[Opendnssec-develop] (long) My personal thoughts about identifiers, attributes and formats.

Roland van Rijswijk roland.vanrijswijk at surfnet.nl
Thu Mar 12 14:12:36 UTC 2009

Hi Roy,

> (3) Can I use the CKA_LABEL attribute to store the identifier.

What other objects do you think you will be storing on the HSM other
than keys? If all you are using is keys, then I would suggest that you
used CKA_ID for machine readable identifiers (e.g. UUIDs) and CKA_LABEL
for human readable identifiers (a descriptive string "Private KSK for
zone ladila.org").

> (4) Can I store the UUID string without special formatting.

CKA_LABEL uses UTF8 encoding, which means that you cannot store
arbitrary byte values without breaking the encoding (values above 127
(0x7F) have a special meaning); I would therefore suggest that you use a
hexadecimal string representation of the UUID according to the commonly
used formatting (fields separated by dashes: abcd-1234-56a... etc)

Just my 2 cents.




-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl

More information about the Opendnssec-develop mailing list