I just spotted a few errors in my logs. The same happens for other zones as well. Despite these errors the key seems be stored just fine. I use SoftHSM version 1.2.0 as packaged by Ondřej Surý. There is no real problem, things just work. I wonder if this is really an error or just a misleading message.
Jan 20 13:04:45 metagross ods-signerd: No information yet for key
8c02fca833110020983c64f61ae843fc
Jan 20 13:04:45 metagross ods-signerd: Generating DNSKEY RR for
8c02fca833110020983c64f61ae843fc
Jan 20 13:04:45 metagross ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/get_class -f
/var/lib/opendnssec/tmp/example.com.sorted'
Jan 20 13:04:45 metagross ods-signerd: create_dnskey stderr: Error initializing
libhsm
Jan 20 13:04:45 metagross ods-signerd: create_dnskey status: 3
Jan 20 13:04:45 metagross ods-signerd: equality: False
Jan 20 13:04:45 metagross ods-signerd: Error: could not find key
8c02fca833110020983c64f61ae843fc
Jan 20 13:04:45 metagross ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/get_class -f
/var/lib/opendnssec/tmp/example.com.sorted'
Jan 20 13:04:45 metagross ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/zone_reader -c /etc/opendnssec/conf.xml -f
/var/lib/opendnssec/tmp/example.com.sorted -k 1 -o example.com -s
/var/lib/opendnssec/signconf/example.com.xml -w
/var/lib/opendnssec/tmp/example.com.nsecced -x
/var/lib/opendnssec/tmp/example.com.optout'
Jan 20 13:04:45 metagross ods-signerd: Writing file to zone_reader:
/var/lib/opendnssec/tmp/example.com.sorted
Jan 20 13:04:45 metagross ods-signerd: Nseccing failed
Jan 20 13:04:45 metagross ods-signerd: create_dnskey stderr: Error initializing
libhsm
Jan 20 13:04:45 metagross ods-signerd: create_dnskey status: 3
Jan 20 13:04:45 metagross ods-signerd: equality: False
root@metagross:~# ods-ksmutil key list --zone example.com -v
SQLite database set to: /var/lib/opendnssec/db/kasp.db
Keys:
Zone: Keytype: State: Date of next
transition: CKA_ID: Repository:
Keytag:
example.com KSK active 2011-11-29 14:35:20
927ec803b8cecd1660ac461ce52710f7 SoftHSM 36969
example.com KSK dsready When required
39aee23e7d7353cf3b611daf58d0ce41 SoftHSM 10813
example.com KSK dsready When required
d50ea2e36b1cc9f59dd20a3b970f4f17 SoftHSM 12793
example.com ZSK active 2011-01-25 13:54:33
a23bcd8ab51453011b030f336804149b SoftHSM 40155
example.com ZSK ready next rollover
8221da5577cb758178d03e76ba62e679 SoftHSM 28775
example.com ZSK ready next rollover
c79ba9dcd023e48cd7291bbd0d9ea776 SoftHSM 26460
example.com ZSK ready next rollover
55e036a808ce250677759122524c5c70 SoftHSM 5940
example.com ZSK ready next rollover
8c02fca833110020983c64f61ae843fc SoftHSM 46688
root@metagross:~# ods-ksmutil key export --zone example.com--keytype ZSK
--keystate READY |grep 46688
SQLite database set to: /var/lib/opendnssec/db/kasp.db
example.com. 3600 IN DNSKEY 256 3 7
AwEAAcZYtP3U/NAzDV5D4aeR5QFAU93/nx50ajj6FxG6Z9fXI7visFIt6Eo+p85HmQHozE65jkBzPuP6QV7l2r4A0Np5rDs5diKsRrSHgxTGsRVaKdOzWfzHsYW1hnvktNoHV+ZM9G/He0+0zwEPfaatqi1hLQ30CujfcDkTRyCeOeWv
;{id = 46688 (zsk), size = 1024b}
root@metagross:~# softhsm --version
1.2.0
--
Casper Gielen <[email protected]> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
