Re: Storing private key on tokens

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote:

On 27 Sep 2017, at 20:02, Michael Wojcik

The tokens / HSMs I've used don't let you generate a key somewhere
else and install it on the token. They insist on doing the key
generation locally. That is, after all, part of the point of using
a token - the key never leaves it.

I've found that the Feitian ePass2000's and the Yubico keys allow for
importing of the private key. They do usually want the 'extra' flags
to specify use:

FWIW, the TPM hardware also permits key import. It does validate attributes, so users will know that the key was not generated on chip.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux