On Tue, Apr 15, 2014 at 08:04:27PM +0200, Rickard Bellgrim wrote: > On Tue, Apr 15, 2014 at 7:11 PM, Aki Tuomi <[email protected]> wrote: > > > Also. I tested that the database ends up in VERY different state when one > > performs > > > > --export > > --init-token > > --import > > > > than it does with C_GenerateKeyPair() > > > > Is there something else one needs to do after C_GenerateKeyPair that I am > > not currently doing? > > > The import command uses another template than what you have in your code. > See the code here: > https://github.com/opendnssec/SoftHSMv1/blob/develop/src/bin/softhsm.cpp#L686 > > E.g. CKA_TOKEN is set to true (if not present, SoftHSM will set it to > false), thus keeping the public key object. The export/import commands are > only handling the key material. They are simple commands and you, as a > user, can only set the label and the id. > > Please read more in the PKCS#11 document ( > ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf) for more > details on attributes, default values, and how objects are handled using > C_CreateObject / C_GenerateKeyPair. > > // Rickard
Thank you very much, this is very helpful! Aki
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
