The Key Manager in the Smart Card Shell now supports file encryption using a Nitrokey-HSM.
There are three modes to choose from:
Native - Encrypt using an AES key on the device.
Derived - Encrypt using an AES key derived from an AES master key on the device.
Hybrid - Encrypt using an AES key resulting from a key agreement with an EC key pair.
So far this is a Proof-of-Concept to validate encryption algorithms and the file format.
If there is demand from Nitrokey-HSM users, then we will develop a command line tool as part of the sc-hsm-embedded project.
Feedback welcome.