Appendices

Compatible PKCS #11 Devices

This section has informative character. Knot DNS has been tested with several devices which claim to support PKCS #11 interface. The following table indicates which algorithms and operations have been observed to work. Please notice minimal GnuTLS library version required for particular algorithm support.

Key generate

Key import

ED25519 256-bit

ECDSA 256-bit

ECDSA 384-bit

RSA 1024-bit

RSA 2048-bit

RSA 4096-bit

Feitian ePass 2003

yes

no

no

no

no

yes

yes

no

SafeNet Network HSM (Luna SA 4)

yes

no

no

no

no

yes

yes

yes

SoftHSM 2.0 [1]

yes

yes

yes

yes

yes

yes

yes

yes

Trustway Proteccio NetHSM

yes

ECDSA only

no

yes

yes

yes

yes

yes

Ultra Electronics CIS Keyper Plus (Model 9860-2)

yes

RSA only

no

yes

yes

yes

yes

yes

Utimaco SecurityServer (V4) [2]

yes

yes

no

yes

yes

yes

yes

yes