[Opendnssec-user] Signature failed to cryptographically verify

[Gilles Massen]

Hi Rickard,

On 3/6/2014, 08:29 , Rickard Bellgrim wrote:

>     Yes, it does. The error was "wrong padding" or "wrong pad length" I
>     think.
> 
> 
>  Could it be that libhsm is not padding the data (signature or public
> key) correctly when encoding it into DNS format? Or that the PKCS#11
> library is e.g. removing leading zeroes from some data?

I'd doubt it: it works perfectly for every key but one, and that
particular key works with the same version of libhsm on another machine.

But to be honest I'm largely out of my depth here...

Best regards,
Gilles