[Opendnssec-user] Network enabled SoftHSM
Jakob Schlyter
jakob at kirei.se
Tue Apr 12 20:59:13 UTC 2011
On 12 apr 2011, at 13.54, Casper Gielen wrote:
> If anybody knows of any other way of doing PKCS11/(soft)HSM over the network I would be interested to know about it.
We had some discussion about this early in the project, see http://svn.opendnssec.org//docs/p11proxy.png, but it never got anywhere.
> My HSM consists of three parts: softhsm, pkcs11-proxy and stunnel
>
> softHSM is the backend which handles most of the work.
> pcks11-proxy speaks pkcs11 over the network.
> stunnel is a general-purpose ssl-wrapper to make the entire thing secure against network-sniffing.
Sweet.
jakob
More information about the Opendnssec-user
mailing list