converting from opendnssec/openhsm?
Randy Bush
randy at psg.com
Fri Jan 27 20:23:41 UTC 2023
>> is there a known hack to extract keys from opendnssec/openhsm to use for
>> bind bitw inline-signing?
>
> Assuming you mean SoftHSM
sorry, my bad. first cuppa.
> I don't think so, at least not when using its default settings. (That
> is one of the main features of an HSM -- to keep the keys safe
as sra says, it is sqlite3 containing PKCS #8 wrapped with RFC 5649.
those are unwrappable and extractable
i was hoping someone had been here before and saved the scripts to do
the extraction and then convert to DNSKEY format
> What is possible is to have BIND use PKCS#11 to use the keys stored in
> SoftHSM. Lots of *cough* fun in doing that.
half of what i would prefer
randy
More information about the bind-users
mailing list