[Cryptech Tech] "ksng" branch of Cryptech Alpha firmware now available as a binary package

Yuri Schaeffer yuri at nlnetlabs.nl
Fri Dec 23 21:27:49 UTC 2016

>> I'll give OpenDNSSECv2 another shot in he new year.
> Cool.  Thanks again!

Couldn't help but give it a quick try today. Some observations, nothing
in depth:

While having 68 keys 'keystore show keys' enumerates the keys except
after 49 it wraps to 0 again. (But yay for more than 10 objects! which
was kind of a blocker)

The enforcer daemon will not start (blocks, presumably on opening the
HSM) when the signer daemon is running and the other way around.

Generating RSA keys works but neither daemon is able to later retrieve
the objects using their locator. So I can't get to the signing part yet.

And it seems that every interaction OpenDNSSEC has with the HSM is super
slow. Logging in to the mgmt console is also slow. Like a 10 second
pause after typing in your password. I feel these two are probably related?

As said, nothing in depth till the new year. But at least some feedback
from me for 2016.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/tech/attachments/20161223/a9e7fcc8/attachment.sig>

More information about the Tech mailing list