[Opendnssec-user] ECC algo signing in ods?

PGNet Dev pgnet.dev at gmail.com
Mon Dec 19 17:40:04 UTC 2016


On 12/19/2016 09:15 AM, Yuri Schaeffer wrote:
> Well, that version you compiled should have support! It is indeed staged
> for the 2.1 release. It should be in the NEWS file in the repositories
> root directory.

aha!

cat NEWS
	...
	UNRELEASED:
	...
	* OPENDNSSEC-450: Implement support for ECDSA P-256, P-384, GOST. Notice:
	...


no mention of 'ecc' or 'elliptic' or 'curve', so I grep-missed it :-/

I assume that the ods algo #'s match the IANA's for the ECDSA P-256 & P-384 algos?  i.e., "13" & "14"?

> Note that you can not use SoftHSMv1 as it doesn't support anything other
> than RSA. SoftHSMv2 does work. Let me know how it works out, you are the
> first user!

yep, I already have

	/usr/local/softhsm/bin/softhsm2-util --version
		2.3.0rc1

we'll see how it goes.



More information about the Opendnssec-user mailing list