[Opendnssec-develop] HSM test program -> develop against SoftHSM?

Rick van Rein rick at openfortress.nl
Tue May 5 20:17:36 UTC 2009

Hello Rickard, Stephen and Roland,

I am working on the HSM testing program, and wondering how to test the
test program, other than sticking to the PKCS #11 specification as
tightly as possible.

One approach would be to absolutely ignore the SoftHSM and test on another
device.  But whichever way I turn it, it will always be a test against
something concrete, not against a generic thing like the spec, which it
would ideally be.

I am now thinking that I could test against the SoftHSM, and "wrestle"
with Rickard over who is right/wrong when differences pop up.  Since
the HSM Test code was written in total ignorance of the SoftHSM code,
and since I will continue to discuss with Rickard instead of his code,
we would actually end up testing to see if the specs are properly
implemented on either end.

If either of you (or the Cc'd list) sees a formal problem with such testing
against the SoftHSM then please speak now or otherwise I shall proceed.


More information about the Opendnssec-develop mailing list