softhsm-keyconv - Online in the Cloud

Run softhsm-keyconv in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command softhsm-keyconv that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

Run in Ubuntu Run in Fedora Run in Windows Sim Run in MACOS Sim

PROGRAM:

NAME

softhsm-keyconv - converting between BIND and PKCS#8 key file formats

SYNOPSIS

softhsm-keyconv --topkcs8 --in path --out path [--pin PIN]
softhsm-keyconv --tobind --in path [--pin PIN] \
--name name [--ttl ttl --ksk] --algorithm algorithm

DESCRIPTION

softhsm-keyconv can convert between BIND .private-key files and the PKCS#8 file format.
This is so that you can import the PKCS#8 file into libsofthsm using the command softhsm.
If you have another file format, then openssl probably can help you to convert it into the
PKCS#8 file format.

The following files will be created when converting to BIND file format:

Kname+alg_id+key_tag.key
Public key in RR format

Kname+alg_id+key_tag.private
Private key in BIND key format

The three parts of the file name means the following:

name The owner name given by the --name argument.

alg_id A numeric representation of the --algorithm argument.

key_tag
Is a checksum of the DNSKEY RDATA.

OPTIONS

--topkcs8
Convert from BIND .private-key format to PKCS#8.
Use with --in, --out, and --pin.

--tobind
Convert from PKCS#8 to BIND .private-key format.
Use with --in, --pin, --name, --ttl, --ksk, and --algorithm.

--algorithm algorithm
Specifies which DNSSEC algorithm to use when converting to BIND format. The
supported algorithms are:
RSAMD5
DSA
RSASHA1
RSASHA1-NSEC3-SHA1
DSA-NSEC3-SHA1
RSASHA256
RSASHA512

--help, -h
Shows the help screen.

--in path
The path to the input file.

--ksk This will set the flag field to 257 instead of 256 in the DNSKEY RR in the .key
file. Indicating that the key is a Key Signing Key. Can be used when converting
to BIND format.

--name name
The owner name to use in the BIND file name and in the DNSKEY RR. Do not forget
the trailing dot, e.g. "example.com."

--out path
The path to the output file.

--pin PIN
The PIN will be used to encrypt or decrypt the PKCS#8 file depending if we are
converting to or from PKCS#8. If not given then the PKCS#8 file is assumed to be
unencrypted.

--ttl TTL
The TTL to use for the DNSKEY RR. Optional, this will default to 3600 seconds.

--version, -v
Show the version info.

EXAMPLES

To convert a BIND .private-key file to a PKCS#8 file, the following command can be used:

softhsm-keyconv --in Kexample.com.+007+05474.private \
--out rsa.pem

To convert a PKCS#8 file to BIND key files, the following command can be used:

softhsm-keyconv --in rsa.pem --name example.com. \
--ksk --algorithm RSASHA1-NSEC3-SHA1

Use softhsm-keyconv online using onworks.net services