Hi,
We want to use Nitrokey HSM2 for code signing. Does the it support generation of rsa-pkcs#1.5. We want to use the generated private key as part of code signing process. How to extract the private key from Nitrokey HSM2?

Thanks,
J. Chandra Sekhar

Hi!
Yes, rsa-pkcs#1.5 is supported. The private key can’t be extracted in clear text. To prevent such extraction is the whole purpose of a HSM. Instead you could do an encrypted backup.

Hi Jan,
Thanks for your reply.
In our application we would be using the private & public key generated by Nitrokey HSM2, for signing the SWUpdate image using openssl.

1. Please suggest us the ways to get the private key in encrypted form, is there way to decrypt that key outside.
2. Is there any way Signing the image with rsa-pkcs#1.5 in HSM2 itself:
   openssl dgst -sha256 -sign priv.pem sw-description > sw-description.sig

Thanks,
J. Chandra Sekhar

Hi!
Please take a look at following post and the whole topic:

• Signtool usage with Nitrokey HSM

Regarding backup, guide is available in our documentation (see Support in top-right corner):

• https://www.nitrokey.com/documentation/applications#p:nitrokey-hsm&a:n-of-m-schemes