Appendices¶
Compatible PKCS #11 Devices¶
This section has informative character. Knot DNS has been tested with several devices which claim to support PKCS #11 interface. The following table indicates which algorithms and operations have been observed to work. Please notice minimal GnuTLS library version required for particular algorithm support.
Key generate |
Key import |
ED25519 256-bit |
ECDSA 256-bit |
ECDSA 384-bit |
RSA 1024-bit |
RSA 2048-bit |
RSA 4096-bit |
|
|---|---|---|---|---|---|---|---|---|
yes |
no |
no |
no |
no |
yes |
yes |
no |
|
yes |
no |
no |
no |
no |
yes |
yes |
yes |
|
yes |
yes |
yes |
yes |
yes |
yes |
yes |
yes |
|
yes |
ECDSA only |
no |
yes |
yes |
yes |
yes |
yes |
|
yes |
RSA only |
no |
yes |
yes |
yes |
yes |
yes |
|
yes |
yes |
no |
yes |
yes |
yes |
yes |
yes |
