Provided by: libhsm-bin_2.1.5-1ubuntu1_amd64 bug

NAME
       ods-hsmutil - OpenDNSSEC HSM utility


SYNOPSIS
       ods-hsmutil [-c config] [-v] command [options]


DESCRIPTION
       The ods-hsmutil utility is mainly used for debugging or testing. It is designed to interact directly with
       your HSM and can be used to manually list, create or delete keys. It can also be used to perform a set of
       basics  HSM  tests. Be careful before creating or deleting keys using ods-hsmutil, as the changes are not
       synchronized with the KASP Enforcer.

       The repositories are configured by the user in  the  OpenDNSSEC  configuration  file.  The  configuration
       contains the name of the repository, the token label, the user PIN, and the path to its shared library.


COMMANDS
       login  If  there is no PIN in conf.xml, then this command will ask for it and login.  The PINs are stored
              in a shared memory and are accessible to the other daemons.

       logout Will erase the  semaphore  and  the  shared  memory  containing  any  credentials.   Authenticated
              processes will still be able to interact with the HSM.

       list [repository]
              List the keys that are available in all or one repository

       generate repository rsa|dsa|gost|ecdsa [keysize]
              Generate  a new key with the given keysize in the repository.  Note that GOST has a fixed key size
              and that ECDSA has two supported curves, P-256 and P-384. In the case of ECDSA, use 256 or 384  as
              the keysize.

       remove id
              Delete the key with the given id

       purge repository
              Delete all keys in one repository

       dnskey id name type algo
              Create a DNSKEY RR for the given owner name based on the key with this id.  The type will indicate
              if it is a KSK (257) or ZSK (256). Please use the numerical value. The algo, a value from the IANA
              repository, must match the algorithm of the key.

       test repository
              Perform a number of tests on a repository

       info   Show detailed information about all repositories


OPTIONS
       -c config
              Path to an OpenDNSSEC configuration file

              (defaults to /etc/opendnssec/conf.xml)

       -h     Show the help screen

       -v     Output more information by increasing the verbosity level


SEE ALSO
       ods-control(8),   ods-enforcerd(8),  ods-hsmspeed(1),  ods-kaspcheck(1),  ods-signer(8),  ods-signerd(8),
       ods-enforcer(8), ods-timing(5), ods-kasp(5), opendnssec(7), http://www.opendnssec.org/


AUTHORS
       ods-hsmutil was written by Jakob Schlyter as part of the OpenDNSSEC project.