1. since I use HSM(now is softhsm) to store the DNSSEC key, does it more
insecure to convert the key(s) from HSM to .private file with
dnssec-keyfromlabel ?
keys are not actually 'converted' with this utility; instead the .private file
links to the corresponding private (and typically unexportab
Hi,
The KB article was written before dnssec-policy. Unfortunately, OpenSSL
with engine_pkcs11 does not support creating keys. So if you want to use
an HSM with dnssec-policy, you will need to create the keys yourself and
you can then import them in the key-directory with dnssec-keyfromlabel.
hi,
I have tried the DNSSEC sign testing according the document,
https://kb.isc.org/docs/bind-9-pkcs11
(and section 5.5 of the Bv9ARM of version 9.18.16)
I have two questions about it,
1. since I use HSM(now is softhsm) to store the DNSSEC key, does it more
insecure to convert the key(s) from HS
3 matches
Mail list logo
