[Opendnssec-user] sca6000

Andy Holdaway AndyH at nominet.org.uk
Fri Nov 12 13:02:07 UTC 2010


There seems to be an issue with the sca6000 card when you have more than 255 keys in a keystore.  Reduce the number of keys and you should be ok.

Regards
Andy

-----Original Message-----
From: opendnssec-user-bounces at lists.opendnssec.org [mailto:opendnssec-user-bounces at lists.opendnssec.org] On Behalf Of Benjamin Zwittnig
Sent: Friday, November 12, 2010 12:31 PM
To: opendnssec-user at lists.opendnssec.org
Subject: [Opendnssec-user] sca6000

Hi,

I am testing sca6000 to use it with opendnssec.  During some tests I have encountered some problems.

- sca6000 would hang after creating 269 keys (I tried to create 500 rsa 2048 keys with pkcs11-tool and the card stopped responding after 269 keys)
     - size of keys does not matter (the card stops responding after 269 keys of size 1024 as well)
- key listing (after card reset) with pkcs11-tool or ods-hsmutil gives suspicious result
     - consequent listings of an idle card do not output the same result (every time the list is longer for the number of keys on the card)

Attached is a listing of keys done with 'ods-hsmutil list sca6000'.  Keys on the list are not unique!

Does anybody know what else might be wrong?

Regards,

Benjamin

P.s.:
# /opt/sun/sca6000/bin/scamgr -V
scamgr (Sun Crypto Accelerator 6000) 1.1 # uname -a Linux Test 2.6.18-194.17.4.el5 #1 SMP Mon Oct 25 15:50:53 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux



More information about the Opendnssec-user mailing list