On 11/12/12 08:58, Paul Wouters wrote: > > Hi, Hi Paul,
> > When using an HSM, I can run dnssec-fromlabel with the CKAID to get the > keytag/algo of the key. How can I do the same with softhsm? Is that only > possible recompiling bind with softhsm as PKCS#11 provider? The softhsm is only a key container which doesn't know anything about what are you doing with the keys. > > Perhaps the ods suite can add a small utility for this? Or even better, > store this in the signconf XML? The association key <-> zone is done in the KASP db, so when using OpenDNSSEC you can get the details you look for using ods-ksmutil >From memory, BIND keeps the association key <-> zone in a text file, where the CKA_ID is stored. I don't have a BIND signer at hand to check. I hope it helps, > > Paul > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535 _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
