1. since I use HSM(now is softhsm) to store the DNSSEC key, does it more
insecure to convert the key(s) from HSM to .private file with
dnssec-keyfromlabel ?
keys are not actually 'converted' with this utility; instead the .private file
links to the corresponding private (and typically unexportab
Hi,
The KB article was written before dnssec-policy. Unfortunately, OpenSSL
with engine_pkcs11 does not support creating keys. So if you want to use
an HSM with dnssec-policy, you will need to create the keys yourself and
you can then import them in the key-directory with dnssec-keyfromlabel.
2 matches
Mail list logo
