Hello everyone,
I'm playing around with SoftHSM and would like to ask some (hopefully
not overy stupid) questions:
I'm trying to generate a keypair and export it as follows:
softhsm --init-token --slot 4 --label "token4" --so-pin 12345678
--pin 1234
> The token has been initialized.
pkcs11-tool --module /usr/local/lib/libsofthsm.so --slot 4 -l -p 1234
-k --id A1B2 --key-type rsa:1024
> Private Key Object; RSA
> label:
> ID: a1b2
> Usage: decrypt, sign, unwrap
> Public Key Object; RSA 1024 bits
> label:
> ID: a1b2
> Usage: encrypt, verify, wrap
softhsm --export kPair4B2.p8 --slot 4 --id A1B2 --pin 1234
> The key pair has been written to kPair4B2.p8
Now this all looks good, but when I look at the file kPair4B2.p8, it contains
only a private key.
Also, if I check with
pkcs11-tool --module /usr/local/lib/libsofthsm.so --slot 4 -l -p 1234 -O
I only see the private key:
> Private Key Object; RSA
> label:
> ID: a1b2
> Usage: decrypt, sign, unwrap
Any idea what I'm doing wrong?
Another question is whether anyone has tried to use SoftHSM from Mozilla
Firefox? Is it possible to store a certificate on SoftHSM (I verified that
C_CreateObject is there) and are there any issues with non standard pkcs11
behavior by NSS that you know of?
many thanks in advance!
-b
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
