NAME¶
ods-hsmutil - OpenDNSSEC HSM utility
SYNOPSIS¶
ods-hsmutil [
-c config] [
-v]
command
[
options]
DESCRIPTION¶
The ods-hsmutil utility is mainly used for debugging or testing. It is designed
to interact directly with your HSM and can be used to manually list, create or
delete keys. It can also be used to perform a set of basics HSM tests. Be
careful before creating or deleting keys using ods-hsmutil, as the changes are
not synchronized with the KASP Enforcer.
The repositories are configured by the user in the OpenDNSSEC configuration
file. The configuration contains the name of the repository, the token label,
the user PIN, and the path to its shared library.
COMMANDS¶
- list [repository]
- List the keys that are available in all or one
repository
- generate repository rsa
keysize
- Generate a new RSA key with the given keysize in the
repository
- remove id
- Delete the key with the given id
- purge repository
- Delete all keys in one repository
- dnskey id name
- Create a DNSKEY RR for the given owner name based on
the key with this id
- test repository
- Perform a number of tests on a repository
- info
- Show detailed information about all repositories
OPTIONS¶
- -c config
- Path to an OpenDNSSEC configuration file
(defaults to /etc/opendnssec/conf.xml)
- -h
- Show the help screen
- -v
- Output more information by increasing the verbosity
level
SEE ALSO¶
ods-auditor(1),
ods-control(8),
ods-enforcerd(8),
ods-hsmspeed(1),
ods-kaspcheck(1),
ods-ksmutil(1),
ods-signer(8),
ods-signerd(8),
ods-timing(5),
opendnssec(7),
http://www.opendnssec.org/
AUTHORS¶
ods-hsmutil was written by Jakob Schlyter as part of the OpenDNSSEC
project.