I think an external provider can be mentioned via '-E engine-name' (see: NAMED(8))
-E engine-name
When applicable, specifies the hardware to use for cryptographic operations, such as a secure key store used for signing.
When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service
module. When BIND is built with native PKCS#11 cryptography (--enable-native-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "--with-pkcs11".
I'll have a look our options once I have a binary pkg ready to be installed and tested.
I think an external provider can be mentioned via '-E engine-name' (see: NAMED(8))
-E engine-name
When applicable, specifies the hardware to use for cryptographic operations, such as a secure key store used for signing.
When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service native- pkcs11) , it defaults to the path of the PKCS#11 provider library specified via "--with-pkcs11".
module. When BIND is built with native PKCS#11 cryptography (--enable-
I'll have a look our options once I have a binary pkg ready to be installed and tested.