[Opendnssec-user] CKA_EXTRACTABLE usage & OpenDNSSEC

Petr Spacek pspacek at redhat.com
Fri Jul 18 14:40:34 UTC 2014


On 17.7.2014 12:51, Petr Spacek wrote:
> I have noticed that OpenDNSSEC/libhsm always creates keys with CKA_EXTRACTABLE
> = FALSE.
>
> This effectively prevents me from using C_WrapKey for implementing any key
> management between multiple nodes in cluster.
>
> Would you accept patch which would add an option to generate new keys with
> CKA_EXTRACTABLE flag set to TRUE? It could be similar to "SkipPublicKey"
> option. (Naturally, this option would default to FALSE :-)

Jakob Schlyter told me privately that patches are welcome, so here it is:
https://github.com/opendnssec/opendnssec/pull/110

-- 
Petr Spacek  @  Red Hat



More information about the Opendnssec-user mailing list