roy at nominet.org.uk
Mon Feb 2 17:43:12 UTC 2009
The hsm-toolkit can generate, list and remove RSA key-pairs from the HSM.
usage: hsm-toolkit [-s slot] [-p pin] [-G [-b keysize] label] [-R label]
If no arguments are given, the toolkit will try to list objects on slot 0,
and will prompt for the pin.
(Question: should I change the default to match softHSM's default slot 1?)
If a label (an arbitrary string) is given as argument, the only matching
keys will be listed.
-G generates a key. default is 1024 bits, which can be change by using -b.
A label is required.
If the label already exists, a new key with the same label will not be
generated. Key ID is not used at all (CKA_ID).
(Note: I will add CKA_ID as well, and require that that the tuple
<CKA_LABEL,CKA_ID> is unique).
-R removes a key. A label is required.
(Question: should I change this to -D to avoid that -R is interpreted as
"Read" instead of "Remove")
Requests for functionality are welcome.
More information about the Opendnssec-develop