[Opendnssec-develop] Make the keys extractable from HSM?

Roy Arends roy at nominet.org.uk
Tue Nov 24 08:40:05 UTC 2009

Rickard Bellgrim wrote on 11/24/2009 08:28:10 AM:

> Hi
> I remember a discussion we had in Utrecht regarding the wrapping 
> functions in PKCS#11. If a key is marked as extractable, you can 
> export the key encrypted and then import it into another HSM. You 
> must first have a shared symmetric key in each HSM.
> We currently have the extractable attribute set to false.
> We should still have the keys marked as sensitive, so that the key 
> material cannot be revealed in plain text. But my question is 
> whether we should have the key extractable or not?

By default, no. Default should be to have it not exportable. Flipping the 
'exportable bit' must also be a one way function. You can switch from 
exportable to not exportable, but not from not-exportable to exportable.

In general, keys only need to be exportable when an HSM roll is due. By 
that time, a key can be generated that is exportable.
> Just want to discuss this topic, so that we do not lock the user 
> down. Or is it better to protect against a potential threat of leaking 

IMHO it is not a mutual exclusive choice. We need to protect against a 
potential threat of leaking keys all the time, but only enable the user to 
export the key as an explicit conscious choice.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20091124/069c22a1/attachment.htm>

More information about the Opendnssec-develop mailing list