-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Casper,
It looks like the signer could not access the HSM. I see that listing
the keys as root works, but has the signer the right permissions to
access the keys stored in the softHSM?
Best regards,
Matthijs
On 01/20/2011 01:27 PM, Casper Gielen wrote:
> I just spotted a few errors in my logs. The same happens for other zones as
> well.
> Despite these errors the key seems be stored just fine.
> I use SoftHSM version 1.2.0 as packaged by Ondřej Surý.
> There is no real problem, things just work. I wonder if this is really an
> error
> or just a misleading message.
>
> Jan 20 13:04:45 metagross ods-signerd: No information yet for key
> 8c02fca833110020983c64f61ae843fc
>
> Jan 20 13:04:45 metagross ods-signerd: Generating DNSKEY RR for
> 8c02fca833110020983c64f61ae843fc
>
> Jan 20 13:04:45 metagross ods-signerd: Run command:
> '/usr/lib/opendnssec/opendnssec/get_class -f
> /var/lib/opendnssec/tmp/example.com.sorted'
>
> Jan 20 13:04:45 metagross ods-signerd: create_dnskey stderr: Error
> initializing libhsm
>
> Jan 20 13:04:45 metagross ods-signerd: create_dnskey status: 3
>
>
> Jan 20 13:04:45 metagross ods-signerd: equality: False
>
>
> Jan 20 13:04:45 metagross ods-signerd: Error: could not find key
> 8c02fca833110020983c64f61ae843fc
>
> Jan 20 13:04:45 metagross ods-signerd: Run command:
> '/usr/lib/opendnssec/opendnssec/get_class -f
> /var/lib/opendnssec/tmp/example.com.sorted'
>
> Jan 20 13:04:45 metagross ods-signerd: Run command:
> '/usr/lib/opendnssec/opendnssec/zone_reader -c /etc/opendnssec/conf.xml -f
> /var/lib/opendnssec/tmp/example.com.sorted -k 1 -o example.com -s
> /var/lib/opendnssec/signconf/example.com.xml -w
> /var/lib/opendnssec/tmp/example.com.nsecced -x
> /var/lib/opendnssec/tmp/example.com.optout'
>
> Jan 20 13:04:45 metagross ods-signerd: Writing file to zone_reader:
> /var/lib/opendnssec/tmp/example.com.sorted
>
> Jan 20 13:04:45 metagross ods-signerd: Nseccing failed
>
>
> Jan 20 13:04:45 metagross ods-signerd: create_dnskey stderr: Error
> initializing libhsm
>
> Jan 20 13:04:45 metagross ods-signerd: create_dnskey status: 3
>
>
> Jan 20 13:04:45 metagross ods-signerd: equality: False
>
> root@metagross:~# ods-ksmutil key list --zone example.com -v
>
>
> SQLite database set to: /var/lib/opendnssec/db/kasp.db
>
>
> Keys:
>
>
> Zone: Keytype: State: Date of next
> transition: CKA_ID: Repository:
> Keytag:
> example.com KSK active 2011-11-29 14:35:20
> 927ec803b8cecd1660ac461ce52710f7 SoftHSM 36969
>
> example.com KSK dsready When required
> 39aee23e7d7353cf3b611daf58d0ce41 SoftHSM 10813
>
> example.com KSK dsready When required
> d50ea2e36b1cc9f59dd20a3b970f4f17 SoftHSM 12793
>
> example.com ZSK active 2011-01-25 13:54:33
> a23bcd8ab51453011b030f336804149b SoftHSM 40155
>
> example.com ZSK ready next rollover
> 8221da5577cb758178d03e76ba62e679 SoftHSM 28775
>
> example.com ZSK ready next rollover
> c79ba9dcd023e48cd7291bbd0d9ea776 SoftHSM 26460
>
> example.com ZSK ready next rollover
> 55e036a808ce250677759122524c5c70 SoftHSM 5940
>
> example.com ZSK ready next rollover
> 8c02fca833110020983c64f61ae843fc SoftHSM 46688
>
>
> root@metagross:~# ods-ksmutil key export --zone example.com--keytype ZSK
> --keystate READY |grep 46688
> SQLite database set to: /var/lib/opendnssec/db/kasp.db
> example.com. 3600 IN DNSKEY 256 3 7
> AwEAAcZYtP3U/NAzDV5D4aeR5QFAU93/nx50ajj6FxG6Z9fXI7visFIt6Eo+p85HmQHozE65jkBzPuP6QV7l2r4A0Np5rDs5diKsRrSHgxTGsRVaKdOzWfzHsYW1hnvktNoHV+ZM9G/He0+0zwEPfaatqi1hLQ30CujfcDkTRyCeOeWv
> ;{id = 46688 (zsk), size = 1024b}
>
> root@metagross:~# softhsm --version
> 1.2.0
>
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> [email protected]
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNODb7AAoJEA8yVCPsQCW5SCkIAI9DA2MQvnC4LT5vQiuwoWUx
8/d9rqdVTh87gdf6Tktb0mHf1nlmTFiZ5o2Q32Ch2uDo6H9nPBYGvNRUcmvtF2Vu
aLTM+ZTIFCuh1ZtXXneQRe3YgI5AvPRyL++QC3ai6u513PS567tzrHVQKck26hwU
Pf91E9THL7rwhw5CGxqUn84Msx/oh2m8ZRnAJIaHW4lUA4j8iNolLrZnJmvOwVRI
q+SBbDJ4kD5aXAsSBnDZqDcy50hdcLmiF7KlC0A0XbpZWgJOe5YHv30fetKV92tK
nria6EWVD1HDtVlCKSxET9zp86jvFB1R/BrdwxMfJc4CQa3TYMZdiQrC2Qg5Ts4=
=Aa8o
-----END PGP SIGNATURE-----
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
