Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ods-hsmutil(1)		    OpenDNSSEC ods-hsmutil		ods-hsmutil(1)

NAME
       ods-hsmutil - OpenDNSSEC	HSM utility

SYNOPSIS
       ods-hsmutil [-c config] [-v] command [options]

DESCRIPTION
       The  ods-hsmutil	utility	is mainly used for debugging or	testing. It is
       designed	to interact directly with your HSM and can be used to manually
       list,  create  or  delete keys. It can also be used to perform a	set of
       basics HSM tests. Be careful before creating  or	 deleting  keys	 using
       ods-hsmutil,  as	 the  changes  are  not	synchronized with the KASP En-
       forcer.

       The repositories	are configured by the user in the OpenDNSSEC  configu-
       ration file. The	configuration contains the name	of the repository, the
       token label, the	user PIN, and the path to its shared library.

COMMANDS
       login  If there is no PIN in conf.xml, then this	command	will  ask  for
	      it  and  login.	The PINs are stored in a shared	memory and are
	      accessible to the	other daemons.

       logout Will erase the semaphore and the shared  memory  containing  any
	      credentials.   Authenticated processes will still	be able	to in-
	      teract with the HSM.

       list [repository]
	      List the keys that are available in all or one repository

       generate	repository rsa|dsa|gost|ecdsa [keysize]
	      Generate a new key with the given	 keysize  in  the  repository.
	      Note  that GOST has a fixed key size and that ECDSA has two sup-
	      ported curves, P-256 and P-384. In the case of ECDSA, use	256 or
	      384 as the keysize.

       remove id
	      Delete the key with the given id

       purge repository
	      Delete all keys in one repository

       dnskey id name type algo
	      Create  a	 DNSKEY	 RR  for the given owner name based on the key
	      with this	id.  The type will indicate if it is a	KSK  (257)  or
	      ZSK  (256).  Please  use	the numerical value. The algo, a value
	      from the IANA repository,	must match the algorithm of the	key.

       test repository
	      Perform a	number of tests	on a repository

       info   Show detailed information	about all repositories

OPTIONS
       -c config
	      Path to an OpenDNSSEC configuration file

	      (defaults	to /usr/local/etc/opendnssec/conf.xml)

       -h     Show the help screen

       -v     Output more information by increasing the	verbosity level

SEE ALSO
       ods-control(8),	ods-enforcerd(8),  ods-hsmspeed(1),  ods-kaspcheck(1),
       ods-signer(8),	 ods-signerd(8),    ods-enforcer(8),	ods-timing(5),
       ods-kasp(5), opendnssec(7), http://www.opendnssec.org/

AUTHORS
       ods-hsmutil was written by Jakob	Schlyter as  part  of  the  OpenDNSSEC
       project.

OpenDNSSEC			 February 2010			ods-hsmutil(1)

NAME | SYNOPSIS | DESCRIPTION | COMMANDS | OPTIONS | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ods-hsmutil&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help