On Thu, Nov 14, 2013 at 9:51 AM, Matthijs Mekking <[email protected]>wrote:
> Hi Klaus, > > On 11/14/2013 08:25 AM, Klaus Darilion wrote: > > Hi! Using ODS 1.3.15 and nCipher HSMs: > > > > The key itself is identical, but the calculated tag differs when > > calculated by ods-hsmutil: KSKs have an offset of 4 (and reported falsly > > as ZSK), ZSKs have an offset of 3. > > The reason for this is that ods-ksmutil has knowledge over the kasp > database. Thus, it knows which DNSKEY algorithm and which flags are used > for keys. > > 'ods-hsmutil dnskey' makes a RSA-SHA1 (5) ZSK key given a CKA_ID. The > algorithm and flags are hard coded in the source. https://issues.opendnssec.org/browse/OPENDNSSEC-449
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
