On Tue, Apr 15, 2014 at 09:18:20PM +0300, Aki Tuomi wrote: > On Tue, Apr 15, 2014 at 08:04:27PM +0200, Rickard Bellgrim wrote: > > On Tue, Apr 15, 2014 at 7:11 PM, Aki Tuomi <[email protected]> wrote: > > > > > Also. I tested that the database ends up in VERY different state when one > > > performs > > > > > > --export > > > --init-token > > > --import > > > > > > than it does with C_GenerateKeyPair() > > > > > > Is there something else one needs to do after C_GenerateKeyPair that I am > > > not currently doing? > > > > > > The import command uses another template than what you have in your code. > > See the code here: > > https://github.com/opendnssec/SoftHSMv1/blob/develop/src/bin/softhsm.cpp#L686 > > > > E.g. CKA_TOKEN is set to true (if not present, SoftHSM will set it to > > false), thus keeping the public key object. The export/import commands are > > only handling the key material. They are simple commands and you, as a > > user, can only set the label and the id. > > > > Please read more in the PKCS#11 document ( > > ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf) for more > > details on attributes, default values, and how objects are handled using > > C_CreateObject / C_GenerateKeyPair. > > > > // Rickard > > Thank you very much, this is very helpful! > > Aki
The problem was rectified when I added following attributes to public template CKA_TOKEN, TRUE CKA_CLASS, CKO_PUBLIC_KEY CKA_KEY_TYPE, CKK_RSS And these to private template CKA_CLASS, CKO_PRIVATE_KEY CKA_KEY_TYPE, CKK_RSS Thank you again for your help. > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
