[Opendnssec-develop] hsm-toolkit questions
roy at nominet.org.uk
Wed Mar 11 12:07:50 UTC 2009
John Dickinson <jadsab at googlemail.com> wrote on 03/11/2009 12:57:35 PM:
> On 11 Mar 2009, at 11:48, Roy Arends wrote:
> > While the hsm-toolkit slowly reaches adolescense, I'd like to
> > discuss some topics on the subject:
> Hi Roy,
> I have also been thinking about a few of these things because the
> Enforcer needs to do them as well and so I plan to steal code directly
> from yours :)
Steal right ahead :-)
> I have a patch to add dynamic linking of the pkcs11. So that you
> specify -P /usr/local/lib/libpkcs11.so on the command line instead of
> at compile time. I am just cleaning it up and will submit it later
I have already added the functionality, using your patch. Thanks. Works
> > 1) The object identifier
> > We need to identify an object. This can either be done by the LABEL
> > or by ID. Please give guidance on which to use, and what the values
> > for this identifiers need to be. I remember that 'hash of the key'
> > was mentioned. Please advice which algorithm to use. I also need to
> > know if hsm-toolkit needs to avoid identifier collisions or not.
> Enforcer needs this as well. I was going to ask Jakob this very
> question - Jakob, do you know the answer?
> > 2) additional functionality
> > The software can list, generate and destroy RSA objects from the
> > token. Is there interest in additional functionality, or do we want
> > to keep it to the bare necessities (list/generate/destroy objects)
> I expect we want more - I will have a think of ideas.
> > 3) configurable defaults
> > Currently, all parameters need to be specified on the command line.
> > Some have static defaults. Do we want configurable defaults through
> > a configuration file, or no defaults, or the current status quo?
> I like it as it is.
Cool. thanks for the help!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-develop