[Opendnssec-user] exporting key from openhsm sqllite, no mysql

[Randy Bush]

thanks to rob austein

{{{
#!/bin/sh -

# Extract keys from SoftHSM.  This requires pulling the zone names,
# key IDs, and flags from the database (SQLite3 in this installation).

#database=/usr/local/var/opendnssec/kasp.db
database=copy-of-kasp.db

sqlite3 $database 'SELECT name, HSMkey_id, keytype FROM zones JOIN dnsseckeys ON zones.id = dnsseckeys.zone_id JOIN keypairs ON keypairs.id = dnsseckeys.keypair_id' |
awk '
  BEGIN {
    pin = "haha";
    FS = "[|]";
  }
  {
    zone = $1; keyid = $2; keytype = $3;
    if (keytype == 257)
      ksk = " --ksk";
    else
      ksk = "";
    system("softhsm --export key." keyid ".pem --slot 0 --pin " pin " --id " keyid);
    system("softhsm-keyconv --tobind --in key." keyid ".pem --pin " pin " --name " zone " --algorithm RSASHA256" ksk);
  }'
}}}