Links
OpenDNSSEC Developer Wiki
OpenDNSSEC Documentation
SoftHSM Developer Wiki
SoftHSM Documentation
Current location:
Page History
| Section | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
General
- Must be a library that can be linked with other software.
- Must implement the PKCS#11 interface v2.20, specified by RSA Labratories.
- Must be licensed under a BSD license.
- Must use a cryptographic library that is licensed under BSD.
- The user must be able to specify the number of tokens to use and its corresponding slots.
- Should keep a log of important events.
Algorithms
- Must handle RSA, SHA1, and SHA256.
- Should handle RIPEMD160, SHA384, and SHA512.
Key management
- Must be able to protect the keys by using a PIN via the PKCS#11 interface.
- Must be possible to do backup of the keys.
- Must be able to manage 1000 1024-bit RSA key pairs.
Key generation
- Must be able to generate RSA keys of length 1024 and 2048 bits.
- Should be able to generate RSA keys of length greater than 512 bits, but limited to maximum 4096.
- The user must be able to specify the exponent when generating the RSA keys.
Sessions
- Must handle at least 2048 concurrent sessions.
Functions
- Must be able to create a hash with a given algorithm.
- Must be able to sign with a given algorithm.
- Should be able to verify with a given algorithm.
Support program: softhsm
- Must be able to initialize a token with SO PIN, user PIN, and label.
- Must be able to show which tokens that are available.
- Must be able to import/export RSA keys in PKCS#8 format.
- Must handle both encrypted and unencrypted PKCS#8 files.
Support program: softhsm-keyconv
- Must be able to convert from BIND .private format to PKCS#8.
- Must be able to convert from PKCS#8 format to BIND .private and .key format.
- Must handle both encrypted and unencrypted PKCS#8 files.
- Must support the algorithms: RSAMD5, DSA, RSASHA1, DSA-NSEC3-SHA1, RSASHA1-NSEC3-SHA1, RSASHA256, RSASHA512
Overview
Content Tools