if [ -z "$DOMAIN" ]; then echo "You must \"export DOMAIN=yourdomain\" first"; exit 1; fi
export PKCS11_LIBRARY_PATH="/opt/dccom/lib/opensc-pkcs11.so"
read -s -p "HSM PIN: " PKCS11_LIBRARY_PIN
echo ""
export PKCS11_LIBRARY_PIN
cnt=1
echo "Generating 2048 bit RSA SHA256 ZSK"
dnssec-keygen -f ksk -a 8 -b 2048 $DOMAIN.
echo "Run \"cardshow\" to see keys on smartcard"
#
# end
#