[Opendnssec-develop] Creating tokens for SoftHSM

Rickard Bondesson rickard.bondesson at iis.se
Wed Feb 11 10:51:00 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi

During the last meeting we said that only one user PIN should be used per token. And that a security officer (SO) should be able to create a number of tokens. Is it ok to utilize the C_InitToken for this task? This means that no slots will exist from scratch. By giving an arbitrary slotID, C_InitToken will create a new token and tie it to that slotID. Thus can everything be handled via the PKCS#11 interface.

The first call to C_InitToken would create the SO PIN and that is what is used later on for creating other tokens.

The user PIN is then created by the C_InitPIN when the SO has logged in to the token.

// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSZKtlOCjgaNTdVjaAQhpgwf/YYPqa/xa1FrGOZctONVcUhe3TW/1z3QO
wo9kvdb4UJquXj5ouIhZLM7QGy0uliJnL3EWpCRLlpS+IdjkxWMJfShk/66+YwrX
QiGDV8AO4WyEAVsEe6/i3E2mpvmXhCpMNRZpmEJucK02HbxrWbAXkD0zvNcsDXD3
qdeNU9xDkIfHXUVyKEIPs9YjDONtWK4lK8kc73VTJxWBDE7R+YBD0aZjm7lN5+sK
M+k0DtM5+xjDPSmci0dWg5fM5vS3xcYAQNfbVs3iAW2saOYhpNYKfzwSeNp1A3yI
YffDodrJ+dPxtd1Yi8rb33MjCdj1gP4mUVyU4jeHqjO95CYguWp/fw==
=et03
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list