[Opendnssec-user] getting dnssec keytag from CKAID label when using softhsm?
sebastian at nzrs.net.nz
Mon Dec 10 23:11:04 CET 2012
On 11/12/12 08:58, Paul Wouters wrote:
> When using an HSM, I can run dnssec-fromlabel with the CKAID to get the
> keytag/algo of the key. How can I do the same with softhsm? Is that only
> possible recompiling bind with softhsm as PKCS#11 provider?
The softhsm is only a key container which doesn't know anything about
what are you doing with the keys.
> Perhaps the ods suite can add a small utility for this? Or even better,
> store this in the signconf XML?
The association key <-> zone is done in the KASP db, so when using
OpenDNSSEC you can get the details you look for using ods-ksmutil
>From memory, BIND keeps the association key <-> zone in a text file,
where the CKA_ID is stored. I don't have a BIND signer at hand to check.
I hope it helps,
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the Opendnssec-user