[Opendnssec-develop] hsm-toolkit questions
jakob at kirei.se
Wed Mar 11 14:23:38 UTC 2009
On 11 mar 2009, at 15.19, Rick van Rein wrote:
> Not seeing the keysize in this patch, I'm assuming it is a value
> of platform-independent endianness? We don't want to get into
> trouble when moving the signing service from an i386 Mac to a
> PowerPC Mac, so to speak. Also, the sizeof (keysize) is the
> same for all platforms, I hope?
the label is only set when generating the key, if you move the key -
between architecture or HSM:s - the label stays the same.
perhaps we should considering setting the CKA_ID to a plain UUID
- easy to generate (and no rename after generated needed)
- will never collide
- no crypto discussions
More information about the Opendnssec-develop