Git Product home page Git Product logo

Comments (4)

qpernil avatar qpernil commented on July 29, 2024 1

decrypt aesccm will deliberately not let you decrypt wrapped keys, by using a slightly different format of the encrypted blob. The is also no tool available to unwrap keys. This is manly to discourage such usage, which would undermine the security of the keys. There is an external pull request (#323) that may do what you are looking for.

from yubihsm-shell.

GalaxyGorilla avatar GalaxyGorilla commented on July 29, 2024

decrypt aesccm will deliberately not let you decrypt wrapped keys, by using a slightly different format of the encrypted blob. The is also no tool available to unwrap keys. This is manly to discourage such usage, which would undermine the security of the keys. There is an external pull request (#323) that may do what you are looking for.

Thanks for those hints! The usecase behind this is simply having maximum freedom in managing your PKI since the wrapping (to my understanding) forces you to work with technologies that support it. But what if I wanna migrate to e.g. AWS Private CA later on? Currently this appears to be impossible with keys generated on the device.

from yubihsm-shell.

qpernil avatar qpernil commented on July 29, 2024

If you want that type of freedom you can simply generate the keys outside the HSM and import them instead.

from yubihsm-shell.

GalaxyGorilla avatar GalaxyGorilla commented on July 29, 2024

If you want that type of freedom you can simply generate the keys outside the HSM and import them instead.

That's exactly what I did now but I'd rather prefer keys generated inside a HSM. I know getting them out again might be a rather odd use case but overall his appears important to me (who knows what happens in the future?) and since external wrapping is possible it is just confusing that there's no counterpart (yet).

Anyway, thanks for all the infos here :)

from yubihsm-shell.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.