Would it be possible for the Onlykey developers to add support for DNSSEC key maintenance, rollover, and automated key signing in the OnlyKey? OnlyKey is one of the few true open source hardware security modules that support Ed25519–a fast and side-channel attack resistant curve that may be used to make RRSIGs in DNSSEC. Please let me know. Thanks!
Can you describe more of how you would want that to work? If you can use GnuPG you can use OnlyKey with the agent here to do Ed25519 signatures: OnlyKey SSH/GPG agent | Docs
I also noticed the domain onlykey.io is itself not protected under DNSSEC. Since onlykey.io is using CloudFlare’s DNSSEC servers may Onlykey protect their own domain under DNSSEC. I know Nitrokey itself also uses CloudFlare’s nameservers and protects their own nameservers using CloudFlare’s Universal DNSSEC system
Hi I noticed my original response never was uploaded.
What I meant was to support automated DNSSEC signing and key rollover in the same manner as Nitrokey HSM 2.
Here is an article on how the Nitrokey HSM 2 supports that:
and here is another article on how the Nitrokey HSM 2 can be used for DNSSEC signing: