[Opendnssec-user] CKA_EXTRACTABLE usage & OpenDNSSEC

[Petr Spacek]

Hello,

I have noticed that OpenDNSSEC/libhsm always creates keys with CKA_EXTRACTABLE 
= FALSE.

This effectively prevents me from using C_WrapKey for implementing any key 
management between multiple nodes in cluster.

Would you accept patch which would add an option to generate new keys with 
CKA_EXTRACTABLE flag set to TRUE? It could be similar to "SkipPublicKey" 
option. (Naturally, this option would default to FALSE :-)

Thank you for answers.

-- 
Petr Spacek  @  Red Hat