[ Quoting <[email protected]> in "[Opendnssec-user]..." ] > Hi all, > > Take key generation for example, the vendors' HSM devices allow create keys > with > software API though they are both using PKCS#11, keys in HSM devices must be > created manually with administrator permission and it is the same case with
Generating keys is defined in pkcs#11, not doing it would mean you are not
supporting pkcs#11.
> And we also found out that HSM device do not support <TokenLabel> which is
> used
> by
> SoftHSM's slot, only KeyLabel is supported, that means it designate a
> specific
> key to do the signing work instead of the keys in a slot.
>
> people can do their own programming work with your APIs if they exist in order
> to adapt with HSM devices?
"your APIs" = pkcs#11 and HSM vendors should support that.
> Are there any body ever met the problem as ours?
OpenDNSSEC lists a bunch a HSMs that work with it and AFAICT they all
do pkcs#11.
Regards,
--
Miek Gieben http://miek.nl
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
