[Opendnssec-user] sca6000
Andy Holdaway
AndyH at nominet.org.uk
Fri Nov 12 13:02:07 UTC 2010
There seems to be an issue with the sca6000 card when you have more than 255 keys in a keystore. Reduce the number of keys and you should be ok.
Regards
Andy
-----Original Message-----
From: opendnssec-user-bounces at lists.opendnssec.org [mailto:opendnssec-user-bounces at lists.opendnssec.org] On Behalf Of Benjamin Zwittnig
Sent: Friday, November 12, 2010 12:31 PM
To: opendnssec-user at lists.opendnssec.org
Subject: [Opendnssec-user] sca6000
Hi,
I am testing sca6000 to use it with opendnssec. During some tests I have encountered some problems.
- sca6000 would hang after creating 269 keys (I tried to create 500 rsa 2048 keys with pkcs11-tool and the card stopped responding after 269 keys)
- size of keys does not matter (the card stops responding after 269 keys of size 1024 as well)
- key listing (after card reset) with pkcs11-tool or ods-hsmutil gives suspicious result
- consequent listings of an idle card do not output the same result (every time the list is longer for the number of keys on the card)
Attached is a listing of keys done with 'ods-hsmutil list sca6000'. Keys on the list are not unique!
Does anybody know what else might be wrong?
Regards,
Benjamin
P.s.:
# /opt/sun/sca6000/bin/scamgr -V
scamgr (Sun Crypto Accelerator 6000) 1.1 # uname -a Linux Test 2.6.18-194.17.4.el5 #1 SMP Mon Oct 25 15:50:53 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
More information about the Opendnssec-user
mailing list