Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SOFTHSM-KEYCONV(1)					    SOFTHSM-KEYCONV(1)

NAME
       softhsm-keyconv - converting between BIND and PKCS#8 key file formats

SYNOPSIS
       softhsm-keyconv --topkcs8 --in path --out path [--pin PIN]
       softhsm-keyconv --tobind --in path [--pin PIN] \
	      --name name [--ttl ttl --ksk] --algorithm algorithm

DESCRIPTION
       softhsm-keyconv	can  convert  between  BIND .private-key files and the
       PKCS#8 file format.  This is so that you can  import  the  PKCS#8  file
       into  libsofthsm	 using	the command softhsm.  If you have another file
       format, then openssl probably can help  you  to	convert	 it  into  the
       PKCS#8 file format.

       The  following  files will be created when converting to BIND file for‐
       mat:

       Kname+alg_id+key_tag.key
	      Public key in RR format

       Kname+alg_id+key_tag.private
	      Private key in BIND key format

       The three parts of the file name means the following:

	      name   The owner name given by the --name argument.

	      alg_id A numeric representation of the --algorithm argument.

	      key_tag
		     Is a checksum of the DNSKEY RDATA.

OPTIONS
       --topkcs8
	      Convert from BIND .private-key format to PKCS#8.
	      Use with --in, --out, and --pin.

       --tobind
	      Convert from PKCS#8 to BIND .private-key format.
	      Use with --in, --pin, --name, --ttl, --ksk, and --algorithm.

       --algorithm algorithm
	      Specifies which DNSSEC algorithm to use when converting to  BIND
	      format.  The supported algorithms are:
		     RSAMD5
		     DSA
		     RSASHA1
		     RSASHA1-NSEC3-SHA1
		     DSA-NSEC3-SHA1
		     RSASHA256
		     RSASHA512

       --help, -h
	      Shows the help screen.

       --in path
	      The path to the input file.

       --ksk  This will set the flag field to 257 instead of 256 in the DNSKEY
	      RR in the .key file.  Indicating that the key is a  Key  Signing
	      Key.  Can be used when converting to BIND format.

       --name name
	      The  owner  name	to use in the BIND file name and in the DNSKEY
	      RR.  Do not forget the trailing dot, e.g. "example.com."

       --out path
	      The path to the output file.

       --pin PIN
	      The PIN will be used to  encrypt	or  decrypt  the  PKCS#8  file
	      depending	 if we are converting to or from PKCS#8.  If not given
	      then the PKCS#8 file is assumed to be unencrypted.

       --ttl TTL
	      The TTL to use for the DNSKEY RR.	 Optional, this	 will  default
	      to 3600 seconds.

       --version, -v
	      Show the version info.

EXAMPLES
       To  convert  a  BIND  .private-key file to a PKCS#8 file, the following
       command can be used:

	      softhsm-keyconv --in Kexample.com.+007+05474.private \
		     --out rsa.pem

       To convert a PKCS#8 file to BIND key files, the following  command  can
       be used:

	      softhsm-keyconv --in rsa.pem --name example.com. \
		     --ksk --algorithm RSASHA1-NSEC3-SHA1

AUTHOR
       Written by Rickard Bellgrim.

SEE ALSO
       softhsm(1),  softhsm.conf(5),  openssl(1),  named(1), dnssec-keygen(1),
       dnssec-signzone(1)

SoftHSM			       21 December 2009		    SOFTHSM-KEYCONV(1)

Vote for polarhome