What about rolling to a non-EC algorithm with the present keystore and importing temporary (RSA?) keys to the HSM?
On 11/9/21 5:12 PM, Bastien Durel wrote: > Le mardi 09 novembre 2021 à 17:09 +0100, Daniel Salzman a écrit : >> Sorry, it's not correct. You have to import the pem files to HSM >> first and then import-pkcs11 metadata from the HSM to KASP DB. >> >> What is your HSM? > > Hello, > > It's a SmartCard-HSM, that don't support importing EC keys. That's why > I tried to do a rollover. > > Thanks, > -- https://lists.nic.cz/mailman/listinfo/knot-dns-users
