[Opendnssec-develop] hsm-toolkit questions
jad at jadickinson.co.uk
Wed Mar 11 14:34:39 UTC 2009
On 11 Mar 2009, at 14:23, Jakob Schlyter wrote:
> On 11 mar 2009, at 15.19, Rick van Rein wrote:
>> Not seeing the keysize in this patch, I'm assuming it is a value
>> of platform-independent endianness? We don't want to get into
>> trouble when moving the signing service from an i386 Mac to a
>> PowerPC Mac, so to speak. Also, the sizeof (keysize) is the
>> same for all platforms, I hope?
> the label is only set when generating the key, if you move the key -
> between architecture or HSM:s - the label stays the same.
> perhaps we should considering setting the CKA_ID to a plain UUID
> like D242124C-B411-4E33-BBB0-44F60C607275
> - easy to generate (and no rename after generated needed)
> - will never collide
> - no crypto discussion
Good idea. Not having to create and rename is nice. Is there a library
on several platforms to calculate this or do I have to read RFC4122?
More information about the Opendnssec-develop