[Opendnssec-user] SoftHSMv2: key extraction

Rickard Bellgrim rickard at opendnssec.org
Tue Jun 24 08:40:18 UTC 2014


On Fri, Jun 20, 2014 at 6:20 PM, Petr Spacek <pspacek at redhat.com> wrote:

> Unfortunately, it is absolutely crucial feature and we can't migrate to v2
> until we find a way how to do key exports.
>
> I understand that it is not desirable to enable this by default, it is
> perfectly fine to provide key export in separate binary (i.e. not built-in
> into softhsm2-util).
>
> Could you point me to the right part of the code in SoftHSM so I can take
> a look if it is feasible to do key extraction, please?
>

Are you looking for the functions C_WrapKey() and C_UnwrapKey()?

https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L4792
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L5066

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140624/63adb803/attachment.htm>


More information about the Opendnssec-user mailing list