On Tue, Apr 15, 2014 at 7:11 PM, Aki Tuomi <[email protected]> wrote: > Also. I tested that the database ends up in VERY different state when one > performs > > --export > --init-token > --import > > than it does with C_GenerateKeyPair() > > Is there something else one needs to do after C_GenerateKeyPair that I am > not currently doing?
The import command uses another template than what you have in your code. See the code here: https://github.com/opendnssec/SoftHSMv1/blob/develop/src/bin/softhsm.cpp#L686 E.g. CKA_TOKEN is set to true (if not present, SoftHSM will set it to false), thus keeping the public key object. The export/import commands are only handling the key material. They are simple commands and you, as a user, can only set the label and the id. Please read more in the PKCS#11 document ( ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf) for more details on attributes, default values, and how objects are handled using C_CreateObject / C_GenerateKeyPair. // Rickard
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
