[Opendnssec-user] Network enabled SoftHSM

Jakob Schlyter jakob at kirei.se
Tue Apr 12 20:59:13 UTC 2011

On 12 apr 2011, at 13.54, Casper Gielen wrote:

> If anybody knows of any other way of doing PKCS11/(soft)HSM over the network I would be interested to know about it.

We had some discussion about this early in the project, see http://svn.opendnssec.org//docs/p11proxy.png, but it never got anywhere.

> My HSM consists of three parts: softhsm, pkcs11-proxy and stunnel
> softHSM is the backend which handles most of the work.
> pcks11-proxy speaks pkcs11 over the network.
> stunnel is a general-purpose ssl-wrapper to make the entire thing secure against network-sniffing.



More information about the Opendnssec-user mailing list