[Opendnssec-user] Trying to purge a key with "unknown key state"

Paul Wouters paul at nohats.ca
Mon Jan 7 18:05:02 UTC 2013

I'm trying to kill all references to a key in ods/softhsm

~> ods-ksmutil key ksk-retire --keytag 12345
*WARNING* This will retire the currently active KSK; are you sure? [y/N] y
Found key with CKA_ID 02e940a73755801f75bc9744c608dc5e
Key 02e940a73755801f75bc9744c608dc5e retired

~> ods-ksmutil key delete --cka_id 12345
Failed to determine the state of the key

The problem is that this key is still showing up in the signconf XML
file, and is re-introduced when running ods-ksmutl update all.  But it
has a wrong algorithm, and it just needs to vanish completely, as it is
just breaking the signerd (which also dies upon encountering this)
Is there a way to force deletion without knowing the state of the key?


More information about the Opendnssec-user mailing list