[Opendnssec-develop] Re: [OpenDNSSEC] #100: Certificate support + C_Encrypt and C_Decrypt support
OpenDNSSEC
owner-dnssec-trac at kirei.se
Fri Feb 19 06:51:12 UTC 2010
#100: Certificate support + C_Encrypt and C_Decrypt support
--------------------------------------+-------------------------------------
Reporter: calderon.thomas@… | Owner: rb
Type: enhancement | Status: accepted
Priority: major | Component: SoftHSM
Version: trunk | Keywords: Certificate, C_Encrypt, C_Decrypt
--------------------------------------+-------------------------------------
Comment(by calderon.thomas@…):
Hi,
I guess the current mechanism and padding is the one used in most tokens
(I have compared to Gemalto cards). So I would say it is going to be
enough for most people. For testing, I used Kerberos, but as unit testing,
you could try using openssl and the token to perform rsa
encryption/decryption. However you would have to ensure the right padding
for openssl as the command line utility seems buggy for that (different
resutls, but identical when comparing the results with a hardware token).
Another solution is to use "libp11" which have one example script
performing decryption.
Regards,
Thomas Calderon.
--
Ticket URL: <http://trac.opendnssec.org/ticket/100#comment:2>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list