[Opendnssec-user] SoftHSM devel list?

Petr Spacek pspacek at redhat.com
Wed Jun 25 13:54:53 CEST 2014


On 24.6.2014 12:00, Andreas Schwier wrote:
>> Also, I would like to add support for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP
>> key wrapping mechanisms and I'm looking for guidance on this.
>
> As written before, you can only wrap an asymmetric (private) key with a
> symmetric key and a symmetric keys with an asymmetric (public) key.
>
> If you want to transmit an asymmetric private key from one place to
> another, then you need to
>
> 1. Generate a symmetric transport key
> 2. Wrap the transport key using the public key for encryption of the
> recipient
My understanding is that for step 2 I need something like CKM_RSA_PKCS_OAEP, 
right?

The problem is that C_WrapKey in SoftHSM v2 doesn't support any asymmetric 
algorithm for key wrapping. That is the reason why I asked for guidance while 
implementing it :-)

Do you have any specific recommendation on that?

Thank you!

-- 
Petr Spacek  @  Red Hat



More information about the Opendnssec-user mailing list