[Opendnssec-user] Generating public/private key

Rickard Bellgrim rickard at opendnssec.org
Tue Apr 15 18:04:27 UTC 2014

On Tue, Apr 15, 2014 at 7:11 PM, Aki Tuomi <cmouse at cmouse.fi> wrote:

> Also. I tested that the database ends up in VERY different state when one
> performs
> --export
> --init-token
> --import
> than it does with C_GenerateKeyPair()
> Is there something else one needs to do after C_GenerateKeyPair that I am
> not currently doing?

The import command uses another template than what you have in your code.
See the code here:

E.g. CKA_TOKEN is set to true (if not present, SoftHSM will set it to
false), thus keeping the public key object. The export/import commands are
only handling the key material. They are simple commands and you, as a
user, can only set the label and the id.

Please read more in the PKCS#11 document (
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf) for more
details on attributes, default values, and how objects are handled using
C_CreateObject / C_GenerateKeyPair.

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140415/5c829a53/attachment.htm>

More information about the Opendnssec-user mailing list