[Opendnssec-user] Error creating key in repository SoftHSM / generate key pair: CKR_GENERAL_ERROR

Volker Janzen voja at voja.de
Sat Dec 14 17:05:31 UTC 2013 

Hi,

I added a new zone. The enforcer exits now every time with this error:

Dec 14 18:00:56 a ods-enforcerd: opendnssec starting...
Dec 14 18:00:56 a ods-enforcerd: opendnssec Parent exiting...
Dec 14 18:00:56 a ods-enforcerd: opendnssec forked OK...
Dec 14 18:00:56 a ods-enforcerd: group set to: opendnssec (109)
Dec 14 18:00:56 a ods-enforcerd: user set to: opendnssec (104)
Dec 14 18:00:56 a ods-enforcerd: opendnssec started (version 1.4.1), 
pid 12153
Dec 14 18:00:56 a ods-enforcerd: HSM opened successfully.
Dec 14 18:00:56 a ods-enforcerd: Checking database connection...
Dec 14 18:00:56 a ods-enforcerd: Database connection ok.
Dec 14 18:00:56 a ods-enforcerd: Reading config 
"/etc/opendnssec/conf.xml"
Dec 14 18:00:56 a ods-enforcerd: Reading config schema 
"/usr/share/opendnssec/conf.rng"
Dec 14 18:00:56 a ods-enforcerd: Communication Interval: 3600
Dec 14 18:00:56 a ods-enforcerd: Using command: 
/usr/local/bin/update-dnskey.sh to submit DS records
Dec 14 18:00:56 a ods-enforcerd: SQLite database set to: 
/var/lib/opendnssec/kasp.db
Dec 14 18:00:56 a ods-enforcerd: Log User set to: local0
Dec 14 18:00:56 a ods-enforcerd: Switched log facility to: local0
Dec 14 18:00:56 a ods-enforcerd: Connecting to Database...
Dec 14 18:00:56 a ods-enforcerd: Policy default found.
Dec 14 18:00:56 a ods-enforcerd: Key sharing is Off.
Dec 14 18:00:57 a ods-enforcerd: Error creating key in repository 
SoftHSM
Dec 14 18:00:57 a ods-enforcerd: generate key pair: CKR_GENERAL_ERROR

And with exit I mean the process is gone after this and cannot be 
restarted (same error message).

root at a:~#  ods-hsmutil list
Listing keys in all repositories.
2 keys found.

Repository            ID                                Type
----------            --                                ----
SoftHSM               d1f3f642a33a028426d7d1e391e5e03c  RSA/1024
SoftHSM               b9b1b3c9f51242b3f4f23d713c65adbb  RSA/2048

root at a:~# ods-hsmutil test SoftHSM
Testing repository: SoftHSM

Generating 512-bit RSA key... OK
Extracting key identifier... OK, 546f0510dd2de82078276b1ec029d79d
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Deleting key... OK

Generating 768-bit RSA key... OK
Extracting key identifier... OK, 3a8def00636c4fd78fc706ea34b6779d
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Deleting key... OK

Generating 1024-bit RSA key... OK
Extracting key identifier... OK, 45073f52a3f24eeeda492cc37d29f1a1
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK

Generating 1536-bit RSA key... OK
Extracting key identifier... OK, 53978062e6fa4e7df457d6dfaeb42035
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK

Generating 2048-bit RSA key... OK
Extracting key identifier... OK, 0479b89bc8c8bbedde6c10ec0d86ec1b
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK

Generating 4096-bit RSA key... OK
Extracting key identifier... OK, 57c9502e28fb21bc93bca7c704a56b04
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK

Generating 512-bit DSA key... Failed
generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED

Generating 768-bit DSA key... Failed
generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED

Generating 1024-bit DSA key... Failed
generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED

Generating 512-bit GOST key... Failed
generate key pair: CKR_MECHANISM_INVALID

Generating 1024 bytes of random data... OK
Generating 32-bit random data... 1640285934
Generating 64-bit random data... 11669623599949091766


Regards,
   Volker

More information about the Opendnssec-user mailing list