Hi, I am trying to import an AES key on a HSM configured with the N of M threshold scheme. The key was generated by another HSM, so at first I am trying to encrypt the key with the DKEK. I could export the DKEK and I do have the N password shares required to decrypt it, but I don’t know how it was encrypted. I assume a Shamir’s Secret Sharing is used… I tried the encodeAESKey() function on SCSH3, but it didn’t work so I guess I need to re-import the DKEK shares at first like in the importAES.js script. And I also found the decryptKeyShare(password, keyshare) function but as I am using the N of M threhold, it is not usefull.
Thank you for you reply, but I don’t want to do a back up, I would like to import a key that was not generated by a Nitrokey in the Nitrokey. My question is how to wrap the key ?
What are the devices’ firmware versions you are working on? I mean the previous one (where the key was exported from) and the new one (to import to).
Used SCSH3 version.
I was under impression, that it should work after initializing the device and importing DKEK shares. @sc-hsm Do you see any solution after a brief look?
I don’t know where the key was exported from. I store it in a computer and I would like to import it in a Nitrokey HSM 2.
I am using the latest stable version of scsh3 : 3.17.453.