-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
> > I'm looking for documentation or methodology on how to move between > > unlike HSM's - eg between the SoftHSM and a hardware version. Can this > > be done easily or is this a 'first remove DS from parent' type > > operation? > > I would have thought that a number of OpenDNSSEC users would have > > started using the SoftHSM and would later migrate to Hardware - so guess > > someone has done this? > > Does this help: https://dnssec.surfnet.nl/?p=771 ? Yes, that should help you. It is better than exporting your keys from SoftHSM into a hardware HSM, because that would mean you protect your keys well, but haven't done so in the past. It'd never feel quite right. The only thing in that direction could be to import the keys and then to roll them. I think the above, well-tested and well-documented, procedure is better -- unless you know very well what you are doing. - -Rick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: New to PGP? http://openfortress.nl/doc/essay/OpenPGP/index.nl.html iEYEARECAAYFAlByq2QACgkQFBGpwol1RgaQpgCfcsuqawMCa9L1rC1MrWue562/ iZsAnAg4ZJllI9LFmBGUBBXcsb9eJA2x =1ZpG -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
