[Opendnssec-user] Signer stuck after migration from 32-bit to 64-bit

Rickard Bellgrim rickard at opendnssec.org
Tue Jan 24 13:06:07 UTC 2012

> Export the key you have in the signconf:
> sudo softhsm --slot 0 --pin 1234 --export key.pem --id
> 1e71b7ccea75aca4ca7106fb94e4c275

The export functionality in the softhsm tool is not supported by
PKCS#11. The program gets the information directly from the token
database. This functionality will be dropped in v2 where all of the
interaction is only done using PKCS#11. The reason that this
functionality exists now is that the information is stored unencrypted
and is available if you have the right privilege.

It is recommended that you treat this migration between a 32-bit
system to a 64-bit system as a system rollover. Where you pre- and
postpublish the ZSK and have double DS in the parent zone. Then you do
not need to move the keys.

// Rickard

More information about the Opendnssec-user mailing list