9 Lis
2021
9 Lis
'21
20:31
I am trying to import a public key generated by BIND into Knot, when using
the SoftHSM2 key store. I have the following pieces of information:
In my knot.conf file:
policy:
- id: SoftHSMRSAPolicy
algorithm: RSASHA256
ksk-size: 2048
zsk-size: 2048
ksk-lifetime: 7h
zsk-lifetime: 6h
dnskey-ttl: 12s
zone-max-ttl: 15s
keystore: SoftHSM
zone:
- domain: 00.mydomain.com
storage: /srv/knot
file: db.mydomain00
dnssec-signing: on
dnssec-policy: SoftHSMRSAPolicy
The public key is in a file named pubkey, and has the following contents:
; This is a zone-signing key, keyid 14694, for 00.mydomain.com.
; Created: 20211109192137 (Tue Nov 9 12:21:37 2021)
; Publish: 20211109192137 (Tue Nov 9 12:21:37 2021)
; Activate: 20211109192137 (Tue Nov 9 12:21:37 2021)
00.mydomain.com. IN DNSKEY 256 3 8 AwEAAd1XmDMiF4/WWW+lneSg2hScxQl
TJHU/cIyBnDJDnW3MFkuyR7e+y3UqZScTXz5tfcGkDYGpqFqZ3+RgyN7A3ZAC3RsayivUuE9lec25IT97
jPZaTsHUjalDQjXkBhCIHBb79vVsz0SMZOeez78qzhRtpdkFYVNRcAW4EZVgdQAdiuJGeDEuxsaTkRnLwujnaqURyAzevqfQfjz319CPsYr4tN4K9nu2Fc0Sh+b5pdM6ejRieLnUUgZpuefRfgsSHJQErNe
FevdtihLpq93r
E5OARwmK0c4vyzgpmREloMJlwV+lrZdlKqZnnIZIXgkD+59Tjh0XZ72exdvonun4uG8=
(The DNSKEY record is in a single line.)
The command I am using to import this key is
# ./keymgr 00.mydomain.com. import-pub ./pubkey
This spins for a few seconds and then prints out:
Error: file error
Any ideas as to what it is that I am doing wrong?
The command that I am invoking to import this public key is the following:
9 Lis
9 Lis
20:42
OK, what I was doing wrong is that if I specify /tmp/pubkey as the name of
the file, keymgr is going to look for the public key in a file named
/tmp/pubkey.key. After doing so, I get the following:
# ./keymgr 00.mydomain.com. import-pub /tmp/pubkey
6b20f3002af4526101b2c99a166fe90d019765ba
OK
This ostensibly works - but I see no corresponding entry (or entries) added
to the SoftHSM keystore. Where is the key that has just been imported?
On Tue, Nov 9, 2021 at 12:31 PM Luveh Keraph <1.41421(a)gmail.com> wrote:
I am trying to import a public key generated by BIND
into Knot, when using
the SoftHSM2 key store. I have the following pieces of information:
In my knot.conf file:
policy:
- id: SoftHSMRSAPolicy
algorithm: RSASHA256
ksk-size: 2048
zsk-size: 2048
ksk-lifetime: 7h
zsk-lifetime: 6h
dnskey-ttl: 12s
zone-max-ttl: 15s
keystore: SoftHSM
zone:
- domain: 00.mydomain.com
storage: /srv/knot
file: db.mydomain00
dnssec-signing: on
dnssec-policy: SoftHSMRSAPolicy
The public key is in a file named pubkey, and has the following contents:
; This is a zone-signing key, keyid 14694, for 00.mydomain.com.
; Created: 20211109192137 (Tue Nov 9 12:21:37 2021)
; Publish: 20211109192137 (Tue Nov 9 12:21:37 2021)
; Activate: 20211109192137 (Tue Nov 9 12:21:37 2021)
00.mydomain.com. IN DNSKEY 256 3 8 AwEAAd1XmDMiF4/WWW+lneSg2hScxQl
TJHU/cIyBnDJDnW3MFkuyR7e+y3UqZScTXz5tfcGkDYGpqFqZ3+RgyN7A3ZAC3RsayivUuE9lec25IT97
jPZaTsHUjalDQjXkBhCIHBb79vVsz0SMZOeez78qzhRtpdkFYVNRcAW4EZVgdQAdiuJGeDEuxsaTkRnLwujnaqURyAzevqfQfjz319CPsYr4tN4K9nu2Fc0Sh+b5pdM6ejRieLnUUgZpuefRfgsSHJQErNe
FevdtihLpq93r
E5OARwmK0c4vyzgpmREloMJlwV+lrZdlKqZnnIZIXgkD+59Tjh0XZ72exdvonun4uG8=
(The DNSKEY record is in a single line.)
The command I am using to import this key is
# ./keymgr 00.mydomain.com. import-pub ./pubkey
This spins for a few seconds and then prints out:
Error: file error
Any ideas as to what it is that I am doing wrong?
The command that I am invoking to import this public key is the following:
20:53
Well, strike two: the public key will of course be present in the KASP,
not the SoftHSM keystore.
On Tue, Nov 9, 2021 at 12:42 PM Luveh Keraph <1.41421(a)gmail.com> wrote:
OK, what I was doing wrong is that if I specify
/tmp/pubkey as the name of
the file, keymgr is going to look for the public key in a file named
/tmp/pubkey.key. After doing so, I get the following:
# ./keymgr 00.mydomain.com. import-pub /tmp/pubkey
6b20f3002af4526101b2c99a166fe90d019765ba
OK
This ostensibly works - but I see no corresponding entry (or entries)
added to the SoftHSM keystore. Where is the key that has just been
imported?
On Tue, Nov 9, 2021 at 12:31 PM Luveh Keraph <1.41421(a)gmail.com> wrote:
> I am trying to import a public key generated by BIND into Knot, when
> using the SoftHSM2 key store. I have the following pieces of information:
>
> In my knot.conf file:
>
> policy:
> - id: SoftHSMRSAPolicy
> algorithm: RSASHA256
> ksk-size: 2048
> zsk-size: 2048
> ksk-lifetime: 7h
> zsk-lifetime: 6h
> dnskey-ttl: 12s
> zone-max-ttl: 15s
> keystore: SoftHSM
>
> zone:
> - domain: 00.mydomain.com
> storage: /srv/knot
> file: db.mydomain00
> dnssec-signing: on
> dnssec-policy: SoftHSMRSAPolicy
>
> The public key is in a file named pubkey, and has the following contents:
>
> ; This is a zone-signing key, keyid 14694, for 00.mydomain.com.
> ; Created: 20211109192137 (Tue Nov 9 12:21:37 2021)
> ; Publish: 20211109192137 (Tue Nov 9 12:21:37 2021)
> ; Activate: 20211109192137 (Tue Nov 9 12:21:37 2021)
> 00.mydomain.com. IN DNSKEY 256 3 8 AwEAAd1XmDMiF4/WWW+lneSg2hScxQl
> TJHU/cIyBnDJDnW3MFkuyR7e+y3UqZScTXz5tfcGkDYGpqFqZ3+RgyN7A3ZAC3RsayivUuE9lec25IT97
>
jPZaTsHUjalDQjXkBhCIHBb79vVsz0SMZOeez78qzhRtpdkFYVNRcAW4EZVgdQAdiuJGeDEuxsaTkRnLwujnaqURyAzevqfQfjz319CPsYr4tN4K9nu2Fc0Sh+b5pdM6ejRieLnUUgZpuefRfgsSHJQErNe
> FevdtihLpq93r
> E5OARwmK0c4vyzgpmREloMJlwV+lrZdlKqZnnIZIXgkD+59Tjh0XZ72exdvonun4uG8=
>
> (The DNSKEY record is in a single line.)
>
> The command I am using to import this key is
>
> # ./keymgr 00.mydomain.com. import-pub ./pubkey
>
> This spins for a few seconds and then prints out:
>
> Error: file error
>
> Any ideas as to what it is that I am doing wrong?
>
>
>
>
> The command that I am invoking to import this public key is the following:
>
>
>
1139
days inactive
1139
days old
2 comments
1 participants
participants (1)
-
Luveh Keraph