At the end of November last year awesome crew from AT&T organized a hackathon about various aspects of smart technology. They have a long tradition in organizing those and they are really good at it. We spoke at various conferences with them and they asked us whether we would be interested in joining as we have interesting hardware to lend contestants and also developers skilled in various areas that could help the attendees to overcome various issues. We jumped on board right a way!
Knot DNS 2.1 introduced support for DNSSEC signing using PKCS #11. PKCS #11 (also called Cryptoki) is a standard interface to access various Hardware Security Modules (HSM). Such devices are usually used to improve protection of private key material. The interface is rather flexible and gives the HSM vendors huge amount of freedom, which unfortunately makes its use a bit tricky. There are often surprising differences between individual implementations.
Since you’re reading this, you probably know Lua, the world’s most infuriating language. If not, hop on to Lua in 15 minutes to get the basics right. Now there are two types of use cases where Lua shines – as a tiny script/configuration language, and for high-performance data processing (with JIT). I went through both of them with kresd, and wrote down some notes.