In the documentation I find a section about importing and exporting key
pairs.
I tried to export the key pairs used by OpenDNSsec for KSK and ZSK keys.
According to this section I need a command as in:
softhsm --export key2.pem --slot 1 --id A1B2 --pin 123456
I think I understand all parameters, except, apparently, the id, which is,
unfortunately, a required parameter.
As far as I can see, a 4 digit hexadecimal id is needed. How do I find the
Id corresponding to my KSK or ZSK key? The command
ods-ksmutil key list --verbose
lists my keys with a key tag, which seems to be a numeric maximum 5 digit
number, never greater than about 65000. The same numbers I see in the signed
zone files in the comment section of the DNSKEY record, where they are
called the id of the key. It seems to fulfill the requirements for the key
id, but if I convert such a number to hexadecimal format and then try the
result as the id in the softhsm --export command, an error message is
printed:
Error: Could not find the private key with ID = AF59
So, apparently, this is not the right way to get the id of the key pair.
Therefore, my question is, how do I find the key id of the keys used by
OpenDNSsec?
Fred.Zwarts.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
