[Opendnssec-user] ods-hsmutil

Paul Wouters paul at nohats.ca
Sat Jul 14 02:06:01 UTC 2012

On Fri, 13 Jul 2012, Rickard Bellgrim wrote:

> Remember that the physical keys are stored in the HSM. We also need
> more properties than just the key values (exponent, modulus, ...).
> This is why we need the KASP Enforcer Database. This database will
> have the "key metadata" like KSK, ZSK, CKA_ID, rollover time stamps,
> etc.

Does ODS generate the rollover tiemstamps for all future keys at that
generation time ? Eg, can you copy the kasp.db after generating the keys
and have identical future rollover timestamps for multiple signers?


More information about the Opendnssec-user mailing list