[Opendnssec-user] SoftHSM devel list?

Andreas Schwier andreas.schwier at cardcontact.de
Tue Jun 24 11:00:09 UTC 2014

> Also, I would like to add support for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP
> key wrapping mechanisms and I'm looking for guidance on this.

As written before, you can only wrap an asymmetric (private) key with a
symmetric key and a symmetric keys with an asymmetric (public) key.

If you want to transmit an asymmetric private key from one place to
another, then you need to

1. Generate a symmetric transport key
2. Wrap the transport key using the public key for encryption of the
3. Wrap the private signing key using the transport key

at the receiving side

4. Unwrap the transport key using the private key of the recipient's
encryption key
5. Unwrap the private signing key using the transport key.



    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de

More information about the Opendnssec-user mailing list