[Opendnssec-develop] Creating tokens for SoftHSM
Rick van Rein
rick at openfortress.nl
Wed Feb 11 22:42:30 UTC 2009
> sure, but it would sure be nice if the softhsm utility could export/
> import keys directly into the database, yes?
It sounds like a waste of time to me, as PKCS #11 and relating tools can do it.
Also it sounds like a way to get things done that oughtn't be doable.
> when you change the config file, you plug/unplug. you cannot do this
> after the softhsm has initialized itself (i.e. opened the database).
OK. Removing a token from a slot usually indicates doing so while the
PKCS #11 library is operational. I suppose what you are saying is that
the SoftHSM, which runs as a library to implement PKCS #11, cannot
actually plug/unplug tokens into/from slots.
As said before, this (un)plugging behaviour would only be useful when
mimicing a USB-token or smart card; an HSM would not have this behaviour.
Note that tokens are so low-cost (EUR 50 range) that simulating them is
not really necessary.
More information about the Opendnssec-develop