New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Importing encrypted RSA and plain RSA private keys in SmartCard-HSM #3119
Comments
This operation is called unwrapping and is supported by PKCS#11. The code in sc-hsm driver has several mentions of "unwrap" so I believe this should work. You should be able to make some rough tests with pkcs11-tool (see |
I looked at the |
@popovec does that also mean for CreateObject call over PKCS11 interface? Importing key programaticaly with a template was giving me trouble, so I abandoned it. |
This question/issue interested me only for one reason, the only pkcs#11 implementation that supports unwrap/wrap in opensc is in card-myeid.c. What This has nothing to do with the |
sc-hsm-tool itself also has options for wrapping/unwrapping keys |
Bonjour Community,
I want to integrate SmartCard-HSM in a PKCS11 compliant network HSM for key escrow in such a way that i will generate RSA 2048 private keys of all users in HSM with export parameter on. HSM supports export of RSA 2048 private key (encrypted format ) through a wrap key or Key Encryption Key (KEK) of AES 128, 192 and 256 bits.
For my smart card users, i will export that RSA 2048 private key in encrypted format with a KEK from HSM and i want to import encrypted key in SmartCard-HSM.
Is it possible with this card to import encrypted RSA private keys through AES wrap key or plain private keys in SmartCard-HSM?
Cheers
Scotty
The text was updated successfully, but these errors were encountered: