Hello JP,
I've just realised that the maximum PKCS#11 key label length probably isn't
enough to cover all possible zone names.
Some devices are limited to 32 characters. And the theoretical maximum length
of a textual dname is more than 1000 characters!
Also, the additional key metadata (e.g. KSK, ZSK) can change or one key can be
shared by more zones. So I don't see
a universal format for key labels and I would prefer not to implement it :-)
Best,
Daniel
On 5/6/22 21:37, Jan-Piet Mens wrote:
It's by design as nobody cared yet :-) I think it's easy to implement it.
Unfortunately,
it requires a slight modification of the libdnssec API, so it won't be possible
to backport it to 3.1.
Thanks, Daniel.
A bit of scripting might suffice; pseudo-code as I'm in relax mode away from
the scene
of the crime ;)
keymgr -l | while read z; do
keymgr $z list | while read cka_id rest; do
p11tool --set-label $z ...
done
done
Best,
-JP
--
--
