Now it's obvious what's going on :-)
The problem isn't with HSM (of course it happens with SoftHSM too) but in the
configuration.
If the zone isn't configured, keymgr reads the defaults (PEM keystore). So you
have to add the
zone to the configuration before manual key generation or to set some policy
with the PKCS11
keystore in the default template.
I'm considering extending keymgr listing with the keystore type. Also it's
possible to forbid
generation for zones which aren't configured or to print some warning, but it
would be inconvenient.
Daniel
On 2/10/23 12:43, Daniel Salzman wrote:
Good news JP, I have reproduced the issue with Keyper HSM.
Daniel
On 2/9/23 18:05, Jan-Piet Mens wrote:
"Unfortunately", even with softhsm I cannot reproduce that.
I was a bit afraid of that, as it puts the blame on the HSM proper and
therefore becomes almost completely undebuggable (is that even a word?).
But thank you, Daniel, for looking into this.
-JP
--
--
--
