>> is there a known hack to extract keys from opendnssec/openhsm to use for >> bind bitw inline-signing? > > Assuming you mean SoftHSM
sorry, my bad. first cuppa. > I don't think so, at least not when using its default settings. (That > is one of the main features of an HSM -- to keep the keys safe as sra says, it is sqlite3 containing PKCS #8 wrapped with RFC 5649. those are unwrappable and extractable i was hoping someone had been here before and saved the scripts to do the extraction and then convert to DNSKEY format > What is possible is to have BIND use PKCS#11 to use the keys stored in > SoftHSM. Lots of *cough* fun in doing that. half of what i would prefer randy -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users