[Opendnssec-user] SoftHSM devel list?
Andreas Schwier
andreas.schwier at cardcontact.de
Tue Jun 24 11:00:09 UTC 2014
> Also, I would like to add support for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP
> key wrapping mechanisms and I'm looking for guidance on this.
As written before, you can only wrap an asymmetric (private) key with a
symmetric key and a symmetric keys with an asymmetric (public) key.
If you want to transmit an asymmetric private key from one place to
another, then you need to
1. Generate a symmetric transport key
2. Wrap the transport key using the public key for encryption of the
recipient
3. Wrap the private signing key using the transport key
at the receiving side
4. Unwrap the transport key using the private key of the recipient's
encryption key
5. Unwrap the private signing key using the transport key.
Andreas
--
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 571 56149
--------- http://www.cardcontact.de
http://www.tscons.de
http://www.openscdp.org
http://www.smartcard-hsm.com
More information about the Opendnssec-user
mailing list