[Opendnssec-develop] Re: [OpenDNSSEC] #100: Certificate support + C_Encrypt and C_Decrypt support

OpenDNSSEC owner-dnssec-trac at kirei.se
Fri Feb 19 06:51:12 UTC 2010

#100: Certificate support + C_Encrypt and C_Decrypt support
Reporter:  calderon.thomas@…          |       Owner:  rb                               
    Type:  enhancement                |      Status:  accepted                         
Priority:  major                      |   Component:  SoftHSM                          
 Version:  trunk                      |    Keywords:  Certificate, C_Encrypt, C_Decrypt

Comment(by calderon.thomas@…):


 I guess the current mechanism and padding is the one used in most tokens
 (I have compared to Gemalto cards). So I would say it is going to be
 enough for most people. For testing, I used Kerberos, but as unit testing,
 you could try using openssl and the token to perform rsa
 encryption/decryption. However you would have to ensure the right padding
 for openssl as the command line utility seems buggy for that (different
 resutls, but identical when comparing the results with a hardware token).
 Another solution is to use "libp11" which have one example script
 performing decryption.


 Thomas Calderon.

Ticket URL: <http://trac.opendnssec.org/ticket/100#comment:2>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list