1ods-hsmutil(1)              OpenDNSSEC ods-hsmutil              ods-hsmutil(1)
2
3
4

NAME

6       ods-hsmutil - OpenDNSSEC HSM utility
7

SYNOPSIS

9       ods-hsmutil [-c config] [-v] command [options]
10

DESCRIPTION

12       The  ods-hsmutil utility is mainly used for debugging or testing. It is
13       designed to interact directly with your HSM and can be used to manually
14       list,  create  or  delete keys. It can also be used to perform a set of
15       basics HSM tests. Be careful before creating  or  deleting  keys  using
16       ods-hsmutil,  as  the  changes  are  not  synchronized  with  the  KASP
17       Enforcer.
18
19       The repositories are configured by the user in the OpenDNSSEC  configuā€
20       ration file. The configuration contains the name of the repository, the
21       token label, the user PIN, and the path to its shared library.
22

COMMANDS

24       login  If there is no PIN in conf.xml, then this command will  ask  for
25              it  and  login.   The PINs are stored in a shared memory and are
26              accessible to the other daemons.
27
28       logout Will erase the semaphore and the shared  memory  containing  any
29              credentials.   Authenticated  processes  will  still  be able to
30              interact with the HSM.
31
32       list [repository]
33              List the keys that are available in all or one repository
34
35       generate repository rsa keysize
36              Generate a new RSA key with the given keysize in the repository
37
38       remove id
39              Delete the key with the given id
40
41       purge repository
42              Delete all keys in one repository
43
44       dnskey id name
45              Create a DNSKEY RR for the given owner name  based  on  the  key
46              with this id
47
48       test repository
49              Perform a number of tests on a repository
50
51       info   Show detailed information about all repositories
52

OPTIONS

54       -c config
55              Path to an OpenDNSSEC configuration file
56
57              (defaults to /etc/opendnssec/conf.xml)
58
59       -h     Show the help screen
60
61       -v     Output more information by increasing the verbosity level
62

SEE ALSO

64       ods-auditor(1),   ods-control(8),   ods-enforcerd(8),  ods-hsmspeed(1),
65       ods-kaspcheck(1),   ods-ksmutil(1),   ods-signer(8),    ods-signerd(8),
66       ods-timing(5), opendnssec(7), http://www.opendnssec.org/
67

AUTHORS

69       ods-hsmutil  was  written  by  Jakob Schlyter as part of the OpenDNSSEC
70       project.
71
72
73
74OpenDNSSEC                       February 2010                  ods-hsmutil(1)
Impressum