[Opendnssec-develop] proposed libhsm API
Rickard Bondesson
rickard.bondesson at iis.se
Thu Apr 23 14:38:10 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
(Sending again, but to the list (reply to all))
I believe that we have to crack a big nut here.
How should we handle the sessions?
We want to allow signing with multiple threads. This needs one session per thread. If we connect the session with the HSM, then we can only use on thread per HSM. If we connect the session with the key, then the threads can not sign with the same key.
In other words we either need to keep track of the thread or give out session ids via the libhsm interface. A session id which needs to be translated to the session id within the HSM.
Then we also would need some interface to open and close sessions... and then we are almost creating a new PKCS#11 interface.
Suggestions?
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSfB9UuCjgaNTdVjaAQjbIgf/fEqOOfQXotg55oSNR1GFdA3uNYM6BSei
INT658p1kAeSsXaITAydfXyLROigD1b1nqRIgObry+ZJTyd6F11qsRsnrD6//Eno
WluL/wdre4Hue08x+dknWWNPfnCq30KPSWSgBj/fdnNzOgbEtb07AfEhXd3/n+5H
7kmiUEKl4ZF5eyXUUs0kXuGadTGMdFpkISepGjlnxCD8vgZ5AeHrVFiCUY01ayVE
xQ/OsVURxBYISf49qc5I9L6PWqSkHgVRsGFkIbv2IPjHBpmWGRCp1zT2GpY7k3z5
Dcihb14ZSttgxORUbpOfenjrBk37s1oMSFH3f1LKfuSfGcgFEjWdAA==
=at9y
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list