[Opendnssec-user] OpenDNSSEC with SafeNet Luna HSM

Rickard Bellgrim rickard at opendnssec.org
Thu May 12 20:17:13 UTC 2016

On Thu, May 12, 2016 at 7:54 PM, Roman Serbski <mefystofel at gmail.com> wrote:

> Do I need to follow 'softhsm --init-token ...' procedure (I noticed
> that there is --module <path> directive)? Or OpenDNSSEC has to be
> recompiled with libCryptoki2_64.so support?

No, everything should work out of the box with OpenDNSSEC.

You initialize the PKCS#11 token when you create the partition, the users
and the HA slots in the SafeNet HSM.

The SoftHSM utils are primarily for SoftHSM, but there is an option, as you
say, to use another PKCS#11 provider. However, the initialization process
of an HSM is a bit more complicated then just using the PKCS#11 interface.

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160512/05f6a03a/attachment.htm>

More information about the Opendnssec-user mailing list