[Opendnssec-user] SoftHSM devel list?

Andreas Schwier andreas.schwier at cardcontact.de
Wed Jun 25 12:09:09 UTC 2014


On 06/25/2014 01:54 PM, Petr Spacek wrote:
> On 24.6.2014 12:00, Andreas Schwier wrote:
>>> Also, I would like to add support for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP
>>> key wrapping mechanisms and I'm looking for guidance on this.
>>
>> As written before, you can only wrap an asymmetric (private) key with a
>> symmetric key and a symmetric keys with an asymmetric (public) key.
>>
>> If you want to transmit an asymmetric private key from one place to
>> another, then you need to
>>
>> 1. Generate a symmetric transport key
>> 2. Wrap the transport key using the public key for encryption of the
>> recipient
> My understanding is that for step 2 I need something like
> CKM_RSA_PKCS_OAEP, right?
That is correct. You also need the functionality to import the public
key of the recipient using C_CreateObject. Don't know if SoftHSM already
supports that.

> 
> The problem is that C_WrapKey in SoftHSM v2 doesn't support any
> asymmetric algorithm for key wrapping. That is the reason why I asked
> for guidance while implementing it :-)
> 
> Do you have any specific recommendation on that?
> 
> Thank you!
> 


-- 

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org
                 http://www.smartcard-hsm.com




More information about the Opendnssec-user mailing list