[Opendnssec-develop] hsm-toolkit questions

Rick van Rein rick at openfortress.nl
Wed Mar 11 14:22:00 UTC 2009


Steering away from the code, I am getting more thoughts.

> here is a patch to hsm-toolkit to print a hash of the public key.  
> Before I finish it and submit it - can anyone see any problems?

You did not start by hashing the algorithm identifier, which makes
more sense in the light that RSA won't be around forever.

It's not a major thing though -- as CKA_ID is not a security thing.

I wonder if there is a reason not simply to adhere to the ASN.1 encoding
and hashing that.  It may offer better integration with existing tools.


More information about the Opendnssec-develop mailing list