On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote:
On 27 Sep 2017, at 20:02, Michael Wojcik
The tokens / HSMs I've used don't let you generate a key somewhere
else and install it on the token. They insist on doing the key
generation locally. That is, after all, part of the point of using
a token - the key never leaves it.
I've found that the Feitian ePass2000's and the Yubico keys allow for
importing of the private key. They do usually want the 'extra' flags
to specify use:
FWIW, the TPM hardware also permits key import. It does validate
attributes, so users will know that the key was not generated on chip.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users