Script started on Thu 27 Oct 2016 06:22:54 PM UTC ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_seq=1 ttl=255 time=1.06 ms 64 bytes from 192.168.0.2: icmp_seq=2 ttl=255 time=0.365 ms 64 bytes from 192.168.0.2: icmp_seq=3 ttl=255 time=0.526 ms 64 bytes from 192.168.0.2: icmp_seq=4 ttl=255 time=0.365 ms --- 192.168.0.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.365/0.581/1.068/0.288 ms ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# ksrsigner Kjqmt7v /media/KSR/ksr-root-2017-q1-0.xml Starting: ksrsigner Kjqmt7v /media/KSR/ksr-root-2017-q1-0.xml (at Thu Oct 27 18:38:03 2016 UTC) Use HSM /opt/dnssec/aep.hsmconfig? Activate HSM prior to accepting in the affirmative!! (y/N): y HSM /opt/dnssec/aep.hsmconfig activated. [debug] setenv KEYPER_LIBRARY_PATH=/opt/dnssec [debug] setenv PKCS11_LIBRARY_PATH=/opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Found 1 slots on HSM /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 HSM slot 0 included Loaded /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Slot=0 HSM Information: Label: ICANNKSK ManufacturerID: AEP Networks Model: Keyper 9860-2 Serial: H1403032 Validating last SKR with HSM... # Inception Expiration ZSK Tags KSK Tag(CKA_LABEL) 1 2016-10-01T00:00:00 2016-10-15T23:59:59 46551,39291 19036 2 2016-10-11T00:00:00 2016-10-25T23:59:59 46551,39291 19036 3 2016-10-21T00:00:00 2016-11-04T23:59:59 46551,39291 19036 4 2016-10-31T00:00:00 2016-11-14T23:59:59 39291 19036 5 2016-11-10T00:00:00 2016-11-24T23:59:59 39291 19036 6 2016-11-20T00:00:00 2016-12-04T23:59:59 39291 19036 7 2016-11-30T00:00:00 2016-12-14T23:59:59 39291 19036 8 2016-12-10T00:00:00 2016-12-25T23:59:59 39291 19036 9 2016-12-21T00:00:00 2017-01-05T23:59:59 61045,39291 19036 ...VALIDATED. Validate and Process KSR /media/KSR/ksr-root-2017-q1-0.xml... # Inception Expiration ZSK Tags KSK Tag(CKA_LABEL) 1 2017-01-01T00:00:00 2017-01-22T00:00:00 61045,39291 2 2017-01-11T00:00:00 2017-02-01T00:00:00 61045 3 2017-01-21T00:00:00 2017-02-11T00:00:00 61045 4 2017-01-31T00:00:00 2017-02-21T00:00:00 61045 5 2017-02-10T00:00:00 2017-03-03T00:00:00 61045 6 2017-02-20T00:00:00 2017-03-13T00:00:00 61045 7 2017-03-02T00:00:00 2017-03-23T00:00:00 61045 8 2017-03-12T00:00:00 2017-04-02T00:00:00 61045 9 2017-03-21T00:00:00 2017-04-11T00:00:00 61045,14796 ...PASSED. SHA256 hash of KSR: 1C470A168E72B56DCD8BA6BBC716783AE35EF8F42931E18E3C9E34E5DF2C71A8 >> befriend determine allow bodyguard orca holiness scorecard hazardous spindle Medusa rematch publisher soybean bodyguard island corrosion tissue finicky Vulcan Virginia breakup company tempest microwave cobra onlooker choking travesty talon Chicago hamlet paramount << Is this correct (y/N)? y Generated new SKR in /media/KSR/skr-root-2017-q1-0.xml # Inception Expiration ZSK Tags KSK Tag(CKA_LABEL) 1 2017-01-01T00:00:00 2017-01-22T00:00:00 61045,39291 19036 2 2017-01-11T00:00:00 2017-02-01T00:00:00 61045 19036 3 2017-01-21T00:00:00 2017-02-11T00:00:00 61045 19036 4 2017-01-31T00:00:00 2017-02-21T00:00:00 61045 19036 5 2017-02-10T00:00:00 2017-03-03T00:00:00 61045 19036 6 2017-02-20T00:00:00 2017-03-13T00:00:00 61045 19036 7 2017-03-02T00:00:00 2017-03-23T00:00:00 61045 19036 8 2017-03-12T00:00:00 2017-04-02T00:00:00 61045 19036 9 2017-03-21T00:00:00 2017-04-11T00:00:00 14796,61045 19036 SHA256 hash of SKR: 0475E10C848902105B2B06580F6990D17285FDDD96AA8DD535967A1423A97312 >> adrift impartial tempest article mural matchmaker accrue autopsy erase Cherokee afflict everyday artist guitarist peachy scavenger highchair leprosy willow tambourine prefer pedigree optic specialist chopper monument keyboard belowground blowtorch passenger hockey backwater << Unloaded /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Slot=0 ********** Log output in ./ksrsigner-20161027-183803.log ********** ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# for i in $(seq 14); depoo printlog ksrsigner-20161027-*.log ; done [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped [ 2 pages * 1 copy ] sent to printer 3 lines were wrapped ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# cp -p /media/KSR/* . cp: overwrite `./skr.xml'? y ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# ls -ltr /media/KSR total 84 -rwxr-xr-x 1 root root 19557 Oct 24 22:05 ksr-root-2017-q1-0.xml -rwxr-xr-x 1 root root 21083 Oct 24 22:05 skr.xml.20161027183803 -rwxr-xr-x 1 root root 20348 Oct 27 18:41 skr.xml -rwxr-xr-x 1 root root 20348 Oct 27 18:41 skr-root-2017-q1-0.xml ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# sync ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# umount /media/KSR ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# kskgen Starting: kskgen (at Thu Oct 27 18:49:20 2016 UTC) Use HSM /opt/dnssec/aep.hsmconfig? Activate HSM prior to accepting in the affirmative!! (y/N): y HSM /opt/dnssec/aep.hsmconfig activated. [debug] setenv KEYPER_LIBRARY_PATH=/opt/dnssec [debug] setenv PKCS11_LIBRARY_PATH=/opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Found 1 slots on HSM /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 HSM slot 0 included Loaded /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Slot=0 HSM Information: Label: ICANNKSK ManufacturerID: AEP Networks Model: Keyper 9860-2 Serial: H1403032 Generating 2048 bit RSA keypair... Created keypair labeled "Klajeyz" SHA256 DS resource record and hash: . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D >> tapeworm hazardous crumpled provincial alone midsummer Belfast corporate revenge fascinate alone asteroid kiwi glossary stagnate Jupiter endorse typewriter merit Dakota puppy pyramid frighten confidence eightball autopsy crowfoot consensus soybean warranty tumor microscope << Created CSR file "Klajeyz.csr": O: Public Technical Identifiers OU: Cryptographic Business Operations CN: Root Zone KSK 2016-10-27T18:50:19+00:00 1.3.6.1.4.1.1000.53: . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D Klajeyz.csr SHA256 thumbprint and hash: 3674086DE75997F47F27302774630C31A6C43D81F5FA43D107A43DECB1C63755 >> Christmas hydraulic aimless hazardous transit examine preshrunk Virginia lockup celebrate chairlift celebrate indoors Galveston ammo company rematch reproduce commence inventive vapor whimsical crucial scavenger ahead Pandora commence unicorn sailboat responsive clamshell equipment << Unloaded /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Slot=0 ********** Log output in ./kskgen-20161027-184920.log ********** ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# printlog kskgen-20161027-184920.log 24 [ 1 pages * 24 copy ] sent to printer 3 lines were wrapped ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# printlog kskgen-20161027-184920.log 24 [ 1 pages * 24 copy ] sent to printer 3 lines were wrapped ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# keybackiup -l -P 123456 Starting: keybackup -l -P 123456 (at Thu Oct 27 18:57:05 2016 UTC) 2 public keys: label:Klajeyz label:Kjqmt7v 2 private keys: label:Klajeyz label:Kjqmt7v ********** Log output in ./keybackup-20161027-185705.log ********** ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# displaycsr Klajeyz.csr [?1049h[?1h= Certificate Request: Data: Version: 0 (0x0) Subject: O=Public Technical Identifiers, OU=Cryptographic Business Opera tions, CN=Root Zone KSK 2016-10-27T18:50:19+00:00/1.3.6.1.4.1.1000.53=. IN DS 20 326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ac:ff:b4:09:bc:c9:39:f8:31:f7:a1:e5:ec:88: f7:a5:92:55:ec:53:04:0b:e4:32:02:73:90:a4:ce: 89:6d:6f:90:86:f3:c5:e1:77:fb:fe:11:81:63:aa: ec:7a:f1:46:2c:47:94:59:44:c4:e2:c0:26:be:5e: 98:bb:cd:ed:25:97:82:72:e1:e3:e0:79:c5:09:4d: 57:3f:0e:83:c9:2f:02:b3:2d:35:13:b1:55:0b:82: 69:29:c8:0d:d0:f9:2c:ac:96:6d:17:76:9f:d5:86: 7b:64:7c:3f:38:02:9a:bd:c4:81:52:eb:8f:20:71: 59:ec:c5:d2:32:c7:c1:53:7c:79:f4:b7:ac:28:ff: 11:68:2f:21:68:1b:f6:d6:ab:a5:55:03:2b:f6:f9: f0:36:be:b2:aa:a5:b3:77:8d:6e:eb:fb:a6:bf:9e: a1:91:be:4a:b0:ca:ea:75:9e:2f:77:3a:1f:90:29: c7:3e:cb:8d:57:35:b9:32:1d:b0:85:f1:b8:e2:d8: :  03:8f:e2:94:19:92:54:8c:ee:0d:67:dd:45:47:e1: 1d:d6:3a:f9:c9:fc:1c:54:66:fb:68:4c:f0:09:d7: 19:7c:2c:f7:9e:79:2a:b5:01:e6:a8:a1:ca:51:9a: f2:cb:9b:5f:63:67:e9:4c:0d:47:50:24:51:35:7b: e1:b5 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption 80:8a:21:20:14:8a:5f:d8:91:e4:81:ac:e8:07:dd:e9:47:32: ed:ba:2e:a5:06:47:7e:a5:66:a9:2f:aa:b3:1a:df:f6:44:b1: 44:8f:2c:4f:76:63:06:10:e7:52:d7:40:f2:2d:c8:b3:d5:7a: ad:4f:74:38:c8:39:68:54:e7:21:ba:c1:5a:af:29:39:8d:11: 66:5a:54:f3:f0:15:d2:db:6a:e5:3e:cc:e3:c2:d6:c5:60:2b: 6a:1a:04:73:d6:0e:a5:10:cc:26:9e:bc:27:12:a2:14:84:95: 6c:03:cb:60:8d:ac:d9:74:41:b4:c5:20:1f:9d:f0:37:5c:8b: 5c:9f:17:4c:e0:3a:79:db:c1:58:75:6d:b0:af:60:85:8f:fe: bf:f6:93:21:49:cc:55:e2:49:fc:8d:15:89:d4:2d:48:1d:d2: ee:52:11:7e:d2:74:89:ba:34:fd:54:c3:f7:d2:90:bc:9e:a9: 95:cb:6a:41:9d:2a:eb:54:0d:3b:65:57:9f:ce:19:29:64:7f: 1c:a6:fb:49:f9:15:2f:af:0a:dc:88:03:be:34:cd:fd:db:67: 76:dc:59:61:98:25:30:94:f9:72:f4:ce:4c:61:3c:b7:d4:30: 26:b1:78:fa:20:ab:83:04:e1:dd:31:58:24:e7:98:8a:d3:01: :  1b:bb:80:d7 (END)  [?1l>[?1049l]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# displaycsr Klajeyz.csr [?1049h[?1h= Certificate Request: Data: Version: 0 (0x0) Subject: O=Public Technical Identifiers, OU=Cryptographic Business Opera tions, CN=Root Zone KSK 2016-10-27T18:50:19+00:00/1.3.6.1.4.1.1000.53=. IN DS 20 326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ac:ff:b4:09:bc:c9:39:f8:31:f7:a1:e5:ec:88: f7:a5:92:55:ec:53:04:0b:e4:32:02:73:90:a4:ce: 89:6d:6f:90:86:f3:c5:e1:77:fb:fe:11:81:63:aa: ec:7a:f1:46:2c:47:94:59:44:c4:e2:c0:26:be:5e: 98:bb:cd:ed:25:97:82:72:e1:e3:e0:79:c5:09:4d: 57:3f:0e:83:c9:2f:02:b3:2d:35:13:b1:55:0b:82: 69:29:c8:0d:d0:f9:2c:ac:96:6d:17:76:9f:d5:86: 7b:64:7c:3f:38:02:9a:bd:c4:81:52:eb:8f:20:71: 59:ec:c5:d2:32:c7:c1:53:7c:79:f4:b7:ac:28:ff: 11:68:2f:21:68:1b:f6:d6:ab:a5:55:03:2b:f6:f9: f0:36:be:b2:aa:a5:b3:77:8d:6e:eb:fb:a6:bf:9e: a1:91:be:4a:b0:ca:ea:75:9e:2f:77:3a:1f:90:29: c7:3e:cb:8d:57:35:b9:32:1d:b0:85:f1:b8:e2:d8: : : [?1l>[?1049l]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_seq=1 ttl=255 time=1.70 ms 64 bytes from 192.168.0.2: icmp_seq=2 ttl=255 time=0.358 ms 64 bytes from 192.168.0.2: icmp_seq=3 ttl=255 time=0.529 ms 64 bytes from 192.168.0.2: icmp_seq=4 ttl=255 time=0.361 ms --- 192.168.0.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.358/0.738/1.704/0.561 ms ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# keybackup -l -P 123456 Starting: keybackup -l -P 123456 (at Thu Oct 27 20:05:01 2016 UTC) 2 public keys: label:Klajeyz label:Kjqmt7v 2 private keys: label:Klajeyz label:Kjqmt7v ********** Log output in ./keybackup-20161027-200501.log ********** ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# cd /t,mp ]0;root@localhost:/tmp[root@localhost tmp]# kskgen Klajeyzxz Starting: kskgen Klajeyz (at Thu Oct 27 20:05:57 2016 UTC) Use HSM /opt/dnssec/aep.hsmconfig? Activate HSM prior to accepting in the affirmative!! (y/N): y HSM /opt/dnssec/aep.hsmconfig activated. [debug] setenv KEYPER_LIBRARY_PATH=/opt/dnssec [debug] setenv PKCS11_LIBRARY_PATH=/opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Found 1 slots on HSM /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 HSM slot 0 included Loaded /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Slot=0 HSM Information: Label: ICANNKSK ManufacturerID: AEP Networks Model: Keyper 9860-2 Serial: H1411011 Looking for RSA keypair labeled "Klajeyz"... Found keypair labeled "Klajeyz" SHA256 DS resource record and hash: . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D >> tapeworm hazardous crumpled provincial alone midsummer Belfast corporate revenge fascinate alone asteroid kiwi glossary stagnate Jupiter endorse typewriter merit Dakota puppy pyramid frighten confidence eightball autopsy crowfoot consensus soybean warranty tumor microscope << Created CSR file "Klajeyz.csr": O: Public Technical Identifiers OU: Cryptographic Business Operations CN: Root Zone KSK 2016-10-27T20:06:06+00:00 1.3.6.1.4.1.1000.53: . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D Klajeyz.csr SHA256 thumbprint and hash: 5C0C3BB122C2C1DD2945641334CEC7AA0130FA36ADBADA8C60A86D94F2A2ED30 >> escape article clockwork photograph blockade repellent snapline tambourine breakup detector flytrap barbecue choking sardonic soybean pedigree absurd commando wallet congregate ringbolt puberty surmount megaton facial paramount goggles molecule uproot Pacific tunnel commando << Unloaded /opt/Keyper/PKCS11Provider/pkcs11.GCC4.0.2.so.4.07 Slot=0 ********** Log output in ./kskgen-20161027-200557.log ********** ]0;root@localhost:/tmp[root@localhost tmp]# displaycsr Klajeyz.csr [?1049h[?1h= Certificate Request: Data: Version: 0 (0x0) Subject: O=Public Technical Identifiers, OU=Cryptographic Business Opera tions, CN=Root Zone KSK 2016-10-27T20:06:06+00:00/1.3.6.1.4.1.1000.53=. IN DS 20 326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ac:ff:b4:09:bc:c9:39:f8:31:f7:a1:e5:ec:88: f7:a5:92:55:ec:53:04:0b:e4:32:02:73:90:a4:ce: 89:6d:6f:90:86:f3:c5:e1:77:fb:fe:11:81:63:aa: ec:7a:f1:46:2c:47:94:59:44:c4:e2:c0:26:be:5e: 98:bb:cd:ed:25:97:82:72:e1:e3:e0:79:c5:09:4d: 57:3f:0e:83:c9:2f:02:b3:2d:35:13:b1:55:0b:82: 69:29:c8:0d:d0:f9:2c:ac:96:6d:17:76:9f:d5:86: 7b:64:7c:3f:38:02:9a:bd:c4:81:52:eb:8f:20:71: 59:ec:c5:d2:32:c7:c1:53:7c:79:f4:b7:ac:28:ff: 11:68:2f:21:68:1b:f6:d6:ab:a5:55:03:2b:f6:f9: f0:36:be:b2:aa:a5:b3:77:8d:6e:eb:fb:a6:bf:9e: a1:91:be:4a:b0:ca:ea:75:9e:2f:77:3a:1f:90:29: c7:3e:cb:8d:57:35:b9:32:1d:b0:85:f1:b8:e2:d8: : [?1l>[?1049l]0;root@localhost:/tmp[root@localhost tmp]# cd /media/HSMFD ]0;root@localhost:/media/HSMFD[root@localhost HSMFD]# exit exit Script done on Thu 27 Oct 2016 08:50:59 PM UTC