Mark Andrews wrote: > I'm trying to add hardware acceleration to our DNSSEC (RFC > 403[345]) implementation and need to support such keys. > This is for both validation and signing/re-signing authoritative > records (the later needs to support keys that are stored > in the HSM). We are using a SCA 6000 card at the moment.
Maybe not the answer you want to hear but it might be better to use an API that was actually designed for this from the start ie use PKCS#11 natively rather than going OpenSSL->PKCS#11. -- Darren J Moffat
