converting from opendnssec/openhsm?
Jan-Piet Mens
list at mens.de
Fri Jan 27 18:47:38 UTC 2023
>is there a known hack to extract keys from opendnssec/openhsm to use for
>bind bitw inline-signing?
Assuming you mean SoftHSM (i/o openhsm), no, I don't think so, at least not
when using its default settings. (That is one of the main features of an HSM --
to keep the keys safe -- although there are devices which permit exporting
private keys...)
What is possible is to have BIND use PKCS#11 to use the keys stored in SoftHSM.
Lots of *cough* fun in doing that.
(BTW, this is irrespective of inline- or other forms of signing.)
-JP
More information about the bind-users
mailing list