Re: [knot-dns-users] Failure importing a public key from BIND

Tue, 09 Nov 2021 11:54:09 -0800 

Well, strike two: the public key will of course be present in the KASP,
not the SoftHSM keystore.

On Tue, Nov 9, 2021 at 12:42 PM Luveh Keraph <[email protected]> wrote:

> OK, what I was doing wrong is that if I specify /tmp/pubkey as the name of
> the file, keymgr is going to look for the public key in a file named
> /tmp/pubkey.key. After doing so, I get the following:
>
> # ./keymgr 00.mydomain.com. import-pub /tmp/pubkey
> 6b20f3002af4526101b2c99a166fe90d019765ba
> OK
>
> This ostensibly works - but I see no corresponding entry (or entries)
> added to the SoftHSM keystore.  Where is the key that has just been
> imported?
>
>
> On Tue, Nov 9, 2021 at 12:31 PM Luveh Keraph <[email protected]> wrote:
>
>> I am trying to import a public key generated by BIND into Knot, when
>> using the SoftHSM2 key store. I have the following pieces of information:
>>
>> In my knot.conf file:
>>
>> policy:
>>    - id: SoftHSMRSAPolicy
>>      algorithm: RSASHA256
>>      ksk-size: 2048
>>      zsk-size: 2048
>>      ksk-lifetime: 7h
>>      zsk-lifetime: 6h
>>      dnskey-ttl: 12s
>>      zone-max-ttl: 15s
>>      keystore: SoftHSM
>>
>> zone:
>>   - domain: 00.mydomain.com
>>     storage: /srv/knot
>>     file: db.mydomain00
>>     dnssec-signing: on
>>     dnssec-policy: SoftHSMRSAPolicy
>>
>> The public key is in a file named pubkey, and has the following contents:
>>
>> ; This is a zone-signing key, keyid 14694, for 00.mydomain.com.
>> ; Created: 20211109192137 (Tue Nov  9 12:21:37 2021)
>> ; Publish: 20211109192137 (Tue Nov  9 12:21:37 2021)
>> ; Activate: 20211109192137 (Tue Nov  9 12:21:37 2021)
>> 00.mydomain.com. IN DNSKEY 256 3 8 AwEAAd1XmDMiF4/WWW+lneSg2hScxQl
>> TJHU/cIyBnDJDnW3MFkuyR7e+y3UqZScTXz5tfcGkDYGpqFqZ3+RgyN7A3ZAC3RsayivUuE9lec25IT97
>> jPZaTsHUjalDQjXkBhCIHBb79vVsz0SMZOeez78qzhRtpdkFYVNRcAW4EZVgdQAdiuJGeDEuxsaTkRnLwujnaqURyAzevqfQfjz319CPsYr4tN4K9nu2Fc0Sh+b5pdM6ejRieLnUUgZpuefRfgsSHJQErNe
>> FevdtihLpq93r
>> E5OARwmK0c4vyzgpmREloMJlwV+lrZdlKqZnnIZIXgkD+59Tjh0XZ72exdvonun4uG8=
>>
>> (The DNSKEY record is in a single line.)
>>
>> The command I am using to import this key is
>>
>> # ./keymgr 00.mydomain.com. import-pub ./pubkey
>>
>> This spins for a few seconds and then prints out:
>>
>> Error: file error
>>
>> Any ideas as to what it is that I am doing wrong?
>>
>>
>>
>>
>> The command that I am invoking to import this public key is the following:
>>
>>
>>

-- 
https://lists.nic.cz/mailman/listinfo/knot-dns-users

Reply via email to