Export private Key from NitroKey HSM2


With the PKCS11Admin Tool I was not able to export the private key, it gave me an error that the function has not been implemented.
What are the prerequisites for that?

THank you!

You are not supposed to be able to export the private key from the HSM. That’s kind of a point of a hardware security module.

You can make a back up of a key generated on the HSM2 though.

The whole content of a HSM is backupable with DKEK, correkt?

Yes you can export the key material as wrapped files encrypted by the device key encryption key. If you have prepared the DKEK in advance, it is possible to restore them on another HSM2 device.
If not, only on the same one (since only your device knows the key).