[Opendnssec-user] SoftHSM devel list?
Rickard Bellgrim
rickard at opendnssec.org
Thu Jun 26 05:57:42 UTC 2014
On Wed, Jun 25, 2014 at 1:54 PM, Petr Spacek <pspacek at redhat.com> wrote:
> My understanding is that for step 2 I need something like
> CKM_RSA_PKCS_OAEP, right?
>
> The problem is that C_WrapKey in SoftHSM v2 doesn't support any asymmetric
> algorithm for key wrapping. That is the reason why I asked for guidance
> while implementing it :-)
>
> Do you have any specific recommendation on that?
>
Some guidance:
Add more flags to the algorithms:
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L794
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L814
Add the algorithms to the switch-statements and adjust the code to handle
the different algorithms:
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L4792
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L5066
The AsymmetricAlgorithm class does not support key wrapping. The interface
and the subclasses needs to extended. Compare with how it was implemented
for SymmetricAlgorithm:
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/crypto/AsymmetricAlgorithm.h
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/crypto/SymmetricAlgorithm.h
// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140626/d9f18919/attachment.htm>
More information about the Opendnssec-user
mailing list