[Opendnssec-develop] proposed libhsm API

Jakob Schlyter jakob at kirei.se
Fri Apr 24 12:27:07 UTC 2009

On 24 apr 2009, at 13.39, Ray.Bellis at nominet.org.uk wrote:

>  const hsm_key_t *hsm_generate_rsa_key(unsigned long keysize);
> Do we need a parameter to say _which_ HSM the key will be generated  
> on.
> For instance, when adding a second HSM to an existing system (so  
> that the
> old can be eventually decommissioned) we might need to specify that  
> all
> news keys are created on the new HSM and not on the old one.


> (unless that's part of the automagic .xml configuration ?)

no, it isn't as the repository name for new keys is configured using  
the KASP.


More information about the Opendnssec-develop mailing list