Showing only posts in DNSSEC. Show all posts.

DNSSEC/Requirements

DNSSEC Requirements

Questions

  • Should we even support SHA-1?
  • GOST?

Must implement

Target DNSSEC Algorithms:

  • RSA/SHA-256 (RFC 5702)
  • RSA/SHA-512 (RFC 5702)

Algorithms:

  • Hash: SHA-256
  • Hash: SHA-512
  • Sign: RSA

Required PKCS11 Mechs:

  • CKM_RSA_PKCS_KEY_PAIR_GEN
  • CKM_SHA256_RSA_PKCS
  • CKM_SHA512_RSA_PKCS
  • CKM_RSA_PKCS (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)
  • CKM_SHA256
  • CKM_SHA512

Should implement

Target …

DNSSEC signing using OpenDNSSEC and a Cryptech alpha board rev03

Before you start, you'll need

  • A Cryptech Alpha board, preferrably revision "rev03"
  • APT on the host system configured to find packages in the Cryptech repository, see BinaryPackages for instructions
apt-get install cryptech-alpha opendnssec opensc
          

Once you have the software package installed, you may need to upgrade your HSM's firmware.

Configure …