Nitrokey HSM 2, initialization and DKEK

I don’t understand how DKEK shares generating works. I have two HSMs. Let’s assume that I issued “sc-hsm-tool -X -s 2”. This means that two DKEK shares are required. But then I can create 3, 4 or I assume 100 shares using “sc-shm-tool -C share.pbe” and use e.g. 4th and 6th to init my token. This basically means that all shares are either identical internally or it doesn’t really matter which I pass as a share, it is just number of shares that is important. Of course I assume that the same shares must be imported into second HSM if I want to import secrets exported from first HSM.

So how is it? Why isn’t number of shares controlled by sc-hsm-tool? Documentation suggests that token IS used during share generation, so why isn’t it used to control how many shares are created?


You can create a many shares as you like. What matters is which two shares you import after “sc-hsm-tool -X -s 2”.

In a typical key management scenario, you would request two key custodians to create a private DKEK share. Then you initialize the device and pass it to the first key custodian for importing his share. After that the next key custodian imports his own share. The device will then create the final DKEK by XORing the two DKEK shares.

So is it right to say that each share is basically random number encrypted using password provided from the command line?

Yes, that is correct.

Thank you, that makes it much clearer.