> That really puzzled me why there was a sudden error with softhsm. > $ softhsm --show-slot > Available slots: > Slot 0 > Token present: yes > Token initialized: no > User PIN initialized: no > initialized:no? I'm sure I use this slot to create keys before this disaster > came. > > But I can get the key list, does that mean the slot or the softhsm is ok? > Finally,I have to run > $softhsm --init-token --slot 0 --label "OpenDNSSEC" > to re-initialized the slot,but the disaster occurred that all the keys used > before are not in the new repository,and all the keys are useless
The token is not initialized according to SoftHSM. If you are sure that you used the token before, then the question is why it is considered as uninitialized. You can verify this by looking into the SoftHSM token database and see if there are any objects using the sqlite3 command. Unfortunately, you ran the initialize command and this can thus not be done. If you initialize a token, then any objects will be removed. This is when backups comes in handy if you want to restore a previous state. When the Enforcer list the keys, it only look into its own database of DNSSEC keys. There is no search performed in the HSM. The Enforcer only has the CKA_ID of the objects in the HSM. // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
