diff options
Diffstat (limited to 'contrib/pkcs11-keygen/README')
| -rw-r--r-- | contrib/pkcs11-keygen/README | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/contrib/pkcs11-keygen/README b/contrib/pkcs11-keygen/README new file mode 100644 index 0000000..4104e17 --- /dev/null +++ b/contrib/pkcs11-keygen/README @@ -0,0 +1,18 @@ +This is a set of utilities that when used together create rsa keys in +a PKCS11 keystore. The keys will have a label of "zone,zsk|ksk,xxx" and +an id of the keytag in hex. + +Run genkey.sh to generate a new key and call the other programs in turn. +Run writekey.sh to load key to the key store from Kxxx.{key,private}. + +genkey[.c] uses PKCS11 calls to generate keys. +PEM_write_pubkey[.c] uses OpenSSL to write a public key from the key store + into a file in PEM format. +keyconv.pl uses Net::DNS::SEC to calculate the key tag and to write out + a DNSKEY RR into a file. +set_key_id[.c] uses PKCS11 to set to the key id == keytag in the key store. +readkey[.c] and writekey[.c] extracts and loads a key from/to the key store. +keydump.pl uses Net::DNS::SEC to get the key from a Kxxx.private file and + write it into a file in PEM format. + +listobjs and destroyobjs browse the key store, prints or destroys objects. |