[Opendnssec-develop] Creating keys

Roy Arends roy at nominet.org.uk
Fri Nov 28 17:31:37 UTC 2008 

Stephen Morris wrote on 11/28/2008 05:47:32 PM:

> Olaf Kolkman <olaf at NLnetLabs.nl> wrote on 27/11/2008 16:01:26:
> 
> > 
> > On Nov 27, 2008, at 4:54 PM, John Dickinson wrote:
> > 
> > >
> > > So I guess if you have a large zone like co.uk then a couple of 
> > > seconds in the 6 odd minutes that it would take to sign from scratch 

> > > is nothing. However, if you have 1000's of small zones or you are 
> > > dynamically updating every minute then it could make a big 
difference.
> > 
> > But even then... the key-rollover would take place only once per month 

> > or so. So this 2 second pain per zone only happens once or twice per 
> > month.
> 
> In this approach, are there any problems in ensuring that the keys are 
> replicated to a backup HSM before they are used?  Do you need any type 
of 
> "master" password to export private keys from the HSM?

I guess in a situation where the procedures require that keys need to be 
backed up, it is up to the specific HSM implementation if such a scenario 
is possible. Different HSMs use different methods. For instance, to be 
fully FIPS 140-2 level 3 compliant, the HSM needs to be in complete "do 
not export" state, which guarantees that keys stored on an HSM can't be 
exported. Another requirement is that "do not export" is irreversible. 

What I think is fairly common is that a keystore (containing the actual 
private DNSKEY's) is an encrypted filesystem (the individual files are 
encrypted, not the directory structure) on a regular disk, while the 
Keystore Decryption Key (or Master Key, or SuperKey or RootToken, all 
depending on which vendor you talk to) resides physically in the HSM. This 
Decryption key can actually be synchronised between the various HSMs (of 
the same brand, as there is currently no standard defined way). There are 
different methods to do this. Once the decrytion key is equal on all HSMs, 
keystores can be read by all involved HSMs, while the same encrypted 
keystores (filesystems) can be backed-up, replicated, etc.

However, since the methods on key-retrieval, backup, recovery is so 
incredibly vendor specific, I think that is out of scope. We should just 
allow the system to be able to pre-generate keys, in order to allow 
redundant keystores. 

Hope this helps,

Roy Arends
Sr. Researcher
Nominet UK

More information about the Opendnssec-develop mailing list