[Opendnssec-develop] Creating tokens for SoftHSM

Rick van Rein rick at openfortress.nl
Wed Feb 11 22:42:30 UTC 2009


> sure, but it would sure be nice if the softhsm utility could export/ 
> import keys directly into the database, yes?

It sounds like a waste of time to me, as PKCS #11 and relating tools can do it.
Also it sounds like a way to get things done that oughtn't be doable.

> when you change the config file, you plug/unplug. you cannot do this  
> after the softhsm has initialized itself (i.e. opened the database).

OK.  Removing a token from a slot usually indicates doing so while the
PKCS #11 library is operational.  I suppose what you are saying is that
the SoftHSM, which runs as a library to implement PKCS #11, cannot
actually plug/unplug tokens into/from slots.

As said before, this (un)plugging behaviour would only be useful when
mimicing a USB-token or smart card; an HSM would not have this behaviour.
Note that tokens are so low-cost (EUR 50 range) that simulating them is
not really necessary.


More information about the Opendnssec-develop mailing list