I started writing a tool for converting a java keystore into DKEK-wrapped key files (This can be done manually with smart-card-shell now but only by actually importing it into an HSM which won’t be an option as I need to bulk import (wrap) many thousand keys at once from a legacy infrastructure.
I got this 90% working but I’m missing some information about one part of the ASN1 datastructure of those wrapped keyfiles. The .wky wrapped keyfiles will have the encrypted privatekey, then something called “Private Key Description” and finally the corresponding x509 certificate.
I can see that the PRKD data structure contains the keyalias, the key bitsize, and the keyid but there are other fields in there that I don’t really know what they do. And the whole structure is a bit unclear as well, why it’s nested that way. Is there any public code (or docs) where I can look up this data structure? I believe it’s neither in
sc-hsm-tool nor in
scsh which is what served me as a reference for this so far.
Here’s a good visualization of what I’m talking about: https://lapo.it/asn1js/#MCEwCgwIMGE4OWUyOWMwBwQBAgMCAnShCjAIMAIEAAICCAA (the prkd data)
@sc-hsm can you help here?