<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial" size="2">
<div>-----BEGIN PGP SIGNED MESSAGE-----</div>
<div>Hash: SHA256</div>
<div> </div>
<div>Bump</div>
<div> </div>
<div>> Hi</div>
<div>> </div>
<div>> As we said in the last meeting, I should start an email thread about</div>
<div>> the "Invalid signature" problem. At one point we got a bad signature,</div>
<div>> but we could not reproduce it.</div>
<div>> </div>
<div>> Signer Engine will now check all of the signatures. And SoftHSM has a</div>
<div>> compiler option to verify the signature before returning it. Both has</div>
<div>> output to syslog.</div>
<div>> </div>
<div>> Signer Engine:</div>
<div>> WARNING: HSM returned BOGUS signature! Abort signing, retry on next</div>
<div>> resign</div>
<div>> </div>
<div>> SoftHSM (in hexadecimal):</div>
<div>> SoftHSM: C_Sign: Error: Could not verify signature. Data: 54657874</div>
<div>> Sign:</div>
<div>> 2E3C50CDFFFC39F146D67730A982DC17C9C5EBBC77394425F3524F8547CE26AC1E13CF1</div>
<div>> 3</div>
<div>> 534FCE7BE7FCFF263C8CD2C4DE9EBB295C790C1F989C18A32EF0D0853F7E38222FA6ACB</div>
<div>> C</div>
<div>> 29E27692D382FB4CE387C5F171F81567EC0678176EFDB43F</div>
<div>> </div>
<div>> Signer Engine also outputs the bad signature into the tmp zone, which</div>
<div>> does not get distributed:</div>
<div>> fprintf(output, "; signing failed: %s\n",</div>
<div>> ldns_get_errorstr_by_id(status)); ldns_rr_print(output, sig);</div>
<div>> </div>
<div>> I think Roy is setting up a test bed, right?</div>
<div>> </div>
<div>> What else can we do?</div>
<div>> </div>
<div>> And for how long should we keep the verifying on by default in the</div>
<div>> Signer Engine?</div>
<div>> </div>
<div>> // Rickard</div>
<div> </div>
<div>-----BEGIN PGP SIGNATURE-----</div>
<div>Version: 9.8.3 (Build 4028)</div>
<div>Charset: utf-8</div>
<div> </div>
<div>wsBVAwUBSyYFN+CjgaNTdVjaAQhapAf/aVrP0PW307WkZyRcW6mhrdlgWDCLZtoF</div>
<div>zOShaUc04jEvsi9m6n7K4RRP72AJewdQu5SXHE1Fqq/oSeL3N9XIC2rO0eGTelnR</div>
<div>nUwKGGR+l9+d8uXBzvTH2ScEgCmNT2x4RQHtZ8QYLnN1CiIXRebkOVsyvcqqhtTb</div>
<div>DUTiKxW+jJqe5dzlrE8WF/AcphfUsLZA1NFwy/RSzX2tzDLc1B1fE/tF/H6lqxvK</div>
<div>uXfBPTH/mDR07vVhYnLk2JUNWLlNX1phg3muFdR6xF91CC8GeRaQn213LOYGrA9D</div>
<div>gZJkuODXmHIWfec0Z24QpcmHRV3KpNavwTduWBWLPXEFyKfbEO+h3A==</div>
<div>=sOhp</div>
<div>-----END PGP SIGNATURE-----</div>
<div> </div>
<div> </div>
</font>
</body>
</html>