On 30 jun 2010, at 11.59, Miek Gieben wrote:
> * I lookup the labels of the keys in the database and then use
> dnssec-keyfromlabel to extract the keys from the HSM.
I would recommend you to not read from the KASP database directly, as we cannot
commit to keeping the database schema between releases. Integration with the
enforcer should, if possible, be done using the XML output.
I've implemented this (I described in [1]), i.e. an adapter for using BIND as
the signer engine (both online and offline) for OpenDNSSEC, and I hope to be
able to publish this program (as open source) shortly.
jakob
[1] http://www.kirei.se/en/2010/02/04/ods4bind/
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
