I would say it is working and has been working since around June of 2020. In my case opendnssec was installed together with openhsm2 in amd64 machines following procedure well described in opendnssec readme doc.
Manually edited the kasp.xml list in both KSK and ZSK sections to: <Algorithm length="256">15</Algorithm> Listing keys in repository by: ods-hsmutil -v list SoftHSM Shows most of keys in repository, including ones in use and future ones, have type: EDDSA/255 Among them are the ones listed by ods-enforcer key list -v KSK and ZSK are active and are listed in hsm repository as EDDSA/255 type. KSK are published in the tld administrar for my country and listed as algorithm15. Domains are online, in production. Already performed KSK rollovers which I must do manually. Popular dnsviz.net checks the domain perfectly and clearly shows the algorithm 15 (Ed25519) for the keytag of the active KSK. Only after the latest update those log messages appeared and there was no output file from signing process. Reverted the package, as mentioned, and signing is now successful and new RRSets are online. If there is any more details you need please let me know. Ppmiguel On Mon, 6 Dec 2021, 09:48 Stuart Henderson, <[email protected]> wrote: > > Are you certain that this worked properly > If you're sure it worked, can you give me some commamds to type to > reproduce it? I tried with the docs om the wiki but they have never been > updated properly.fpr 2.0 and trying to figure it out based on outdated > docs that arem't very good to start with, plus "what changed since > 1.4" is not my idea of fun. > >
