Provided by: libhsm-bin_2.1.5-1ubuntu1_amd64 bug

NAME
       ods-hsmutil - OpenDNSSEC HSM utility


SYNOPSIS
       ods-hsmutil [-c config] [-v] command [options]


DESCRIPTION
       The  ods-hsmutil  utility  is  mainly  used  for  debugging  or testing. It is designed to
       interact directly with your HSM and can be used to manually list, create or  delete  keys.
       It  can  also  be used to perform a set of basics HSM tests. Be careful before creating or
       deleting keys using ods-hsmutil, as  the  changes  are  not  synchronized  with  the  KASP
       Enforcer.

       The  repositories  are  configured  by  the user in the OpenDNSSEC configuration file. The
       configuration contains the name of the repository, the token label, the user PIN, and  the
       path to its shared library.


COMMANDS
       login  If  there  is no PIN in conf.xml, then this command will ask for it and login.  The
              PINs are stored in a shared memory and are accessible to the other daemons.

       logout Will erase  the  semaphore  and  the  shared  memory  containing  any  credentials.
              Authenticated processes will still be able to interact with the HSM.

       list [repository]
              List the keys that are available in all or one repository

       generate repository rsa|dsa|gost|ecdsa [keysize]
              Generate  a new key with the given keysize in the repository.  Note that GOST has a
              fixed key size and that ECDSA has two supported curves, P-256  and  P-384.  In  the
              case of ECDSA, use 256 or 384 as the keysize.

       remove id
              Delete the key with the given id

       purge repository
              Delete all keys in one repository

       dnskey id name type algo
              Create  a  DNSKEY  RR  for the given owner name based on the key with this id.  The
              type will indicate if it is a KSK (257) or ZSK  (256).  Please  use  the  numerical
              value.  The algo, a value from the IANA repository, must match the algorithm of the
              key.

       test repository
              Perform a number of tests on a repository

       info   Show detailed information about all repositories


OPTIONS
       -c config
              Path to an OpenDNSSEC configuration file

              (defaults to /etc/opendnssec/conf.xml)

       -h     Show the help screen

       -v     Output more information by increasing the verbosity level


SEE ALSO
       ods-control(8),  ods-enforcerd(8),   ods-hsmspeed(1),   ods-kaspcheck(1),   ods-signer(8),
       ods-signerd(8),     ods-enforcer(8),     ods-timing(5),     ods-kasp(5),    opendnssec(7),
       http://www.opendnssec.org/


AUTHORS
       ods-hsmutil was written by Jakob Schlyter as part of the OpenDNSSEC project.