[Opendnssec-user] OpenDNSSEC with SafeNet Luna HSM
Rick van Rein
rick at openfortress.nl
Thu May 12 20:32:40 UTC 2016
Hi Roman,
> I understand that I'll have to modify conf.xml to include additional
> repository (with the path to libCryptoki2_64.so and relevant partition
> password), and then duplicate and adjust the policy in kasp.xml, but
> before that I guess I need to initialize a slot?
>
You probably need to do that, indeed, to "format" the partition. I'm
not 100% sure how we did it though. The documentation coming with
SAFEnet HSMs is extensive, I suggestion you read that carefully :) and
you should find the "vtl" utility useful to inspect the impact of your work.
> Do I need to follow 'softhsm --init-token ...' procedure (I noticed
> that there is --module <path> directive)? Or OpenDNSSEC has to be
> recompiled with libCryptoki2_64.so support?
>
As Rickard says, this is for another PKCS #11 implementation, named
SoftHSM. You should instead have a look at the lunasa prefix as you
installed it. On *BSD it's probably somewhere like /usr/local/lunasa/
> Many thanks and sorry in advance if it's too obvious.
If it's not obvious to you, then an exchange of knowledge seems like a
good use of a mailing list :) but you should really spend some good time
on the SAFEnet documentation; it is perhaps as patronising as it is
thorough.
-Rick
More information about the Opendnssec-user
mailing list