On 10/9/19 4:23 PM, Mathieu Arnold wrote: > Hi, > > I am currently running tests with SoftHSM2 to make sure the migration > from 1 to 2 goes without any hitch. > > The documentation of SoftHSM is pretty sparse, and I am wondering about > objectstore.backend. > > The default is "file", which uses the filesystem as a database, and > another possibility is "db" which uses a SQLite3 database instead of the > filesystem, like SoftHSM1 used to do. > > I am wondering what are the pro and cons of each, knowing that my > OpenDNSSEC installation has thousands of domains.
I'm not really sure on the design goals, so these are just my personal observations. The file db scatters keys over multiple files, making it harder for attackers to find key material. It will also be faster. However the SQLite3 is easier for operational environments to backup (just one file) and is more transactional in that respect. Many just use file based as it is the default. \Berry
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
