[Opendnssec-user] CKA_EXTRACTABLE usage & OpenDNSSEC
Petr Spacek
pspacek at redhat.com
Fri Jul 18 14:40:34 UTC 2014
On 17.7.2014 12:51, Petr Spacek wrote:
> I have noticed that OpenDNSSEC/libhsm always creates keys with CKA_EXTRACTABLE
> = FALSE.
>
> This effectively prevents me from using C_WrapKey for implementing any key
> management between multiple nodes in cluster.
>
> Would you accept patch which would add an option to generate new keys with
> CKA_EXTRACTABLE flag set to TRUE? It could be similar to "SkipPublicKey"
> option. (Naturally, this option would default to FALSE :-)
Jakob Schlyter told me privately that patches are welcome, so here it is:
https://github.com/opendnssec/opendnssec/pull/110
--
Petr Spacek @ Red Hat
More information about the Opendnssec-user
mailing list