On Tue, 11 Mar 2014, Petr Spacek wrote:
generating 1 KSKs of 2048 bits for policy 'default'.
generating 5 ZSKs of 1024 bits for policy 'default'.
It generated one year's worth of keys. With a 365D lifetime for KSK,
that means 1 key. With a 90D ZSK lifetime, that means 5.
# ods-enforcer key list --verbose
Keys:
Zone: Keytype: State: Date of next transition:
Size: Algorithm: CKA_ID: Repository: KeyTag:
lab1.test. KSK generate 2014-03-13 05:35:24 2048
8 7efdabae0433129e47649bb51ab2dbdb SoftHSM 53104
lab1.test. ZSK publish 2014-03-13 05:35:24 1024
8 c9666dfba6f038118c196d181d12a9d7 SoftHSM 20835
Is it a bug? Or did I misunderstood KASP? (attached)
Two keys are in use by ods, the other keys are just waiting in the
softhsm for when ods needs one.
Paul
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
