1ods-hsmutil(1)              OpenDNSSEC ods-hsmutil              ods-hsmutil(1)
2
3
4

NAME

6       ods-hsmutil - OpenDNSSEC HSM utility
7

SYNOPSIS

9       ods-hsmutil [-c config] [-v] command [options]
10

DESCRIPTION

12       The  ods-hsmutil utility is mainly used for debugging or testing. It is
13       designed to interact directly with your HSM and can be used to manually
14       list,  create  or  delete keys. It can also be used to perform a set of
15       basics HSM tests. Be careful before creating  or  deleting  keys  using
16       ods-hsmutil,  as  the  changes  are  not  synchronized  with  the  KASP
17       Enforcer.
18
19       The repositories are configured by the user in the OpenDNSSEC  configu‐
20       ration file. The configuration contains the name of the repository, the
21       token label, the user PIN, and the path to its shared library.
22

COMMANDS

24       login  If there is no PIN in conf.xml, then this command will  ask  for
25              it  and  login.   The PINs are stored in a shared memory and are
26              accessible to the other daemons.
27
28       logout Will erase the semaphore and the shared  memory  containing  any
29              credentials.   Authenticated  processes  will  still  be able to
30              interact with the HSM.
31
32       list [repository]
33              List the keys that are available in all or one repository
34
35       generate repository rsa|dsa|gost|ecdsa [keysize]
36              Generate a new key with the given  keysize  in  the  repository.
37              Note  that GOST has a fixed key size and that ECDSA has two sup‐
38              ported curves, P-256 and P-384. In the case of ECDSA, use 256 or
39              384 as the keysize.
40
41       remove id
42              Delete the key with the given id
43
44       purge repository
45              Delete all keys in one repository
46
47       dnskey id name type algo
48              Create  a  DNSKEY  RR  for the given owner name based on the key
49              with this id.  The type will indicate if it is a  KSK  (257)  or
50              ZSK  (256).  Please  use  the numerical value. The algo, a value
51              from the IANA repository, must match the algorithm of the key.
52
53       test repository
54              Perform a number of tests on a repository
55
56       info   Show detailed information about all repositories
57

OPTIONS

59       -c config
60              Path to an OpenDNSSEC configuration file
61
62              (defaults to /etc/opendnssec/conf.xml)
63
64       -h     Show the help screen
65
66       -v     Output more information by increasing the verbosity level
67

SEE ALSO

69       ods-control(8),  ods-enforcerd(8),  ods-hsmspeed(1),  ods-kaspcheck(1),
70       ods-signer(8),    ods-signerd(8),    ods-enforcer(8),    ods-timing(5),
71       ods-kasp(5), opendnssec(7), http://www.opendnssec.org/
72

AUTHORS

74       ods-hsmutil was written by Jakob Schlyter as  part  of  the  OpenDNSSEC
75       project.
76
77
78
79OpenDNSSEC                       February 2010                  ods-hsmutil(1)
Impressum