[Opendnssec-develop] proposed libhsm API
rickard.bondesson at iis.se
Thu Apr 23 14:38:10 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
(Sending again, but to the list (reply to all))
I believe that we have to crack a big nut here.
How should we handle the sessions?
We want to allow signing with multiple threads. This needs one session per thread. If we connect the session with the HSM, then we can only use on thread per HSM. If we connect the session with the key, then the threads can not sign with the same key.
In other words we either need to keep track of the thread or give out session ids via the libhsm interface. A session id which needs to be translated to the session id within the HSM.
Then we also would need some interface to open and close sessions... and then we are almost creating a new PKCS#11 interface.
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop