[Opendnssec-develop] storing blobs in the HSM
Rickard Bondesson
rickard.bondesson at iis.se
Thu Feb 26 14:42:03 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> John and I was just discussing where to store non-policy data like the
> NSEC3 salt. would it be possible to store it as a blob in the HSM?
> would it be accessible just as the keys?
You could store data in the object class CKO_DATA
It has these attributes becides the common ones.
CKA_APPLICATION - RFC2279 string
Description of the application that manages the object (default empty)
CKA_OBJECT_ID - Byte Array
DER-encoding of the object identifier indicating the data object type (default empty)
CKA_VALUE - Byte Array
Value of the object (default empty)
But SoftHSM does not have support for data objects. But could after some modifications.
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSaaqO+CjgaNTdVjaAQgU0Qf/cs9In25pO5YdJctUiAMCsJteXyM2MdDC
56Noqx0LG6G+bCddnAMuXIV6QIW7BYJQ8POjsubAlvHSMWgpZd4ZPe48ZJHkcCwi
azMt1ThWChXI2BTG3hajyGoWc/AdDIHkYW5vxl97KECOvG57ZcFyZB0Ke04nzH4m
BGkY4fNz2c4+AKp2oZ233e6Icexrs5yU5Xjj5HDZ6srevSFQp5MP9O4JISQz6qm1
ES3iw8hMTFti2mCVuMiv7JA+cK4XpI8KcJXdJ81uq2aQMj80G5EmetuhjyifOk0V
XMt3l8LYx+cSzRx7Mn705s/QzHWNzvEhQFsWa4GUX55D3FcS5zWTag==
=BXd5
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list