[Opendnssec-develop] Creating tokens for SoftHSM
rickard.bondesson at iis.se
Wed Feb 11 10:51:00 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
During the last meeting we said that only one user PIN should be used per token. And that a security officer (SO) should be able to create a number of tokens. Is it ok to utilize the C_InitToken for this task? This means that no slots will exist from scratch. By giving an arbitrary slotID, C_InitToken will create a new token and tie it to that slotID. Thus can everything be handled via the PKCS#11 interface.
The first call to C_InitToken would create the SO PIN and that is what is used later on for creating other tokens.
The user PIN is then created by the C_InitPIN when the SO has logged in to the token.
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop