Hi, We were just wondering, in what form OpenDNSSEC passes the records to the HSM for signing? Does the OpenDNSSEC signer compute the digest itself and then only passes the digest to the HSM, or is it a task of the HSM to compute the digest?
If the HSM computes the digest, I presume that the properties of the HSM device dictate what hashing algorithms can be used when signing records? In our case, the hardware HSM doesn't support SHA-256, but we would still like to be able to support RSA/SHA-256 signatures. According to the output of the "ods-hsmutil test", it seems that we are able to use RSA/SHA-256 signatures. The question is, does the OpenDNSSEC use the HSM in the same way as the ods-hsmutil? Regards, Antti _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
