[Opendnssec-user] Generating public/private key
Aki Tuomi
cmouse at cmouse.fi
Tue Apr 15 18:18:20 UTC 2014
On Tue, Apr 15, 2014 at 08:04:27PM +0200, Rickard Bellgrim wrote:
> On Tue, Apr 15, 2014 at 7:11 PM, Aki Tuomi <cmouse at cmouse.fi> wrote:
>
> > Also. I tested that the database ends up in VERY different state when one
> > performs
> >
> > --export
> > --init-token
> > --import
> >
> > than it does with C_GenerateKeyPair()
> >
> > Is there something else one needs to do after C_GenerateKeyPair that I am
> > not currently doing?
>
>
> The import command uses another template than what you have in your code.
> See the code here:
> https://github.com/opendnssec/SoftHSMv1/blob/develop/src/bin/softhsm.cpp#L686
>
> E.g. CKA_TOKEN is set to true (if not present, SoftHSM will set it to
> false), thus keeping the public key object. The export/import commands are
> only handling the key material. They are simple commands and you, as a
> user, can only set the label and the id.
>
> Please read more in the PKCS#11 document (
> ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf) for more
> details on attributes, default values, and how objects are handled using
> C_CreateObject / C_GenerateKeyPair.
>
> // Rickard
Thank you very much, this is very helpful!
Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140415/a1910b2a/attachment.bin>
More information about the Opendnssec-user
mailing list