[Opendnssec-user] sca6000
Benjamin Zwittnig
benjamin.zwittnig at arnes.si
Mon Nov 15 10:22:22 UTC 2010
On 11/12/2010 02:01 PM, Jaroslav Benkovský wrote:
>> I am testing sca6000 to use it with opendnssec. During some tests I
>> have encountered some problems.
>>
>> - sca6000 would hang after creating 269 keys (I tried to create 500 rsa
>> 2048 keys with pkcs11-tool and the card stopped responding after 269 keys)
> I also had this problem and it's even noted in some OpenDNSSEC readme,
> iirc. Deleting the keystore helped. I think it's the problem of the
> linux driver, but I have not tested it on Solaris.
It is a little bit better since the driver on Solaris reports a problem for the 257th key:
$ pkcs11-tool --module=/usr/lib/libpkcs11.so -p test:test --key-type rsa:1024 -k --id xxxx --label
xxxx --slot 0
error: PKCS11 function C_Login failed: rv = CKR_KEY_HANDLE_INVALID (0x60)
Aborting.
What is the actual limitation on number of keys?
I couldn't find the limitation in the documentation.
On 11/12/2010 02:02 PM, Andy Holdaway wrote:
>> There seems to be an issue with the sca6000 card when you have more than 255 keys in a keystore. Reduce the number of keys and you should be ok.
Thanks. I was a little confused since the default value in conf.xml for sca6000 for Capacity in is
set to 1000.
Regards,
Benjamin
More information about the Opendnssec-user
mailing list