Well, strike two: the public key will of course be present in the KASP,  not the SoftHSM keystore.

On Tue, Nov 9, 2021 at 12:42 PM Luveh Keraph <1.41421@gmail.com> wrote:
OK, what I was doing wrong is that if I specify /tmp/pubkey as the name of the file, keymgr is going to look for the public key in a file named /tmp/pubkey.key. After doing so, I get the following:

# ./keymgr 00.mydomain.com. import-pub /tmp/pubkey

This ostensibly works - but I see no corresponding entry (or entries) added to the SoftHSM keystore.  Where is the key that has just been imported?

On Tue, Nov 9, 2021 at 12:31 PM Luveh Keraph <1.41421@gmail.com> wrote:
I am trying to import a public key generated by BIND into Knot, when using the SoftHSM2 key store. I have the following pieces of information:

In my knot.conf file:

   - id: SoftHSMRSAPolicy
     algorithm: RSASHA256
     ksk-size: 2048
     zsk-size: 2048
     ksk-lifetime: 7h
     zsk-lifetime: 6h
     dnskey-ttl: 12s
     zone-max-ttl: 15s
     keystore: SoftHSM

  - domain: 00.mydomain.com
    storage: /srv/knot
    file: db.mydomain00
    dnssec-signing: on
    dnssec-policy: SoftHSMRSAPolicy

The public key is in a file named pubkey, and has the following contents:

; This is a zone-signing key, keyid 14694, for 00.mydomain.com.
; Created: 20211109192137 (Tue Nov  9 12:21:37 2021)
; Publish: 20211109192137 (Tue Nov  9 12:21:37 2021)
; Activate: 20211109192137 (Tue Nov  9 12:21:37 2021)
00.mydomain.com. IN DNSKEY 256 3 8 AwEAAd1XmDMiF4/WWW+lneSg2hScxQl
TJHU/cIyBnDJDnW3MFkuyR7e+y3UqZScTXz5tfcGkDYGpqFqZ3+RgyN7A3ZAC3RsayivUuE9lec25IT97 jPZaTsHUjalDQjXkBhCIHBb79vVsz0SMZOeez78qzhRtpdkFYVNRcAW4EZVgdQAdiuJGeDEuxsaTkRnLwujnaqURyAzevqfQfjz319CPsYr4tN4K9nu2Fc0Sh+b5pdM6ejRieLnUUgZpuefRfgsSHJQErNe
FevdtihLpq93r E5OARwmK0c4vyzgpmREloMJlwV+lrZdlKqZnnIZIXgkD+59Tjh0XZ72exdvonun4uG8=

(The DNSKEY record is in a single line.)

The command I am using to import this key is

# ./keymgr 00.mydomain.com. import-pub ./pubkey

This spins for a few seconds and then prints out:

Error: file error

Any ideas as to what it is that I am doing wrong?

The command that I am invoking to import this public key is the following: