[Opendnssec-user] Signature failed to cryptographically verify

Gilles Massen gilles.massen at restena.lu
Tue Jun 3 07:42:18 UTC 2014

Hi Rickard,

On 3/6/2014, 08:29 , Rickard Bellgrim wrote:

>     Yes, it does. The error was "wrong padding" or "wrong pad length" I
>     think.
>  Could it be that libhsm is not padding the data (signature or public
> key) correctly when encoding it into DNS format? Or that the PKCS#11
> library is e.g. removing leading zeroes from some data?

I'd doubt it: it works perfectly for every key but one, and that
particular key works with the same version of libhsm on another machine.

But to be honest I'm largely out of my depth here...

Best regards,

More information about the Opendnssec-user mailing list