DragonFly On-Line Manual Pages

Search: Section:  

SOFTHSM-KEYCONV(1)     DragonFly General Commands Manual    SOFTHSM-KEYCONV(1)


NAME

       softhsm-keyconv - converting between BIND and PKCS#8 key file formats


SYNOPSIS

       softhsm-keyconv --topkcs8 --in path --out path [--pin PIN]
       softhsm-keyconv --tobind --in path [--pin PIN] \
              --name name [--ttl ttl --ksk] --algorithm algorithm


DESCRIPTION

       softhsm-keyconv can convert between BIND .private-key files and the
       PKCS#8 file format.  This is so that you can import the PKCS#8 file
       into libsofthsm using the command softhsm.  If you have another file
       format, then openssl probably can help you to convert it into the
       PKCS#8 file format.

       The following files will be created when converting to BIND file
       format:

       Kname+alg_id+key_tag.key
              Public key in RR format

       Kname+alg_id+key_tag.private
              Private key in BIND key format

       The three parts of the file name means the following:

              name   The owner name given by the --name argument.

              alg_id A numeric representation of the --algorithm argument.

              key_tag
                     Is a checksum of the DNSKEY RDATA.


OPTIONS

       --topkcs8
              Convert from BIND .private-key format to PKCS#8.
              Use with --in, --out, and --pin.

       --tobind
              Convert from PKCS#8 to BIND .private-key format.
              Use with --in, --pin, --name, --ttl, --ksk, and --algorithm.

       --algorithm algorithm
              Specifies which DNSSEC algorithm to use when converting to BIND
              format.  The supported algorithms are:
                     RSAMD5
                     DSA
                     RSASHA1
                     RSASHA1-NSEC3-SHA1
                     DSA-NSEC3-SHA1
                     RSASHA256
                     RSASHA512

       --help, -h
              Shows the help screen.

       --in path
              The path to the input file.

       --ksk  This will set the flag field to 257 instead of 256 in the DNSKEY
              RR in the .key file.  Indicating that the key is a Key Signing
              Key.  Can be used when converting to BIND format.

       --name name
              The owner name to use in the BIND file name and in the DNSKEY
              RR.  Do not forget the trailing dot, e.g. "example.com."

       --out path
              The path to the output file.

       --pin PIN
              The PIN will be used to encrypt or decrypt the PKCS#8 file
              depending if we are converting to or from PKCS#8.  If not given
              then the PKCS#8 file is assumed to be unencrypted.

       --ttl TTL
              The TTL to use for the DNSKEY RR.  Optional, this will default
              to 3600 seconds.

       --version, -v
              Show the version info.


EXAMPLES

       To convert a BIND .private-key file to a PKCS#8 file, the following
       command can be used:

              softhsm-keyconv --in Kexample.com.+007+05474.private \
                     --out rsa.pem

       To convert a PKCS#8 file to BIND key files, the following command can
       be used:

              softhsm-keyconv --in rsa.pem --name example.com. \
                     --ksk --algorithm RSASHA1-NSEC3-SHA1


AUTHOR

       Written by Rickard Bellgrim.


SEE ALSO

       softhsm(1), softhsm.conf(5), openssl(1), named(1), dnssec-keygen(1),
       dnssec-signzone(1)

SoftHSM                        21 December 2009             SOFTHSM-KEYCONV(1)

Search: Section: