[Opendnssec-user] problems starting ods 1.3.0b1 with Keyper

Fri Apr 1 16:13:02 UTC 2011

Hi,

I'm having some trouble starting 1.3.0b1 with an AEP Keyper in our test lab.

Any suggestions/thoughts on the below would be great.

Thanks

Billy

--
from conf.xml

<Repository name="AEPKeyper">
            <Module>/opt/Keyper/PKCS11Provider/pkcs11.so</Module>
	    <TokenLabel>IEHSM</TokenLabel>
            <PIN>9876</PIN>
            <Capacity>1000</Capacity>
            <RequireBackup/>
</Repository>

# ods-hsmutil test AEPKeyper
Testing repository: AEPKeyper

Generating 512-bit RSA key...
answer.GetCall(KEYGEN2) failed; error 1208Failed
generate key pair: CKR_DEVICE_ERROR

Generating 768-bit RSA key...
answer.GetCall(KEYGEN2) failed; error 1208Failed
generate key pair: CKR_DEVICE_ERROR

Generating 1024-bit RSA key... OK
Extracting key identifier... OK, fd2f2f605750419aa61550d9bb72b39e
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK

Generating 1536-bit RSA key... OK
Extracting key identifier... OK, a5e39022f279d9099c3b2ad4099b04c7
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK

Generating 2048-bit RSA key... OK
Extracting key identifier... OK, 4017b49d237dc41e7a31a7144169f42b
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK

Generating 4096-bit RSA key... OK
Extracting key identifier... OK, a63c9ebe2bc26dcdd16f96f0330fe720
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK

Generating 1024 bytes of random data... OK
Generating 32-bit random data... 979871116
Generating 64-bit random data... 3108463339320388098
[root at ie-dnssec-1 opendnssec]# ods-hsmutil info
Repository: AEPKeyper
	Module:        /opt/Keyper/PKCS11Provider/pkcs11.so
	Slot:          0
	Token Label:   IEHSM
	Manufacturer:  AEP Networks
	Model:         Keyper Ent 1126
	Serial:        K5905001
[root at ie-dnssec-1 opendnssec]# ods-control start
Starting enforcer...
OpenDNSSEC ods-enforcerd started (version 1.3.0b1), pid 15427
Starting signer engine...
Starting signer...
OpenDNSSEC signer engine version 1.3.0b1
Could not start signer

Apr  1 16:58:59 ie-dnssec-1 ods-enforcerd: opendnssec starting...
Apr  1 16:58:59 ie-dnssec-1 ods-enforcerd: opendnssec forked OK...
Apr  1 16:58:59 ie-dnssec-1 ods-enforcerd: group set to: opendnssec (505)
Apr  1 16:58:59 ie-dnssec-1 ods-enforcerd: user set to: opendnssec (505)
Apr  1 16:58:59 ie-dnssec-1 ods-enforcerd: opendnssec started (version
1.3.0b1), pid 15427
Apr  1 16:58:59 ie-dnssec-1 ods-enforcerd: opendnssec Parent exiting...
Apr  1 16:58:59 ie-dnssec-1 ods-enforcerd: hsm_get_slot_id(): could not
find token with the name IEHSM
Apr  1 16:58:59 ie-dnssec-1 ods-signerd: [engine] error initializing
libhsm (errno 268435457)
Apr  1 16:58:59 ie-dnssec-1 ods-signerd: [engine] setup failed: HSM error
Apr  1 16:58:59 ie-dnssec-1 ods-signerd: [engine] signer shutdown