[Opendnssec-develop] proposed libhsm API
Jakob Schlyter
jakob at kirei.se
Fri Apr 24 12:27:07 UTC 2009
On 24 apr 2009, at 13.39, Ray.Bellis at nominet.org.uk wrote:
> const hsm_key_t *hsm_generate_rsa_key(unsigned long keysize);
>
> Do we need a parameter to say _which_ HSM the key will be generated
> on.
> For instance, when adding a second HSM to an existing system (so
> that the
> old can be eventually decommissioned) we might need to specify that
> all
> news keys are created on the new HSM and not on the old one.
yes.
> (unless that's part of the automagic .xml configuration ?)
no, it isn't as the repository name for new keys is configured using
the KASP.
jakob
More information about the Opendnssec-develop
mailing list