Hi Luveh,
I agree the quoted sentence from the documentation is pretty brief, and
thus inaccurate.
The KASP database always contains just the public keys and some key
metadata.
The private keys are stored in a keystore, i.e. PEM files or (Soft)HSM
according to configuration.
This is also true for new keys generated with keymgr.
Thanks anyway for your question,
Libor
Dne 05. 08. 21 v 21:50 Luveh Keraph napsal(a):
Tha man page for keymgr says that the keymgr generate
command
(quote) Generates new DNSSEC key and stores it in KASP database.
(unquote)
What is exactly stored in the KASP database?
The reason I am asking is because the actual cryptographic key will be
available in the clear only when using the default key store. When
using an HSM (or event softhsm) only the HSM will have access to the
key in the clear. So, what is it that gets stored in the KASP
database when an HSM is used for generating keys?