[Opendnssec-user] Signature failed to cryptographically verify

Rickard Bellgrim rickard at opendnssec.org
Tue Jun 3 06:30:33 UTC 2014

On Mon, Jun 2, 2014 at 11:56 AM, Gilles Massen <gilles.massen at restena.lu>

> > Have you tried validating the zone with validns? Does it give an
> > error also?
> Yes, it does. The error was "wrong padding" or "wrong pad length" I think.
Could it be that libhsm is not padding the data (signature or public key)
correctly when encoding it into DNS format? Or that the PKCS#11 library is
e.g. removing leading zeroes from some data?

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140603/6915e109/attachment.htm>

More information about the Opendnssec-user mailing list