debian man page for softhsm-keyconv

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: softhsm-keyconv

OS: debian

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

SOFTHSM-KEYCONV(1)					      General Commands Manual						SOFTHSM-KEYCONV(1)


NAME

       softhsm-keyconv - converting between BIND and PKCS#8 key file formats


SYNOPSIS

       softhsm-keyconv --topkcs8 --in path --out path [--pin PIN]
       softhsm-keyconv --tobind --in path [--pin PIN] 
	      --name name [--ttl ttl --ksk] --algorithm algorithm


DESCRIPTION

       softhsm-keyconv	can  convert  between  BIND .private-key files and the PKCS#8 file format.  This is so that you can import the PKCS#8 file
       into libsofthsm using the command softhsm.  If you have another file format, then openssl probably can help you	to  convert  it  into  the
       PKCS#8 file format.

       The following files will be created when converting to BIND file format:

       Kname+alg_id+key_tag.key
	      Public key in RR format

       Kname+alg_id+key_tag.private
	      Private key in BIND key format

       The three parts of the file name means the following:

	      name   The owner name given by the --name argument.

	      alg_id A numeric representation of the --algorithm argument.

	      key_tag
		     Is a checksum of the DNSKEY RDATA.


OPTIONS

       --topkcs8
	      Convert from BIND .private-key format to PKCS#8.
	      Use with --in, --out, and --pin.

       --tobind
	      Convert from PKCS#8 to BIND .private-key format.
	      Use with --in, --pin, --name, --ttl, --ksk, and --algorithm.

       --algorithm algorithm
	      Specifies which DNSSEC algorithm to use when converting to BIND format.  The supported algorithms are:
		     RSAMD5
		     DSA
		     RSASHA1
		     RSASHA1-NSEC3-SHA1
		     DSA-NSEC3-SHA1
		     RSASHA256
		     RSASHA512

       --help, -h
	      Shows the help screen.

       --in path
	      The path to the input file.

       --ksk  This will set the flag field to 257 instead of 256 in the DNSKEY RR in the .key file.  Indicating that the key is a Key Signing Key.
	      Can be used when converting to BIND format.

       --name name
	      The owner name to use in the BIND file name and in the DNSKEY RR.  Do not forget the trailing dot, e.g. "example.com."

       --out path
	      The path to the output file.

       --pin PIN
	      The PIN will be used to encrypt or decrypt the PKCS#8 file depending if we are converting to or from PKCS#8.  If not given then  the
	      PKCS#8 file is assumed to be unencrypted.

       --ttl TTL
	      The TTL to use for the DNSKEY RR.  Optional, this will default to 3600 seconds.

       --version, -v
	      Show the version info.


EXAMPLES

       To convert a BIND .private-key file to a PKCS#8 file, the following command can be used:

	      softhsm-keyconv --in Kexample.com.+007+05474.private 
		     --out rsa.pem

       To convert a PKCS#8 file to BIND key files, the following command can be used:

	      softhsm-keyconv --in rsa.pem --name example.com. 
		     --ksk --algorithm RSASHA1-NSEC3-SHA1


AUTHOR

       Written by Rickard Bellgrim.


SEE ALSO

       softhsm(1), softhsm.conf(5), openssl(1), named(1), dnssec-keygen(1), dnssec-signzone(1)

SoftHSM 							 21 December 2009						SOFTHSM-KEYCONV(1)
Related Man Pages
dnssec-keyfromlabel(8) - centos
pkcs8(1) - centos
pkcs8(1) - opendarwin
dnssec-keyfromlabel(8) - suse
pkcs8(1) - osx
Similar Topics in the Unix Linux Community
BIND and dig errors
bind version
need help on some converting command
Help needed with script to verify the version of BIND
Need help in converting the file format