[Opendnssec-develop] HSM vendors and common key attributes

Roland van Rijswijk roland.vanrijswijk at surfnet.nl
Tue Dec 2 13:25:21 UTC 2008

Hi Roy,

> Are you able to list, and maybe eventually participate to test, the HSMs 
> that you currently have at your disposal? 

Unfortunately, the only PKCS #11 compliant devices I have at my disposal
at the moment are:

- An NXP JCOP USB token from AET (SafeSign PKCS #11)
- An Alladin eToken USB token

Since I participated in writing the PKCS #11 for the first one mentioned
I can pretty much tell you anything about that one ;-). As for the
second one, I can give it a try, to see which attributes it supports.

I can supply you with some tokens to test with as they are good cheap
alternatives to HSMs.

I've been looking at purchasing a Luna HSM for next year when we start
deploying DNSSEC. If and when this purchase is made, I would be happy to
give you guys access to it during the development phase to test with.




-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl

More information about the Opendnssec-develop mailing list