The ZoneZipFileServerSideSigner signer has the fully qualified class name: org.signserver.module.dnssec.signer.ZoneZipFileServerSideSigner
The ZoneZipFileServerSideSigner signer can be used to sign a Domain Name System (DNS) zone file contained in a zip file, using DNS Security Extensions (DNSSEC).
The ZoneZipFileServerSideSigner is similar to the ZoneFileServerSideSigner with the difference that this signer uses the input of a zip file containing an unsigned zone file and a previously signed zone file. Depending on the request metadata property FORCE_RESIGN, signatures present in previously signed zone files are reused if they are valid, and only new records are signed.
Key alias prefix to use for zone signing. The key used will be based on the prefix with the key sequence number appended. Required. Example: "example.com_Z_".
|ACTIVE_KSKS||Active key signing keys to use. Must specify exactly 1 or 2 key aliases, comma-separated. Required. Example: "example.com_K_1,example.com_K_2".|
|ZONE_NAME||The name of the top-level zone in the zone file. Required. Example: "example.com.".|
|PUBLISH_PREVIOUS_ZSK||If the previous ZSK (if one) should be kept published. Optional. Example: "false". Default: "true".|
|NSEC3_SALT||Fixed, hex-encoded salt (64-bit value) to use instead of a random salt for testing/troubleshooting purposes. Optional. Example: "6dcd4ce23d88e2ee".|
|DISABLEKEYUSAGECOUNTER||Disables the key usage counter. As the key usage counter is not supported by this signer, if set, only the value "true" is supported.|
Signature algorithm to use for all signatures. Default: "SHA256withRSA". Currently, only "SHA1withRSA", "SHA256withRSA" and "SHA512withRSA are supported. All signature algorithms map to DNSSEC algorithms using NSEC3.
|ZSK_SEQUENCE_NUMBER||Sequence number to append after key alias prefix. Example: "1".|
|FORCE_RESIGN||Specifies whether to resign previously signed records even if their signatures are valid and present in the signed zone file. Default: "FALSE".|