is there a known hack to extract keys from opendnssec/openhsm to use for
bind bitw inline-signing?
Assuming you mean SoftHSM (i/o openhsm), no, I don't think so, at least not
when using its default settings. (That is one of the main features of an HSM --
to keep the keys safe -- although there are devices which permit exporting
private keys...)
What is possible is to have BIND use PKCS#11 to use the keys stored in SoftHSM.
Lots of *cough* fun in doing that.
(BTW, this is irrespective of inline- or other forms of signing.)
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
