On 24.6.2014 12:00, Andreas Schwier wrote:
Also, I would like to add support for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP
key wrapping mechanisms and I'm looking for guidance on this.
As written before, you can only wrap an asymmetric (private) key with a
symmetric key and a symmetric keys with an asymmetric (public) key.
If you want to transmit an asymmetric private key from one place to
another, then you need to
1. Generate a symmetric transport key
2. Wrap the transport key using the public key for encryption of the
recipient
My understanding is that for step 2 I need something like CKM_RSA_PKCS_OAEP,
right?
The problem is that C_WrapKey in SoftHSM v2 doesn't support any asymmetric
algorithm for key wrapping. That is the reason why I asked for guidance while
implementing it :-)
Do you have any specific recommendation on that?
Thank you!
--
Petr Spacek @ Red Hat
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
