[Opendnssec-user] Information about SoftHSM v2 - signing operation

Roland van Rijswijk - Deij Roland.vanRijswijk at surfnet.nl
Tue Apr 14 11:54:02 UTC 2015

Hi Elizabeta,

Elizabeta wrote:
> I'm new to opendnsec. I've tried to use SoftHSM v2 and I was able to sign a message without logging in.
> Is that fine for SoftHSM ? since in the PKCS#11 specification it is written that some tokens may not require any type of authentication to make the usage of its cryptographic functions.

To answer your question we'll need a little bit more context. When you
say sign, do you mean that you have (created) a program that used
SoftHSM v2 as a PKCS #11 library? And if so, how did you create the keys
that you were using to sign? If the private key was created with the
CKA_PRIVATE attribute set to CK_FALSE, then you can create signatures
without logging in on the token.



-- Roland M. van Rijswijk - Deij
-- SURFnet bv
-- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet
-- e: roland.vanrijswijk at surfnet.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4412 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20150414/2779ae29/attachment.bin>

More information about the Opendnssec-user mailing list