[Opendnssec-user] How to find the id for the softhsm --export

Fred Zwarts (KVI) F.Zwarts at KVI.nl
Mon Apr 2 12:22:25 UTC 2012

In the documentation I find a section about importing and exporting key 
I tried to export the key pairs used by OpenDNSsec for KSK and ZSK keys.
According to this section I need a command  as in:

softhsm --export key2.pem --slot 1 --id A1B2 --pin 123456

I think I understand all parameters, except, apparently, the id, which is, 
unfortunately, a required parameter.
As far as I can see, a 4 digit hexadecimal id is needed. How do I find the 
Id corresponding to my KSK or ZSK key? The command

ods-ksmutil key list --verbose

lists my keys with a key tag, which seems to be a numeric maximum 5 digit 
number, never greater than about 65000. The same numbers I see in the signed 
zone files in the comment section of the DNSKEY record, where they are 
called the id of the key. It seems to fulfill the requirements for the key 
id, but if I convert such a number to hexadecimal format and then try the 
result as the id in the softhsm --export command, an error message is 

Error: Could not find the private key with ID = AF59

So, apparently, this is not the right way to get the id of the key pair.
Therefore, my question is, how do I find the key id of the keys used by 


More information about the Opendnssec-user mailing list