X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.25
MIME-Version: 1.0
In-Reply-To: <rt-3.8.6-77135-1393439464-1454.35465-5-0@isc.org>
X-Spam-Status: No, score=-3.8 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD, SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.1
X-DCC--Metrics: post.isc.org 1282; Body=1 Fuz1=1 Fuz2=1
References: <RT-Ticket-35465@isc.org> <530E0424.1030407@redhat.com> <rt-3.8.6-58876-1393427518-850.35465-3-0@isc.org> <20140226160929.GC38980@isc.org> <rt-3.8.6-58876-1393430970-1947.35465-5-0@isc.org> <530E2021.5040409@redhat.com> <rt-3.8.6-77135-1393434674-1775.35465-4-0@isc.org> <20140226183103.GD38980@isc.org> <rt-3.8.6-77135-1393439464-1454.35465-5-0@isc.org>
Message-ID: <530F4825.7050304@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Organization: Red Hat
X-RT-Original-Encoding: utf-8
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id 456FC2D20051 for <bind9-bugs@bugs.isc.org>; Thu, 27 Feb 2014 14:14:14 +0000 (UTC)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id 64ECFC947D for <bind9-bugs@isc.org>; Thu, 27 Feb 2014 14:14:00 +0000 (UTC) (envelope-from pspacek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.pao1.isc.org (Postfix) with ESMTP for <bind9-bugs@isc.org>; Thu, 27 Feb 2014 14:14:00 +0000 (UTC) (envelope-from pspacek@redhat.com)
Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s1REDxo2001698 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <bind9-bugs@isc.org>; Thu, 27 Feb 2014 09:13:59 -0500
Received: from pspacek.brq.redhat.com (pspacek.brq.redhat.com [10.34.4.156]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s1REDvVQ002851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for <bind9-bugs@isc.org>; Thu, 27 Feb 2014 09:13:58 -0500
Delivered-To: bind9-bugs@bugs.isc.org
Subject: Re: [ISC-Bugs #35465] --enable-native-pkcs11 doesn't work with SoftHSM
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
Return-Path: <pspacek@redhat.com>
X-Original-To: bind9-bugs@bugs.isc.org
Date: Thu, 27 Feb 2014 15:13:57 +0100
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.pao1.isc.org
To: bind9-bugs@isc.org
Content-Transfer-Encoding: 7bit
From: Petr Spacek <pspacek@redhat.com>
RT-Message-ID: <rt-3.8.6-32680-1393510454-1243.35465-0-0@isc.org>
Content-Length: 1086

On 26.2.2014 19:31, Evan Hunt via RT wrote:
>> I tried BIND 9.10.0b1 with latest SoftHSM v2 and I have hit another problem:
>   [...]
>> $ dnssec-keyfromlabel -l test-ksk -f KSK -v 10 -a NSEC3RSASHA1 test.
>
> Take note of section 4.11.7 of the ARM: the format for labels changes
> when you're using native PKCS#11 mode.  They're now pkcs11: URI's.
> It'll be something like "pkcs11:object=test-ksk;pin-source=<filename>".
>
> The pin-source is optional. If you specify it, it's a file that contains
> the PIN, with no newline at the end, so:
>
>    $ echo -n "1234" > pinfile
>
> ...will work. Assuming your PIN is 1234, that is. Which, let's admit
> it, it probably is. ;)
>
> After building BIND, try this:
>
>    $ cd bin/tests/system
>    $ sudo sh ifconfig.sh up
>    $ sh run.sh pcks11
>
> ...if the test passes, then SoftHSM is working, and you can use
> the pkcs11 system test for guidance on how to get it working.
>
> We clearly need to work on better error messages.

The test passed so I can play with it a bit more. Thank you very much for your 
time!

-- 
Petr^2 Spacek