[Opendnssec-develop] hsm-toolkit questions

John Dickinson jad at jadickinson.co.uk
Wed Mar 11 14:34:39 UTC 2009

On 11 Mar 2009, at 14:23, Jakob Schlyter wrote:

> On 11 mar 2009, at 15.19, Rick van Rein wrote:
>> Not seeing the keysize in this patch, I'm assuming it is a value
>> of platform-independent endianness?  We don't want to get into
>> trouble when moving the signing service from an i386 Mac to a
>> PowerPC Mac, so to speak.  Also, the sizeof (keysize) is the
>> same for all platforms, I hope?
> the label is only set when generating the key, if you move the key -  
> between architecture or HSM:s - the label stays the same.
> perhaps we should considering setting the CKA_ID to a plain UUID  
> instead?
> like D242124C-B411-4E33-BBB0-44F60C607275
> - easy to generate (and no rename after generated needed)
> - will never collide
> - no crypto discussion

Good idea. Not having to create and rename is nice. Is there a library  
on several platforms to calculate this or do I have to read RFC4122?

John Dickinson

More information about the Opendnssec-develop mailing list