[Opendnssec-develop] storing blobs in the HSM
Rickard Bondesson
rickard.bondesson at iis.se
Thu Feb 26 14:47:32 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
C_CreateObject
to create the data object.
C_FindObjectsInit / C_FindObjects / C_FindObjectsFinal
to find the object
C_GetAttributeValue
to get the salt value
// Rickard
> > John and I was just discussing where to store non-policy
> data like the
> > NSEC3 salt. would it be possible to store it as a blob in the HSM?
> > would it be accessible just as the keys?
>
> You could store data in the object class CKO_DATA
>
> It has these attributes becides the common ones.
>
> CKA_APPLICATION - RFC2279 string
> Description of the application that manages the object (default empty)
>
> CKA_OBJECT_ID - Byte Array
> DER-encoding of the object identifier indicating the data
> object type (default empty)
>
> CKA_VALUE - Byte Array
> Value of the object (default empty)
>
> But SoftHSM does not have support for data objects. But could
> after some modifications.
>
> // Rickard
>
> * Rickard Bondesson <rickard.bondesson at iis.se>
> * 0x537558DA(L)
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSaarhOCjgaNTdVjaAQipcAf+PoCSfpdtr03FJGxdxXV6atK6U5UkFbBJ
d5x3YkF0g36KU1mqjG5o7KW16DFOzUca1C3YT5EvfGCreLQ4N5qkos+TD/bMCxXT
FP/U/o6IRdJROC+queTs2DF3oobWOAhdp4fuAGa7D/NKfxkorJjjip9jc904meDG
7UYsRPssmbydo5tO3RjXh+Zvz/kOH7Femptasdm26vjJ4d/+VjyxsuFAnbK8acDl
cJEkhK2NtlpiIQYwW5ooTSLQYX+1zef5Zo82Fbx3xf5QWRmy677uJQIUTXIRywjM
OvkmBsrqlXpLmtuPulU5NKSTUE6dNntxmT9i9rjkfA6akXmgJwXhpw==
=Svlu
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list