Re: convert Knot DNS sigantures certs to BIND format.

Milan Jeskynka Kazatel wrote: > > your suggested workflow working for me in most of the cases. Unfortunately, > it happens that the resigning mechanism creates whitespace in the DNSKEY That should be benign, provided it is horizontal space without newlines. For example, BIND creates .key files wi

Re: convert Knot DNS sigantures certs to BIND format.

after signing process? Many thanks for any advice, best regards,  -- Smil Jeskyňka Kazatel -- Původní e-mail -- Od: Tony Finch Komu: Milan Jeskynka Kazatel Datum: 14. 3. 2019 17:23:38 Předmět: Re: convert Knot DNS sigantures certs to BIND format. "Milan Jeskynka Ka

Re: convert Knot DNS sigantures certs to BIND format.

Petr Mensik wrote: > > Maybe, just maybe it would be easier to modify that tool to be able > producing also the other direction. Definitely, if the key conversion isn't a one-off :-) Tony. -- f.anthony.n.finchhttp://dotat.at/ Viking, North Utsire: Southwesterly 4 or 5, increasing 6 to gale

Re: convert Knot DNS sigantures certs to BIND format.

Hi Tony and Milan, softhsm2 contains useful tool that converts bind private key file into PKCS#8 format: softhsm2-keyconv. Or modify dnssec-keyfromlabel to be able read files from different file formats as well? Maybe, just maybe it would be easier to modify that tool to be able producing also t

Re: convert Knot DNS sigantures certs to BIND format.

Knot DNS sigantures certs to BIND format. "Milan Jeskynka Kazatel wrote: > > Now I´m able to sign my zone. But in dsset file, which should contain the > same DS as I already have in the parent zone a have different "keytag" and > different hash.  > > In my case i

Re: convert Knot DNS sigantures certs to BIND format.

Milan Jeskynka Kazatel wrote: > > Now I´m able to sign my zone. But in dsset file, which should contain the > same DS as I already have in the parent zone a have different "keytag" and > different hash.  > > In my case is "keytag" in dsset file is 43120. OK, referring to your previous message...

Re: convert Knot DNS sigantures certs to BIND format.

lan Jeskyňka Kazatel -- Původní e-mail -- Od: Tony Finch Komu: Milan Jeskynka Kazatel Datum: 14. 3. 2019 14:56:26 Předmět: Re: convert Knot DNS sigantures certs to BIND format. "Milan Jeskynka Kazatel wrote: > > When I tried to re-sign my zone in BIND by Webmin, then I get

Re: convert Knot DNS sigantures certs to BIND format.

Milan Jeskynka Kazatel wrote: > > When I tried to re-sign my zone in BIND by Webmin, then I get this error > message below. My original "keytag" is 43121. I don´t understand, where is > written information like example.com/ECDSAP256SHA256/45623 BIND often does not refer to key files by filename,

Re: convert Knot DNS sigantures certs to BIND format.

Re: convert Knot DNS sigantures certs to BIND format. "Milan Jeskynka Kazatel wrote: > > I received a hint for a tool which allows converting .pem format used in > Knot to .key and .private used in BIND, but it, unfortunately, does not > support ECDSAP256SHA256 algorithm which I used. A

Re: convert Knot DNS sigantures certs to BIND format.

Milan Jeskynka Kazatel wrote: > > I received a hint for a tool which allows converting .pem format used in > Knot to .key and .private used in BIND, but it, unfortunately, does not > support ECDSAP256SHA256 algorithm which I used. Ah, sounds like Knot uses a relatively familiar key format, so we

convert Knot DNS sigantures certs to BIND format.

Hello Comunity,  can I somehow convert Knot DNS stored certificates for a signed zone to BIND   format?    My use case is to change used topology for authoritative servers. I ´m manage existing zones in Knot, now I would like to transfer it to BIND  and use existing certificates for signing it o