-
Type:
Support
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: SoftHSM 1.3.4, SoftHSM 1.x develop, SoftHSM 2.x develop
-
Fix Version/s: None
-
Component/s: PKCS#11 Interface
-
Labels:None
As a newbie to PKCS#11-using software, and while trying to form an
understanding of the required steps to operate an OpenDNSSEC installation
using SoftHSM, I'm left with many unanswered questions on SoftHSM.
The wiki documentation says in step 5 under "Installation", "Initialize your
tokens", and speaks of SO PIN and user PIN codes. However, nothing is said
about the operational significance of any of these information elements. So...
1) Are some of the keys stored in SoftHSM "special"? (My guess is "no")
2) Why does the "token" need initialization as a separate operation?
3) What are the PINs? When will they be needed? Do you specify (some of
them?) to OpenDNSSEC via a configuration file, or must they be
manually specified when starting OpenDNSSEC?
4) What are the security considerations one needs to take with the PINs?
What are the rules for forming the PINs? Should they be "guareded with
your life"?
I guess these are just the start of my confusion...