GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
ods-hsmutil(1) OpenDNSSEC ods-hsmutil ods-hsmutil(1)

ods-hsmutil - OpenDNSSEC HSM utility

ods-hsmutil [-c config] [-v] command [options]

The ods-hsmutil utility is mainly used for debugging or testing. It is designed to interact directly with your HSM and can be used to manually list, create or delete keys. It can also be used to perform a set of basics HSM tests. Be careful before creating or deleting keys using ods-hsmutil, as the changes are not synchronized with the KASP Enforcer.

The repositories are configured by the user in the OpenDNSSEC configuration file. The configuration contains the name of the repository, the token label, the user PIN, and the path to its shared library.

login
If there is no PIN in conf.xml, then this command will ask for it and login. The PINs are stored in a shared memory and are accessible to the other daemons.
logout
Will erase the semaphore and the shared memory containing any credentials. Authenticated processes will still be able to interact with the HSM.
list [repository]
List the keys that are available in all or one repository
generate repository rsa|dsa|gost|ecdsa [keysize]
Generate a new key with the given keysize in the repository. Note that GOST has a fixed key size and that ECDSA has two supported curves, P-256 and P-384. In the case of ECDSA, use 256 or 384 as the keysize.
remove id
Delete the key with the given id
purge repository
Delete all keys in one repository
dnskey id name type algo
Create a DNSKEY RR for the given owner name based on the key with this id. The type will indicate if it is a KSK (257) or ZSK (256). Please use the numerical value. The algo, a value from the IANA repository, must match the algorithm of the key.
test repository
Perform a number of tests on a repository
info
Show detailed information about all repositories

-c config
Path to an OpenDNSSEC configuration file

(defaults to /usr/local/etc/opendnssec/conf.xml)

-h
Show the help screen
-v
Output more information by increasing the verbosity level

ods-control(8), ods-enforcerd(8), ods-hsmspeed(1), ods-kaspcheck(1), ods-signer(8), ods-signerd(8), ods-enforcer(8), ods-timing(5), ods-kasp(5), opendnssec(7), http://www.opendnssec.org/

ods-hsmutil was written by Jakob Schlyter as part of the OpenDNSSEC project.
February 2010 OpenDNSSEC
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.