dnssec-keyfromlabel-pkcs11 label format

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

dnssec-keyfromlabel-pkcs11 label format

arun
This post has NOT been accepted by the mailing list yet.
Hello,

 I have been trying to create the dnskeys using dnssec-keyfromlabel-pkcs11, using bind-9.10.3-7.P2 with softhsm-2.0.0rc1-3 shipped with Fedora 24.

# pkcs11-keygen -a RSA -b 2048 -l sample_ksk
# pkcs11-list
Enter Pin:
object[0]: handle 2 class 3 label[10] 'sample_ksk' id[0]
object[1]: handle 3 class 2 label[10] 'sample_ksk' id[0]

# pkcs11-tokens
tokens:
TOKEN
        address=add
        slotID=0
        label=softhsm
        manufacturerID=SoftHSM project
        model=SoftHSM v2
        serialNumber=nnnnn
        supported operations=0x17e (RAND,RSA,DSA,DH,DIGEST,EC)

# dnssec-keyfromlabel-pkcs11 -v 9 -E /usr/lib64/pkcs11/libsofthsm2.so -a RSASHA256 -l sample_ksk -f KSK test
pk11.c:649: fatal error: pkcs_C_Login: Error = 0x000000A0

Aborted (core dumped)

Also tried to pass the pin-source

# dnssec-keyfromlabel-pkcs11 -v 9 -E /usr/lib64/pkcs11/libsofthsm2.so -a RSASHA256 -l pkcs11:label=sample_ksk?pin-source=file:/etc/token_pin -f KSK example.com
dnssec-keyfromlabel: fatal: failed to get key example.com/RSASHA256: no PKCS#11 provider

Any idea how to fix it?

Thanks,
Arun

Reply | Threaded
Open this post in threaded view
|

Re: dnssec-keyfromlabel-pkcs11 label format

arun
My bad, there was a newline /n character at the pin file.