Good evening, we've created a pull request towards OpenSC/staging for adding the SmartCard-HSM tool (sc-hsm-tool).
Using version 0.17 or higher, the SmartCard-HSM provides for a key wrap / unwrap mechanism that allows to securely export and import card generated keys. Key values are encrypted under a 256-bit AES Device Key Encryption Key (DKEK) and saved to file with key description and optional certificate. From such a file, the key can be recreated in a SmartCard-HSM that has been set-up with the same DKEK. Using this mechanism, one can securely backup keys or migrate keys between different SmartCard-HSMs. This increases the capacity of the device, as infrequently used keys can be exported and archived externally. It also provides for redundancy and load balancing if keys are replicated in a cluster of SmartCard-HSMs. The DKEK can be recreated from a defined number of key shares. Such key shares are created with sc-hsm-tool and saved to file using password based encryption. Kind regards, Andreas -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel