSM.
* Next I use dnssec-signzone to sign a zone with those keys.
There is only one issue: determining the state of the keys.
In the openDNSSEC database you have the keydata_view, which
has a state column which holds an integer. Now the question.
Are these integers defined in enforcer/ksm/include/ksm/ksm.h?
#define KSM_STATE_GENERATE 1
#define KSM_STATE_GENERATE_STRING "generate"
#define KSM_STATE_PUBLISH 2
#define KSM_STATE_PUBLISH_STRING "publish
And will they be kept stable in upcoming openDNSSEC releases?
[*] The shell scripts are alpha quality, but I'm happy to post them to
this list if somebody wants to see them.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the Opendnssec-user