[Opendnssec-develop] storing blobs in the HSM

Rickard Bondesson rickard.bondesson at iis.se
Thu Feb 26 14:47:32 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

C_CreateObject
to create the data object.

C_FindObjectsInit / C_FindObjects / C_FindObjectsFinal
to find the object

C_GetAttributeValue
to get the salt value

// Rickard

> > John and I was just discussing where to store non-policy 
> data like the
> > NSEC3 salt. would it be possible to store it as a blob in the HSM?  
> > would it be accessible just as the keys?
> 
> You could store data in the object class CKO_DATA
> 
> It has these attributes becides the common ones.
> 
> CKA_APPLICATION - RFC2279 string
> Description of the application that manages the object (default empty)
> 
> CKA_OBJECT_ID - Byte Array
> DER-encoding of the object identifier indicating the data 
> object type (default empty)
> 
> CKA_VALUE - Byte Array
> Value of the object (default empty)
> 
> But SoftHSM does not have support for data objects. But could 
> after some modifications.
> 
> // Rickard
> 
> * Rickard Bondesson <rickard.bondesson at iis.se>
> * 0x537558DA(L)
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSaarhOCjgaNTdVjaAQipcAf+PoCSfpdtr03FJGxdxXV6atK6U5UkFbBJ
d5x3YkF0g36KU1mqjG5o7KW16DFOzUca1C3YT5EvfGCreLQ4N5qkos+TD/bMCxXT
FP/U/o6IRdJROC+queTs2DF3oobWOAhdp4fuAGa7D/NKfxkorJjjip9jc904meDG
7UYsRPssmbydo5tO3RjXh+Zvz/kOH7Femptasdm26vjJ4d/+VjyxsuFAnbK8acDl
cJEkhK2NtlpiIQYwW5ooTSLQYX+1zef5Zo82Fbx3xf5QWRmy677uJQIUTXIRywjM
OvkmBsrqlXpLmtuPulU5NKSTUE6dNntxmT9i9rjkfA6akXmgJwXhpw==
=Svlu
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list