[Cryptech Tech] BIND Support

Dominique Douglas douglas at dkey.org
Wed Jun 20 19:50:44 UTC 2018

Previous message (by thread): [Cryptech Tech] BIND Support
Next message (by thread): [Cryptech Tech] BIND Support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you.

When I tried to set BIND up with native pkcs#11 using just libcryptech-pkcs11.so, BIND gave me a warning that not everything had been implemented and couldn't be used for signing. 'pkcs11-list' worked, but gave that warning. I didn't test further so I'm not sure if 'dnssec-keyfromlabel' or 'dnssec-signzone' would have actually worked and just used the modified OpenSSL technique to fill in the gaps. I'll continue to test more configurations and document them though.

Thanks 

-----Original Message-----
From: Tech <tech-bounces at cryptech.is> On Behalf Of Leif Johansson
Sent: Wednesday, June 20, 2018 2:21 PM
To: tech at cryptech.is
Subject: Re: [Cryptech Tech] BIND Support

On 2018-06-20 17:13, Dominique Douglas wrote:
> Hello. This is Dominque. I'm new at Diamond Key and this is my first

Welcome Dominique!

> addition to the mailing list. I've been going over the documentation 
> for the Alpha and have been working mostly of the wiki. It's been a 
> great starting point. I'd like to say that I have successfully gotten 
> the alpha to work with BIND. I'm going to share an excerpt from the 
> documentation that I have been working on that shows how to setup BIND 
> and a patched version of OpenSSL. There are still some configurations 
> that I need to test, but this should be a good starting point for 
> anyone that would like to try out BIND. I'm attaching a WORD document. 
> Let me know if you have any issues with it.
> 

I'm surprised that you had to modify openssl to get this to work.

I've used p11 with openssl many times and usually just load the
p11 engine shim along with the p11 so library.... however I haven't carefully reviewed the whole document so maybe there is a clue I've missed

	Cheers Leif

>  
> 
> Thanks
> 
>  
> 
>  
> 
> 
> 
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
> 

_______________________________________________
Tech mailing list
Tech at cryptech.is
https://lists.cryptech.is/listinfo/tech

Previous message (by thread): [Cryptech Tech] BIND Support
Next message (by thread): [Cryptech Tech] BIND Support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list