[Cryptech Tech] BIND Support

Leif Johansson leifj at sunet.se
Wed Jun 20 19:54:04 UTC 2018

Previous message (by thread): [Cryptech Tech] BIND Support
Next message (by thread): [Cryptech Tech] BIND Support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2018-06-20 21:50, Dominique Douglas wrote:
> Thank you.
> 
> When I tried to set BIND up with native pkcs#11 using just libcryptech-pkcs11.so, BIND gave me a warning that not everything had been implemented and couldn't be used for signing. 'pkcs11-list' worked, but gave that warning. I didn't test further so I'm not sure if 'dnssec-keyfromlabel' or 'dnssec-signzone' would have actually worked and just used the modified OpenSSL technique to fill in the gaps. I'll continue to test more configurations and document them though.

right so it may be a better strategy to look at implementing those calls
in our p11 library

could you drop in pkcs11-spy (a shim p11 library that logs all calls)
and figure out which calls we're missing?

	Cheers Leif

Previous message (by thread): [Cryptech Tech] BIND Support
Next message (by thread): [Cryptech Tech] BIND Support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list