In want to use SHA-256 for signing so I changed kasp.xml:
<!-- Parameters for KSK only -->
<KSK>
<Algorithm length="2048">8</Algorithm>
<Lifetime>P3D</Lifetime>
<Repository>softHSM</Repository>
<Standby>1</Standby>
</KSK>
<!-- Parameters for ZSK only -->
<ZSK>
<Algorithm length="1024">8</Algorithm>
<Lifetime>P1D</Lifetime>
<Repository>softHSM</Repository>
<Standby>1</Standby>
and I ran a "ksmutil update all". No error message but, at the next
resigning, everything is still done with algorithm 7. What did I
forget? Should I simply wait for the next key rollover?
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
