[Opendnssec-user] Signer cannot find key

Gilles Massen gilles.massen at restena.lu
Tue Nov 30 10:22:11 UTC 2010


Hello,

As a follow-up to this issue:

> ods-signerd: could not find key fc477155ce7eeff5eeb9e67fb47a9492

The problem seems to be related to the working of the PKCS11 provider.
What happens is that "ods-ksmutil key generate" starts a process to have
the HSM create keys (via PKCS#11). This works, but the process
ods-signer (which has been started before the key generation) is not
seeing the newly generated keys (C_FindObjects gets no result). As the
signer is remaining whithin its PKCS11 session I don't know if that's
expected or not.

Stopping/starting the signer fixes this.

It is unclear to me if OpenDNSSEC could or should address this, or if
it's rather an PKCS11 provider implementation fault. Comments would be
most welcome...

Best,
Gilles

-- 
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473



More information about the Opendnssec-user mailing list