GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SOFTHSM-KEYCONV (1)

NAME

softhsm-keyconv - converting between BIND and PKCS#8 key file formats

CONTENTS

Synopsis
Description
Options
Examples
Author

SYNOPSIS

softhsm-keyconv --topkcs8 --in path --out path [--pin PIN]
softhsm-keyconv --tobind --in path [--pin PIN] \    
--name name [--ttl ttl --ksk] --algorithm algorithm

DESCRIPTION

softhsm-keyconv can convert between BIND .private-key files and the PKCS#8 file format. This is so that you can import the PKCS#8 file into libsofthsm using the command softhsm. If you have another file format, then openssl probably can help you to convert it into the PKCS#8 file format.

The following files will be created when converting to BIND file format:
Kname+alg_id+key_tag.key
  Public key in RR format
Kname+alg_id+key_tag.private
  Private key in BIND key format
The three parts of the file name means the following:
 
name The owner name given by the --name argument.
alg_id A numeric representation of the --algorithm argument.
key_tag
  Is a checksum of the DNSKEY RDATA.

OPTIONS

--topkcs8
  Convert from BIND .private-key format to PKCS#8.
Use with --in, --out, and --pin.
--tobind
  Convert from PKCS#8 to BIND .private-key format.
Use with --in, --pin, --name, --ttl, --ksk, and --algorithm.
--algorithm algorithm
  Specifies which DNSSEC algorithm to use when converting to BIND format. The supported algorithms are:
 
RSAMD5
DSA
RSASHA1
RSASHA1-NSEC3-SHA1
DSA-NSEC3-SHA1
RSASHA256
RSASHA512

--help, -h Shows the help screen.
--in path
  The path to the input file.
--ksk This will set the flag field to 257 instead of 256 in the DNSKEY RR in the .key file. Indicating that the key is a Key Signing Key. Can be used when converting to BIND format.
--name name
  The owner name to use in the BIND file name and in the DNSKEY RR. Do not forget the trailing dot, e.g. "example.com."
--out path
  The path to the output file.
--pin PIN
  The PIN will be used to encrypt or decrypt the PKCS#8 file depending if we are converting to or from PKCS#8. If not given then the PKCS#8 file is assumed to be unencrypted.
--ttl TTL
  The TTL to use for the DNSKEY RR. Optional, this will default to 3600 seconds.
--version, -v
  Show the version info.

EXAMPLES

To convert a BIND .private-key file to a PKCS#8 file, the following command can be used:

softhsm-keyconv --in Kexample.com.+007+05474.private \

   --out rsa.pem

To convert a PKCS#8 file to BIND key files, the following command can be used:

softhsm-keyconv --in rsa.pem --name example.com. \

   --ksk --algorithm RSASHA1-NSEC3-SHA1

AUTHOR

Written by Rickard Bellgrim.

SEE ALSO

softhsm(1), softhsm.conf(5), openssl(1), named(1), dnssec-keygen(1), dnssec-signzone(1)
Search for    or go to Top of page |  Section 1 |  Main Index


SoftHSM SOFTHSM-KEYCONV (1) 21 December 2009

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.