Greetings
My computer has these:- --os 64 bit blfs linux, bind-9.10.1, softhsm2(beta) (i.e. I am playing with bind-9.10.1 and the new native-pkcs11 interface and softhsm2(beta). For generating keys for dnssec two utilities -A- dnssec-keygen or -B- pkcs11-keygen can be used. -A- gives more functionality but then the keys have to be transformed using (i) softhsm2-keyconv (which transfrom to pkcs8 (eg PEM format) then (ii) softhsm2-util to transfer to the HSM -B- also gives generation of the key this time directly on the HSM ). I want to have a go with -A- for no other reason than that it gives more flexibility for key-rollovers. Running -A- requires specifying a key directory where the key is generated. I would like to know from the bind experts a) if this directory information is encoded in the generated key (i.e. the KSK in this case ) AND b) if it is safe to remove the key and key directory after softhsm2-keyconv has been run and the transformed key successfully transferred to the HSM. Thanks in advance yours sincerely sbuXolo _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users