On 26.2.2014 19:31, Evan Hunt via RT wrote:
>> I tried BIND 9.10.0b1 with latest SoftHSM v2 and I have hit another problem:
>   [...]
>> $ dnssec-keyfromlabel -l test-ksk -f KSK -v 10 -a NSEC3RSASHA1 test.
>
> Take note of section 4.11.7 of the ARM: the format for labels changes
> when you're using native PKCS#11 mode.  They're now pkcs11: URI's.
> It'll be something like "pkcs11:object=test-ksk;pin-source=<filename>".
>
> The pin-source is optional. If you specify it, it's a file that contains
> the PIN, with no newline at the end, so:
>
>    $ echo -n "1234" > pinfile
>
> ...will work. Assuming your PIN is 1234, that is. Which, let's admit
> it, it probably is. ;)
>
> After building BIND, try this:
>
>    $ cd bin/tests/system
>    $ sudo sh ifconfig.sh up
>    $ sh run.sh pcks11
>
> ...if the test passes, then SoftHSM is working, and you can use
> the pkcs11 system test for guidance on how to get it working.
>
> We clearly need to work on better error messages.

The test passed so I can play with it a bit more. Thank you very much for your 
time!

-- 
Petr^2 Spacek