[Opendnssec-user]Problem with ods-signerd and softhsm slot error

Rickard Bellgrim rickard at opendnssec.org
Wed Jul 4 10:00:44 UTC 2012

> That really puzzled me why there was a sudden error with softhsm.
> $ softhsm --show-slot
> Available slots:
> Slot 0
>            Token present: yes
>            Token initialized: no
>            User PIN initialized: no
> initialized:no? I'm sure I use this slot to create keys before this disaster
> came.
> But I can get the key list, does that mean the slot or the softhsm is ok?
> Finally,I have to run
> $softhsm --init-token --slot 0 --label "OpenDNSSEC"
> to re-initialized the slot,but the disaster occurred that all the keys used
> before are not in the new repository,and all the keys are useless

The token is not initialized according to SoftHSM. If you are sure
that you used the token before, then the question is why it is
considered as uninitialized. You can verify this by looking into the
SoftHSM token database and see if there are any objects using the
sqlite3 command. Unfortunately, you ran the initialize command and
this can thus not be done. If you initialize a token, then any objects
will be removed. This is when backups comes in handy if you want to
restore a previous state.

When the Enforcer list the keys, it only look into its own database of
DNSSEC keys. There is no search performed in the HSM. The Enforcer
only has the CKA_ID of the objects in the HSM.

// Rickard

More information about the Opendnssec-user mailing list