Hello,
I have BIND 9.10 compiled with native PKCS#11 support and Thales nShield
Connect HSM.
The problem is with dnssec-keyfromlabel that is unable to generate key
pair from HSM.
First, the keys were generated in HSM using OpenDNSSEC.
The keys are correctly listed by following command:
$ sudo /usr/local/bind9.10.2/sbin/pkcs11-list -s 761406613
slot 761406613
Enter Pin:
object[0]: handle 1122 class 3 label[32]
'9af889382e25222b32eb59f67c95cb53' id[16] 0x9af889382e25222b...
object[1]: handle 1123 class 3 label[32]
'1095a767cb4e3ac8f5cdcb8d4a108e34' id[16] 0x1095a767cb4e3ac8...
When trying to execute the following command i get the error:
$ sudo /usr/local/bind9.10.2/sbin/dnssec-keyfromlabel -l
"pkcs11:object=9af889382e25222b32eb59f67c95cb53;pin-source=/etc/pass" -a
8 -P now -A now example.com <http://example.com>
dnssec-keyfromlabel: fatal: failed to get key example.com/RSASHA256
<http://example.com/RSASHA256>: not found
Any ideas on how to solve this ?
Regards,
Catalin L.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
