-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Export private key #108
Comments
This defeats the purpose of using an HSM module. What would you need the private key in PEM format for? |
it's 100% possible - but you need to mark the key as exportable on creation in the HSM (or have imported it from elsewhere originally). default is always 'no' like @lfonosol said. there are vendor specific tools to back up and mirror keys on multiple HSM units. |
I created the below PR for the purpose of exporting keys but it has other uses too. Whilst the PR does not explicitly include key export, it provides a hook to inject custom PKCS11 code to wrap and export keys. Because not all HSMs are equal in capability (supported algorithms and key types) or configuration, you need to add custom code. You also need to think about whether you're attempting to access the key's plaintext or to export to another secure context via wrapping/encrypting the private key. |
okay i managed to export it onto plaintext and its succeed with my custom code. Thanks for answers |
it is possible to export the private key to pem object?
The text was updated successfully, but these errors were encountered: