[Opendnssec-develop] hsm-toolkit questions
Rick van Rein
rick at openfortress.nl
Wed Mar 11 14:22:00 UTC 2009
Steering away from the code, I am getting more thoughts.
> here is a patch to hsm-toolkit to print a hash of the public key.
> Before I finish it and submit it - can anyone see any problems?
You did not start by hashing the algorithm identifier, which makes
more sense in the light that RSA won't be around forever.
It's not a major thing though -- as CKA_ID is not a security thing.
I wonder if there is a reason not simply to adhere to the ASN.1 encoding
and hashing that. It may offer better integration with existing tools.
More information about the Opendnssec-develop