[Opendnssec-user] Generating public/private key
Rickard Bellgrim
rickard at opendnssec.org
Tue Apr 15 18:04:27 UTC 2014
On Tue, Apr 15, 2014 at 7:11 PM, Aki Tuomi <cmouse at cmouse.fi> wrote:
> Also. I tested that the database ends up in VERY different state when one
> performs
>
> --export
> --init-token
> --import
>
> than it does with C_GenerateKeyPair()
>
> Is there something else one needs to do after C_GenerateKeyPair that I am
> not currently doing?
The import command uses another template than what you have in your code.
See the code here:
https://github.com/opendnssec/SoftHSMv1/blob/develop/src/bin/softhsm.cpp#L686
E.g. CKA_TOKEN is set to true (if not present, SoftHSM will set it to
false), thus keeping the public key object. The export/import commands are
only handling the key material. They are simple commands and you, as a
user, can only set the label and the id.
Please read more in the PKCS#11 document (
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf) for more
details on attributes, default values, and how objects are handled using
C_CreateObject / C_GenerateKeyPair.
// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140415/5c829a53/attachment.htm>
More information about the Opendnssec-user
mailing list