if [ -z "$DOMAIN" ]; then echo "You must \"export DOMAIN=yourdomain\" first"; exit 1; fi
read -s -p "HSM PIN: " PKCS11_LIBRARY_PIN
echo ""
dt=`date -u +%Y%m%d%H%M%S`
ckalabel="ksk.""$DOMAIN"".""$dt"
echo "Generating 2048 bit RSA KSK $ckalabel"
pkcs11-tool --module /opt/dccom/lib/opensc-pkcs11.so -l --pin $PKCS11_LIBRARY_PIN --keypairgen --key-type rsa:2048 --read-object --type pubkey --output-file "$ckalabel"".pub" --label "$ckalabel"