[Opendnssec-develop] Re: [OpenDNSSEC] #204: ods-hsmutil segfaults when listing keys in TPM chip

[OpenDNSSEC]

#204: ods-hsmutil segfaults when listing keys in TPM chip
------------------------------------------+---------------------------------
Reporter:  Ondřej Surý <ondrej@…>         |       Owner:  jakob 
    Type:  defect                         |      Status:  new   
Priority:  major                          |   Component:  libhsm
 Version:  1.1.3                          |    Keywords:        
------------------------------------------+---------------------------------

Comment(by dcarter@…):

 I was able to work around this bug by deleting the key in the HSM (which
 had a label but not an id) and creating a new key with ods-hsmutil. I
 recommend that documentation be added that warns that there may not be any
 keys in the repository which were not created by ods-hsmutil.

 To delete the old keys I used pkcs11-destroy which comes with BIND 9:



 $ pkcs11-destroy -m /usr/lib/opencryptoki/libopencryptoki.so.0
 Enter Pin:
 object[0]: class 3 label 'KSK2011' id[0]
 object[1]: class 2 label 'KSK2011' id[0]
 sleeping 5 seconds...


 $ ods-hsmutil list
 Listing keys in all repositories.
 0 keys found.

 Repository            ID                                Type
 ----------            --                                ----

 $ ods-hsmutil generate <repository> rsa 2048
 Generating 2048 bit RSA key in repository: <repository>
 Key generation successful: d590bebdd83670a7e292d750f47da809

 $ ods-hsmutil list
 Listing keys in all repositories.
 1 key found.

 Repository            ID                                Type
 ----------            --                                ----
 <repository>          d590bebdd83670a7e292d750f47da809  RSA/2048

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/204#comment:2>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC