According to RFC3110 "Leading zero octets are prohibited in the
exponent and modulus."
It seems the underlying PKCS#11 library (opencryptoki) is returning the
wrong value (with leading zero octets). hsm_get_key_rdata should make sure the data returned is sane, without padding.
- relates to
-
SUPPORT-21 hsm_get_key_rdata produces wrongly encoded DNSKEYs
-
- Closed
-