[Opendnssec-develop] True Random Number Generator
John Dickinson
jad at jadickinson.co.uk
Thu Jan 15 10:16:31 UTC 2009
On 13 Jan 2009, at 07:59, Rickard Bondesson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>> Well I really like softHSM - it is so easy to use and I
>> really like the fact that it sort of creates users every time
>> you use a different pin. - So simple :)
>
> :)
>
>> How about a debug mode where softHSM logs all the pkcs11
>> calls to a file (maybe something simple like if you link to a
>> version of the lib called libsofthsm-DEBUG.so. (I am thinking
>> of the debug mode of a AEP Keyper where it logs if you access
>> it via a host name of HSML instead of HSM.)
>
> I will put it in my todo list.
I just came across pkcs11-spy.so - part of opencryptoki. It seems to
do what I was wanting. You link your app to pkcs11-spy.so and set an
environment variable to point to the actual pkcs11 lib you want to use
export PKCS11SPY=/usr/local/lib/libsofthsm.so
then run the app and you get output like this
*************** OpenSC PKCS#11 spy *****************
Loaded: "/usr/local/lib/libsofthsm.so"
0: C_GetFunctionList
Returned: 0 CKR_OK
1: C_Initialize
[in] pInitArgs = 0x7ffffdf9b000
Returned: 0 CKR_OK
2: C_GetInfo
cryptokiVersion: 2.20
manufacturerID: ' SoftHSM '
flags: 0
libraryDescription: ' Implementation of PKCS11 '
libraryVersion: 0.1
Returned: 0 CKR_OK
HTH
John
More information about the Opendnssec-develop
mailing list