[Opendnssec-develop] (long) My personal thoughts about identifiers, attributes and formats.
Roland van Rijswijk
roland.vanrijswijk at surfnet.nl
Thu Mar 12 14:12:36 UTC 2009
> (3) Can I use the CKA_LABEL attribute to store the identifier.
What other objects do you think you will be storing on the HSM other
than keys? If all you are using is keys, then I would suggest that you
used CKA_ID for machine readable identifiers (e.g. UUIDs) and CKA_LABEL
for human readable identifiers (a descriptive string "Private KSK for
> (4) Can I store the UUID string without special formatting.
CKA_LABEL uses UTF8 encoding, which means that you cannot store
arbitrary byte values without breaking the encoding (values above 127
(0x7F) have a special meaning); I would therefore suggest that you use a
hexadecimal string representation of the UUID according to the commonly
used formatting (fields separated by dashes: abcd-1234-56a... etc)
Just my 2 cents.
-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl
More information about the Opendnssec-develop