Op 10-12-12 20:58, Paul Wouters schreef: > > Hi, > > When using an HSM, I can run dnssec-fromlabel with the CKAID to get the > keytag/algo of the key. How can I do the same with softhsm? Is that only > possible recompiling bind with softhsm as PKCS#11 provider?
You'll have to get the algorith from the Kasp. I don't think there is a utillity for that, but you could get it directly from the database. If you use MySQL the following should do the trick. (Obviously you should replace YOUR_ZONE_HERE with the actual name of the zone). echo "SELECT name,HSMkey_id,algorithm,size FROM keypairs,dnsseckeys,zones WHERE keypairs.id=dnsseckeys.keypair_id AND dnsseckeys.zone_id=zones.id AND keytype=257 AND zones.name='YOUR_ZONE_HERE'" | mysql -p opendnssec -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
