Appendices¶

Compatible PKCS #11 Devices¶

This section has informative character. Knot DNS has been tested with several devices which claim to support PKCS #11 interface. The following table indicates which algorithms and operations have been observed to work. Please notice minimal GnuTLS library version required for particular algorithm support.

	Key generate	Key import	ED25519 256-bit	ECDSA 256-bit	ECDSA 384-bit	RSA 1024-bit	RSA 2048-bit	RSA 4096-bit
Feitian ePass 2003	yes	no	no	no	no	yes	yes	no
SafeNet Network HSM (Luna SA 4)	yes	no	no	no	no	yes	yes	yes
SoftHSM 2.0 1	yes	yes	yes	yes	yes	yes	yes	yes
Trustway Proteccio NetHSM	yes	ECDSA only	no	yes	yes	yes	yes	yes
Ultra Electronics CIS Keyper Plus (Model 9860-2)	yes	RSA only	no	yes	yes	yes	yes	yes
Utimaco SecurityServer (V4) 2	yes	yes	no	yes	yes	yes	yes	yes

1: Algorithms supported depend on support in OpenSSL on which SoftHSM relies. A command similar to the following may be used to verify what algorithms are supported: $ pkcs11-tool --modul /usr/lib64/pkcs11/libsofthsm2.so -M.
2: Requires setting the number of background workers to 1!

Appendices¶

Compatible PKCS #11 Devices¶

Table of Contents

Previous topic

This Page