[Opendnssec-user] key state definition

Miek Gieben miek at miek.nl
Wed Jun 30 09:59:35 UTC 2010


I'm writing an export function to export the OpenDNSSEC keys from
the database to a format understood by BIND. This already works
very nicely[*]:

* I lookup the labels of the keys in the database and then use
  dnssec-keyfromlabel to extract the keys from the HSM. 

* Next I use dnssec-signzone to sign a zone with those keys. 

There is only one issue: determining the state of the keys.
In the openDNSSEC database you have the keydata_view, which
has a state column which holds an integer. Now the question.
Are these integers defined in enforcer/ksm/include/ksm/ksm.h?

    #define KSM_STATE_GENERATE          1
    #define KSM_STATE_GENERATE_STRING   "generate"
    #define KSM_STATE_PUBLISH           2
    #define KSM_STATE_PUBLISH_STRING    "publish

And will they be kept stable in upcoming openDNSSEC releases?

Kind regards,
Miek Gieben

[*] The shell scripts are alpha quality, but I'm happy to post them to
this list if somebody wants to see them.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100630/969f2e09/attachment.bin>

More information about the Opendnssec-user mailing list