On 16 mar 2010, at 13.50, Tomas Gustavsson wrote: > > If using PKCS#11 I would personally not go down a path that is not > commonly used. The common usage of smart cards and hardware security > modules always stores both the private (as a sensitive object) and the > public key (either as a public key or as an x.509 certificate). > This works and is well tested and is sure to work across a wide range of > smart cards and hardware security modules. > > Why is this not suitable for OpenDNSSEC.
We currently do use both the private and public key object. It is just that we have heard different stories. E.g. when I tried to get a similar patch into pkcs11-tool one year ago. And from others saying that it is important to save the space in the HSM due to licensing or limited space. And your recommendation from the smarcard industry is to use both the private and public key object? // Rickard _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
