NAME
ods-hsmutil - OpenDNSSEC HSM utility
SYNOPSIS
ods-hsmutil [-c config] [-v] command [options]
DESCRIPTION
The ods-hsmutil utility is mainly used for debugging or testing. It is
designed to interact directly with your HSM and can be used to manually
list, create or delete keys. It can also be used to perform a set of
basics HSM tests. Be careful before creating or deleting keys using
ods-hsmutil, as the changes are not synchronized with the KASP
Enforcer.
The repositories are configured by the user in the OpenDNSSEC
configuration file. The configuration contains the name of the
repository, the token label, the user PIN, and the path to its shared
library.
COMMANDS
list [repository]
List the keys that are available in all or one repository
generate repository rsa keysize
Generate a new RSA key with the given keysize in the repository
remove id
Delete the key with the given id
purge repository
Delete all keys in one repository
dnskey id name
Create a DNSKEY RR for the given owner name based on the key
with this id
test repository
Perform a number of tests on a repository
OPTIONS
-c config
Path to an OpenDNSSEC configuration file
(defaults to /etc/opendnssec/conf.xml)
-h Show the help screen
-v Output more information by increasing the verbosity level
SEE ALSO
ods-auditor(1), ods-control(8), ods-enforcerd(8), ods-hsmspeed(1),
ods-kaspcheck(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8),
ods-timing(5), opendnssec(7), http://www.opendnssec.org/
AUTHORS
ods-hsmutil was written by Jakob Schlyter as part of the OpenDNSSEC
project.