On 11/12/2010 02:01 PM, Jaroslav Benkovský wrote:
I am testing sca6000 to use it with opendnssec. During some tests I
have encountered some problems.
- sca6000 would hang after creating 269 keys (I tried to create 500 rsa
2048 keys with pkcs11-tool and the card stopped responding after 269 keys)
I also had this problem and it's even noted in some OpenDNSSEC readme,
iirc. Deleting the keystore helped. I think it's the problem of the
linux driver, but I have not tested it on Solaris.
It is a little bit better since the driver on Solaris reports a problem for the
257th key:
$ pkcs11-tool --module=/usr/lib/libpkcs11.so -p test:test --key-type rsa:1024 -k --id xxxx --label
xxxx --slot 0
error: PKCS11 function C_Login failed: rv = CKR_KEY_HANDLE_INVALID (0x60)
Aborting.
What is the actual limitation on number of keys?
I couldn't find the limitation in the documentation.
On 11/12/2010 02:02 PM, Andy Holdaway wrote:
There seems to be an issue with the sca6000 card when you have more than 255
keys in a keystore. Reduce the number of keys and you should be ok.
Thanks. I was a little confused since the default value in conf.xml for sca6000 for Capacity in is
set to 1000.
Regards,
Benjamin
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
