The softhsm-keyconv utility could help (http://manpages.ubuntu.com/manpages/xenial/en/man1/softhsm-keyconv.1.html)
Daniel
On 3/7/19 8:40 AM, Milan Jeskynka Kazatel wrote:
> Hello Daniel,
>
> thanks for your hint.
> But seems to be a good question - how to somehow convert .pem to .private?
>
> The .private format should contains a hash which is probably combined from .pem and used algorithms.
> i.e
> Private-key-format: v1.3
> Algorithm: 13 (ECBSAP256SHA256)
> PrivateKey: tCVJuLcTTBJ6cwXoyxYxE6wQlEB1fKHlVnVKc/YPBET=
> Created: 20190227083519
> Publish: 20190227083519
> Activate: 20190227083519
>
> Then I logically looking for some tool which allows me this conversion. When BIND sign the zone by himself it uses a /dev/random to combine the .private. If you can hint me some usable 3rd party tool for manual conversion I'll be really happy.
>
> I check the keymgr which allows reverse conversion from BIND .key and .private to KNOT.
>
> Best regards.
> --
> Smil Milan Jeskyňka Kazatel
>
> ---------- Původní e-mail ----------
> Od: daniel.salzman@nic.cz
> Komu: Milan Jeskynka Kazatel <KazatelM@seznam.cz>
> Datum: 6. 3. 2019 21:18:35
> Předmět: Re: [knot-dns-users] konvert Knot DNS sigantures certs to BIND format.
>
>
> Hello Milan,
>
> We don't provide any tool for such a conversion. But it should be
> possible
> to do it manually. The .key file is simple. Just use `keymgr <zone>
> dnskey`.
> The .private file is more tricky. You have to somehow convert Knot's
> .pem file
> and set timestamp and other items.
>
> Daniel
>
> On 2019-03-04 10:05, Milan Jeskynka Kazatel wrote:
> > Hello community,
> >
> > can I somehow convert stored certificates for a signed zone to BIND
> > format?
> >
> > My use case is to change used topology for authoritative servers. I´m
> > manage existing zones in Knot, now I would like to transfer it to BIND
> > and use existing certificates for signing it on BIND due to DS records
> > in parent zones. The knot will be reconfigured as a slave.
> >
> > Is it possible to achieve it?
> >
> > Thanks.
> > --
> > Smil Milan Jeskyňka Kazatel
>