[Opendnssec-develop] GOST support
Rickard Bellgrim
rickard at opendnssec.org
Tue Aug 27 10:41:36 UTC 2013
Hi
SoftHSMv2 are now supporting GOST. This after patches from Francis Dupont
and some fixes to the PKCS#11 interface and the Botan implementation.
The code in libhsm has been tweaked in order to be compliant with PKCS#11.
The DNSSEC signatures from OpenDNSSEC has been validated using
ldns-verify-zone and BIND. So all combinations of crypto library and
mechanisms for GOST are now working as required.
Only the Enforcer needs to be updated (algorithm number and key generation)
before we can say that OpenDNSSEC supports GOST. The Signer Engine works as
it is.
// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130827/76da92c2/attachment.htm>
More information about the Opendnssec-develop
mailing list