Good evening,
we've created a pull request towards OpenSC/staging for adding the
SmartCard-HSM tool (sc-hsm-tool).
Using version 0.17 or higher, the SmartCard-HSM provides for a key wrap
/ unwrap mechanism that allows to securely export and import card
generated keys. Key values are encrypted under a 256-bit AES Device Key
Encryption Key (DKEK) and saved to file with key description and
optional certificate. From such a file, the key can be recreated in a
SmartCard-HSM that has been set-up with the same DKEK.
Using this mechanism, one can securely backup keys or migrate keys
between different SmartCard-HSMs. This increases the capacity of the
device, as infrequently used keys can be exported and archived
externally. It also provides for redundancy and load balancing if keys
are replicated in a cluster of SmartCard-HSMs.
The DKEK can be recreated from a defined number of key shares. Such key
shares are created with sc-hsm-tool and saved to file using password
based encryption.
Kind regards,
Andreas
--
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 571 56149
--------- http://www.cardcontact.de
http://www.tscons.de
http://www.openscdp.org
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
