[ Quoting Miek Gieben in "[Opendnssec-user] key state definit"... ] > Hello, > > I'm writing an export function to export the OpenDNSSEC keys from > the database to a format understood by BIND. This already works > very nicely[*]: > > [*] The shell scripts are alpha quality, but I'm happy to post them to > this list if somebody wants to see them.
We (SIDN) are going to use these scripts in production -- soonish. Currently the ods-export consists out of 4 scripts that read the kasp.db, convert the keys found from the HSM to bind9 format and set the timing paramaters (dnssec-keyfromlabel). Futher more there is a small Perl script that parses the signconf.xml to create the options for dnssec-signzone (-A -j -k, -T and -s <salt>), so that the signing parameters are in sync. Then dnssec-signzone -S <sign_options> is called to sign the zone. Our offer still stands, if people are interested in these scripts please contact me or SIDN. Kind regards, Miek Gieben
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
