[Opendnssec-develop] libhsm with DSA and GOST
Rickard Bellgrim
rickard at opendnssec.org
Fri Aug 5 08:48:14 UTC 2011
Hi
I added support for DSA and GOST to libhsm yesterday. I am having some
problem with DSA key generation. SCA6000 is missing the
CKM_DSA_PARAMETER_GEN mechanism. It is needed in order to generate the
DSA parameters for a given key length. The SafeNet Luna SA will give
CKR_ATTRIBUTE_TYPE_INVALID for a template only containing the
CKA_PRIME_BITS attribute.
1. C_GenerateKey with CKA_PRIME_BITS.
2. Extract CKA_PRIME, CKA_SUBPRIME, and CKA_BASE from domain parameter object.
3. Delete domain parameter object.
4. C_GenerateKeyPair with CKA_PRIME, CKA_SUBPRIME, and CKA_BASE.
Any ideas? It would be good to use the CKM_DSA_PARAMETER_GEN so that
we do not have to generate the domain parameters ourselves.
And GOST, I have no HSM that support it. I thus do not know if that
code is working.
// Rickard
More information about the Opendnssec-develop
mailing list