Welcome to OpenDNSSEC

The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

The latest news about OpenDNSSEC can be found below!


Version of OpenDNSSEC has now been released.


  • Support for RFC5011 style KSK rollovers. KSK section in the KASP now accepts element.
  • Enforcer: New repository option allows to generate keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped and extracted from HSM.


  • SUPPORT-145: EOF handling an ARM architecture caused signer to hang.
  • Fixed signer hitting assertion on short reply XFR handler.
  • Include revoke bit in keytag calculation.
  • Increased stacksize on some systems (thanks Patrik Lundin!).
  • Stop ods-signerd on SIGINT.


  • By error 1.4.8 did not include database migration scripts for upgrading existing installations. resolves this issue.


SoftHSM 2.0.0

Version 2.0.0 of SoftHSM has been released. More updates and bug fixes can be found in the alpha and beta release notes.


  • SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal.
  • Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms. (Patch from Thomas Calderon

Bug fixes:

  • SOFTHSM-120: Segfault after renaming variables.



SoftHSM 2.0.0b3

Version 2.0.0b3 of SoftHSM has been released.


  • SOFTHSM-113: Support for Botan 1.11.15
  • SOFTHSM-119: softhsm2-util: Support ECDSA key import (Patch from Magnus Ahltorp)
  • SUPPORT-139: Support deriving generic secrets, DES, DES2, DES3, and AES. Using DH, ECDH or symmetric encryption.


  • SOFTHSM-108: A marked as trusted certificate cannot be imported.
  • SOFTHSM-109: Unused parameter and variable warnings.
  • SOFTHSM-110: subdir-objects warnings from autoreconf.
  • SOFTHSM-111: Include FIPS-NOTES.md in dist.
  • SOFTHSM-112: CKM_AES_KEY_WRAP* conflict in pkcs11.h.
  • SOFTHSM-114: Fix memory leak in a test script.
  • SOFTHSM-115: Fix static analysis warnings.
  • SUPPORT-154: A marked as non-modifiable object cannot be generated.
  • SUPPORT-155: auto_ptr is deprecated in C++11, use unique_ptr.
  • SUPPORT-157: Derived secrets were truncated after encryption and could thus not be decrypted.
  • Mutex should call MutexFactory wrapper functions. (Patch from Jerry Lundström)
  • Return detailed error message to loadLibrary(). (Patch from Petr Spacek)