Comments (4)
decrypt aesccm will deliberately not let you decrypt wrapped keys, by using a slightly different format of the encrypted blob. The is also no tool available to unwrap keys. This is manly to discourage such usage, which would undermine the security of the keys. There is an external pull request (#323) that may do what you are looking for.
from yubihsm-shell.
decrypt aesccm will deliberately not let you decrypt wrapped keys, by using a slightly different format of the encrypted blob. The is also no tool available to unwrap keys. This is manly to discourage such usage, which would undermine the security of the keys. There is an external pull request (#323) that may do what you are looking for.
Thanks for those hints! The usecase behind this is simply having maximum freedom in managing your PKI since the wrapping (to my understanding) forces you to work with technologies that support it. But what if I wanna migrate to e.g. AWS Private CA later on? Currently this appears to be impossible with keys generated on the device.
from yubihsm-shell.
If you want that type of freedom you can simply generate the keys outside the HSM and import them instead.
from yubihsm-shell.
If you want that type of freedom you can simply generate the keys outside the HSM and import them instead.
That's exactly what I did now but I'd rather prefer keys generated inside a HSM. I know getting them out again might be a rather odd use case but overall his appears important to me (who knows what happens in the future?) and since external wrapping is possible it is just confusing that there's no counterpart (yet).
Anyway, thanks for all the infos here :)
from yubihsm-shell.
Related Issues (20)
- Signing keys need updating on website HOT 2
- Remote problem HOT 1
- the last changelog entry references wrong version HOT 1
- RFE: is it possible to start making github releases?🤔
- Changelog typo HOT 1
- Unable to import an asymmetric wrapping key? HOT 6
- Cannot generate RSA-OAEP key pair? HOT 3
- Error running keytool on windows with YubiHSM HOT 11
- AES CTR Encryption HOT 3
- Failed to store symmetric key: Invalid command HOT 4
- yubihsm-shell ignores env var YUBIHSM_PKCS11_CONF HOT 2
- "debug" option in config file explodes the shell HOT 5
- Yubihsm ran out of session after a while when using with pkcs11 module HOT 10
- Malformed data error when signing SHA3-384 with yh_util_sign_pkcs1v1_5 HOT 1
- 2.4.2: test suite fails in 12% units HOT 7
- Docker container cannot connect to yubihsm connector running on host on Ubuntu 22.04.3 LTS HOT 1
- Inquiry about YubiHSM 2 Authentication & Access control HOT 1
- Support for SHA3-* HOT 1
- [P11 - ERR 21:10:53.246143] util_pkcs11.c:4593 (parse_rsa_generate_template): Boolean truth check failed for attribute 0x1 [P11 - ERR 21:10:53.246154] yubihsm_pkcs11.c:5248 (C_GenerateKeyPair): Unable to parse generation template HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yubihsm-shell.