Nitrokey HSM 2, AES mode

Hi, I would like to know which mode of AES is used in order to encrypt the keys on the Nitrokey HSM 2. The factsheet only mentions "Encrypted backups: AES-256 ".
Thanks in advance.

Hi @eme!

I believe this is regarding the key backup using DKEK. On the Nitrokey HSM secret material is stored on the secure HSM smart card with anti-tampering solutions. I do not know how the data is organized there unfortunately.

1 Like

Key material exported from the device under a KEK is encrypted with AES-CBC, with a AES-CMAC protecting integrity. Each encrypted key blob has a random prefix for freshness.

If you install the Smart Card Shell, then in scsh/sc-hsm/DKEK.js you find a terminal side implementation of the scheme. You can use the DKEK class to wrap key material for import or unwrap key material after export (if you know the DKEK, of course).

Thank you !