Hello,
I have noticed that OpenDNSSEC/libhsm always creates keys with CKA_EXTRACTABLE
= FALSE.
This effectively prevents me from using C_WrapKey for implementing any key
management between multiple nodes in cluster.
Would you accept patch which would add an option to generate new keys with
CKA_EXTRACTABLE flag set to TRUE? It could be similar to "SkipPublicKey"
option. (Naturally, this option would default to FALSE :-)
Thank you for answers.
--
Petr Spacek @ Red Hat
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
