[Opendnssec-develop] Re: GOST support
Rickard Bellgrim
rickard at opendnssec.org
Fri Aug 30 13:50:12 UTC 2013
On Tue, Aug 27, 2013 at 12:41 PM, Rickard Bellgrim
<rickard at opendnssec.org>wrote:
> SoftHSMv2 are now supporting GOST. This after patches from Francis Dupont
> and some fixes to the PKCS#11 interface and the Botan implementation.
>
> The code in libhsm has been tweaked in order to be compliant with PKCS#11.
> The DNSSEC signatures from OpenDNSSEC has been validated using
> ldns-verify-zone and BIND. So all combinations of crypto library and
> mechanisms for GOST are now working as required.
>
> Only the Enforcer needs to be updated (algorithm number and key
> generation) before we can say that OpenDNSSEC supports GOST. The Signer
> Engine works as it is.
>
This also applies to ECDSA (P-256 and P-384), except that the code for
libhsm has not been committed to trunk. Will do that once Enforcer NG has
been migrated.
https://issues.opendnssec.org/browse/OPENDNSSEC-450
// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20130830/c7a8b524/attachment.htm>
More information about the Opendnssec-develop
mailing list