> pkcs11-tool --module /usr/local/lib/libsofthsm.so --slot 4 -l -p 1234 > -k --id A1B2 --key-type rsa:1024 > >> Private Key Object; RSA >> label: >> ID: a1b2 >> Usage: decrypt, sign, unwrap >> Public Key Object; RSA 1024 bits >> label: >> ID: a1b2 >> Usage: encrypt, verify, wrap
pkcs11-tool set the public key to a session object, which means that it is removed when the tool closes the session. > Now this all looks good, but when I look at the file kPair4B2.p8, it contains > only a private key. When I export the key pair, I only look in the private key object. Because it contains both the private and public key. And when you save the pkcs#8 file, you only save the private key. It contains both the private and public key. > Also, if I check with > > pkcs11-tool --module /usr/local/lib/libsofthsm.so --slot 4 -l -p 1234 -O > > I only see the private key: > >> Private Key Object; RSA >> label: >> ID: a1b2 >> Usage: decrypt, sign, unwrap > > Any idea what I'm doing wrong? This is because pkcs11-tool only save the private key and not the public key. > Another question is whether anyone has tried to use SoftHSM from Mozilla > Firefox? Is it possible to store a certificate on SoftHSM (I verified that > C_CreateObject is there) and are there any issues with non standard pkcs11 > behavior by NSS that you know of? There is a patch in our ticket system for certificate support. Version 2.0 after this summer will have support for certificates. // Rickard_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
