The one place for your designs
To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.
Add helpful hints to the ARM about generating pin files for HSMs when using BIND build with --enable-native-pkcs11
It may not be true of all HSM providers and their PKCS#11 lib, but in at least one instance we've encountered, how you generate the pin file is very significant - having a trailing newline or similar will make the difference between the pin being accepted or the authentication failing.
Examples of how to generate an HSM pin file without a newline:
$ echo -n 1234 > hsmpin
or
$ printf 1234 > hsmpin
Easily verified as being clean of any additional characters using wc:
$ wc -l < hsmpin
0or
$ wc < hsmpin
0 1 4(The wc order of output always takes the form of line, word,byte, and file name.)
For comparison, this is a pin file that was not accepted by an HSM because 'echo' without -n adds the newline by default in this particular test environment:
$ echo 1234 > hsmpin
$ wc -l < hsmpin
1
$ wc < hsmpin
1 1 5(From Support ticket #14117 )