[Opendnssec-user] softhsm: Create a token without a PIN?

Rickard Bellgrim rickard at opendnssec.org
Fri Nov 7 15:21:51 UTC 2014

On Fri, Nov 7, 2014 at 12:23 AM, Mike Gerow <gerow at google.com> wrote:

> Is it possible to create a softhsm token without a PIN (and with the
> flags for the CK_TOKEN_INFO not having CKF_LOGIN_REQUIRED set)?

You could manually call C_InitToken() and ignore calling C_InitPIN(). This
would only give you access to the public objects. I have not tested this
scenario, but it should work. The CKF_LOGIN_REQUIRED would still be set.

If you also want access to the private objects (CKA_PRIVATE == CK_TRUE),
then it would break the architecture in PKCS#11. Access to private objects
can only be done using an authenticated user.

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20141107/f659e0c1/attachment.htm>

More information about the Opendnssec-user mailing list