I am a little bit confused about how many keys are storable inside the Nitrokey HSM 2:
Info from the Website: Nitrokey HSM 2 | www.nitrokey.com
Speicherkapazität: 76 KB EEPROM insgesamt, max. 150 x ECC-521 Schlüssel, max. 300 x ECC/AES-256 Schlüssel, max. 19 x RSA-4096 Schlüssel, max. 38 x RSA-2048 Schlüssel, max. 65536 Datenobjekte
Info from the Datasheet: https://www.nitrokey.com/files/doc/Nitrokey_HSM_Infoblatt.pdf
Speicherkapazität: 76 KB EEPROM insgesamt, max. 35 x ECC-521 Schlüssel, max. 55 x ECC/AES-256
Schlüssel, max. 27 x RSA-4096 Schlüssel, max. 55 x RSA-2048 Schlüssel, max. 65536 Datenobjekte
There is 76KB if non-volatile memory available:
How many data objects does a key need?
AES256: 32 data objects
RSA-2048: 256 data objects
Can I also store only RSA-2048 + AES256 Keys? Is the the maximum still 55 RSA-2048 and 55 AES-256.
Is the number of storable keys additive? ( 35 x ECC-521 + 55 x ECC/AES-256
27 x RSA-4096 S+ 55 x RSA-2048 + 65536 Datenobjekte)
As far as I know the non-volatile memory is shared among all key types and objects, hence the calculated maximum counts. There is some overhead for metadata as well (name, type, etc.), so it is not a raw secret key storage only.
@simon Can you check please, which of the calculations is correct?
Just for my understanding: The Nitrokey HSM 2 has 65536 data objects, so it is possible to store 65536 RSA-4096 certificates? But It only has 76KB of EEPROM data.
This is my assumption:
I have an application which needs 3 RSA-4096 certificats and one AES256 key. How many of this bundle of keys can I store on the Nitrokey HSM 2?
In your case, ignore the 65536 data objects but just focus on the max. possible keys. It would be at least 27/4=6 combinations of 3xRSA4096 + 1xAES256 each. To get the exact number you would need to test it.