[Opendnssec-user] getting dnssec keytag from CKAID label when using softhsm?
Sebastian Castro
sebastian at nzrs.net.nz
Mon Dec 10 22:11:04 UTC 2012
On 11/12/12 08:58, Paul Wouters wrote:
>
> Hi,
Hi Paul,
>
> When using an HSM, I can run dnssec-fromlabel with the CKAID to get the
> keytag/algo of the key. How can I do the same with softhsm? Is that only
> possible recompiling bind with softhsm as PKCS#11 provider?
The softhsm is only a key container which doesn't know anything about
what are you doing with the keys.
>
> Perhaps the ods suite can add a small utility for this? Or even better,
> store this in the signconf XML?
The association key <-> zone is done in the KASP db, so when using
OpenDNSSEC you can get the details you look for using ods-ksmutil
>From memory, BIND keeps the association key <-> zone in a text file,
where the CKA_ID is stored. I don't have a BIND signer at hand to check.
I hope it helps,
>
> Paul
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the Opendnssec-user
mailing list