Provided by: libhsm-bin_1.4.3-3_amd64 bug

NAME

       ods-hsmutil - OpenDNSSEC HSM utility

SYNOPSIS

       ods-hsmutil [-c config] [-v] command [options]

DESCRIPTION

       The  ods-hsmutil  utility  is  mainly  used  for  debugging  or testing. It is designed to
       interact directly with your HSM and can be used to manually list, create or  delete  keys.
       It  can  also  be used to perform a set of basics HSM tests. Be careful before creating or
       deleting keys using ods-hsmutil, as  the  changes  are  not  synchronized  with  the  KASP
       Enforcer.

       The  repositories  are  configured  by  the user in the OpenDNSSEC configuration file. The
       configuration contains the name of the repository, the token label, the user PIN, and  the
       path to its shared library.

COMMANDS

       login  If  there  is no PIN in conf.xml, then this command will ask for it and login.  The
              PINs are stored in a shared memory and are accessible to the other daemons.

       logout Will erase  the  semaphore  and  the  shared  memory  containing  any  credentials.
              Authenticated processes will still be able to interact with the HSM.

       list [repository]
              List the keys that are available in all or one repository

       generate repository rsa keysize
              Generate a new RSA key with the given keysize in the repository

       remove id
              Delete the key with the given id

       purge repository
              Delete all keys in one repository

       dnskey id name
              Create a DNSKEY RR for the given owner name based on the key with this id

       test repository
              Perform a number of tests on a repository

       info   Show detailed information about all repositories

OPTIONS

       -c config
              Path to an OpenDNSSEC configuration file

              (defaults to /etc/opendnssec/conf.xml)

       -h     Show the help screen

       -v     Output more information by increasing the verbosity level

SEE ALSO

       ods-auditor(1),   ods-control(8),   ods-enforcerd(8),  ods-hsmspeed(1),  ods-kaspcheck(1),
       ods-ksmutil(1),    ods-signer(8),    ods-signerd(8),     ods-timing(5),     opendnssec(7),
       http://www.opendnssec.org/

AUTHORS

       ods-hsmutil was written by Jakob Schlyter as part of the OpenDNSSEC project.