[Cryptech Tech] "ksng" branch of Cryptech Alpha firmware now available as a binary package

Yuri Schaeffer yuri at nlnetlabs.nl
Tue Jan 3 09:09:42 UTC 2017

On 02-01-17 22:46, Peter Stuge wrote:
> Yuri Schaeffer wrote:
>> The enforcer daemon will not start (blocks, presumably on opening the
>> HSM) when the signer daemon is running and the other way around.
> What are the two daemons doing, respectively?
> Or: Why do two applications need (concurrent?) access to the HSM?

The Enforcer daemon is responsible for key management. It boils down to
generating keys at the right time and signal the Signer daemon which
keys to use. The Signer daemon simply signs data. Both programs work
quite independently and have no clue when the other program is active on
the HSM.
Moreover, ideally both daemons, but especially the signer run multiple
threads. With any thread being able to do HSM operations. What I've
heard from the Berlin workshop (I wasn't there myself) in order to get
OpenDNSSEC 1.4 running the Signer could use at most one thread. I
haven't tried multiple threads for that reason yet. Though I sounds like
it has the same underlying issue.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/tech/attachments/20170103/a22b3484/attachment.sig>

More information about the Tech mailing list