thanks to rob austein
{{{
#!/bin/sh -
# Extract keys from SoftHSM. This requires pulling the zone names,
# key IDs, and flags from the database (SQLite3 in this installation).
#database=/usr/local/var/opendnssec/kasp.db
database=copy-of-kasp.db
sqlite3 $database 'SELECT name, HSMkey_id, keytype FROM zones JOIN dnsseckeys
ON zones.id = dnsseckeys.zone_id JOIN keypairs ON keypairs.id =
dnsseckeys.keypair_id' |
awk '
BEGIN {
pin = "haha";
FS = "[|]";
}
{
zone = $1; keyid = $2; keytype = $3;
if (keytype == 257)
ksk = " --ksk";
else
ksk = "";
system("softhsm --export key." keyid ".pem --slot 0 --pin " pin " --id "
keyid);
system("softhsm-keyconv --tobind --in key." keyid ".pem --pin " pin "
--name " zone " --algorithm RSASHA256" ksk);
}'
}}}
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
