Hi Luveh,
I agree the quoted sentence from the documentation is pretty brief, and thus inaccurate.
The KASP database always contains just the public keys and some key metadata.
The private keys are stored in a keystore, i.e. PEM files or (Soft)HSM according to configuration.
This is also true for new keys generated with keymgr.
Thanks anyway for your question,
Libor
Tha man page for keymgr says that the keymgr generate command (quote) Generates new DNSSEC key and stores it in KASP database. (unquote)
What is exactly stored in the KASP database?
The reason I am asking is because the actual cryptographic key will be available in the clear only when using the default key store. When using an HSM (or event softhsm) only the HSM will have access to the key in the clear. So, what is it that gets stored in the KASP database when an HSM is used for generating keys?