Hello, I'm writing an export function to export the OpenDNSSEC keys from the database to a format understood by BIND. This already works very nicely[*]:
* I lookup the labels of the keys in the database and then use
dnssec-keyfromlabel to extract the keys from the HSM.
* Next I use dnssec-signzone to sign a zone with those keys.
There is only one issue: determining the state of the keys.
In the openDNSSEC database you have the keydata_view, which
has a state column which holds an integer. Now the question.
Are these integers defined in enforcer/ksm/include/ksm/ksm.h?
#define KSM_STATE_GENERATE 1
#define KSM_STATE_GENERATE_STRING "generate"
#define KSM_STATE_PUBLISH 2
#define KSM_STATE_PUBLISH_STRING "publish
....
....
And will they be kept stable in upcoming openDNSSEC releases?
Kind regards,
Miek Gieben
[*] The shell scripts are alpha quality, but I'm happy to post them to
this list if somebody wants to see them.
--
Miek
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
