[Opendnssec-develop] hsm-toolkit questions

Jakob Schlyter jakob at kirei.se
Wed Mar 11 14:23:38 UTC 2009


On 11 mar 2009, at 15.19, Rick van Rein wrote:

> Not seeing the keysize in this patch, I'm assuming it is a value
> of platform-independent endianness?  We don't want to get into
> trouble when moving the signing service from an i386 Mac to a
> PowerPC Mac, so to speak.  Also, the sizeof (keysize) is the
> same for all platforms, I hope?

the label is only set when generating the key, if you move the key -  
between architecture or HSM:s - the label stays the same.

perhaps we should considering setting the CKA_ID to a plain UUID  
instead?
like D242124C-B411-4E33-BBB0-44F60C607275

- easy to generate (and no rename after generated needed)
- will never collide
- no crypto discussions

	jakob




More information about the Opendnssec-develop mailing list