Nitrokey HSM and scalable key storage (SKS)

feanor · February 19, 2025, 8:35pm

Hi all,

I am looking for a solution to backup a private key safely from a Luna HSM onto a Nitrokey HSM. I guess without ever exposing the private key in plain.

I read on the Luna documentation that scalable key storage is the solution to be “Moving or copying objects from any HSM to any Luna HSM or any Luna HSM to any HSM”.

So, my question is whether Nitrokey HSMs support SKS or how else I could import the private key on to a Nitrokey HSM (without exposing the private key).

Thanks and best regards,
Michael

saper · February 21, 2025, 10:54pm

It seems to me that SKS is something pretty similar to DKEK feature of the Nitrokey HSM2, but of course one cannot expect that different HSMs can join the same key domain.

If I understand correctly, one can store the encrypted *.sim file basically anywhere. If one insists, that could be an unencrypted data file on Nitrokey HSM, subject to storage limitations.