Thanks for your message, and welcome to deSEC! Sorry for the late response.
The error message says “wrong key tag”. The key tag is redundant information (it can be computed from the other key fields), and it is normally not used when entering a DNSKEY. (It is mainly used in DS records.)
The key tag for your key is 6630, so please tell your provider to try this value. (This is also the value that should appear in the first field of your DS records in our web interface, so take a look there to verify.)
The 257 value actually belongs into the “flags” field, and KSK means the same as 257.
You can see all these details using
$ dig +multi DNSKEY aphome.be @ns1.desec.io | grep -A4 "ANSWER SECTION"
;; ANSWER SECTION:
aphome.be. 3600 IN DNSKEY 257 3 13 (
) ; KSK; alg = ECDSAP256SHA256 ; key id = 6630
Clearly, this is another case of DNSSEC web interfaces causing confusion, and standing in the way to DNSSEC adoption. I hope that I could clear it up!