Nitrokey HSM Remote Key Attestation explained

For those interested in understanding Remote Key Attestation with a Nitrokey HSM, we’ve created a blog about that topic.

1 Like

Thank you, this is very good. I have some questions:

  1. Do I understand it correct that if another certificate (for example X.509) is imported for the key, the CVC is overwritten.

  2. Once the device identity changes during the firmware update, does this mean that the CVC need to be/will be regenerated when restoring the wrapped keys from the backup after the upgrade?

  3. Coming back to the group identity being bound to the issuing device problem, how can we retain the validity of the CVC chain if the device identity changes? Would that be possible to sign a group membership with a higher-level authority like DICA to create a “virtual device” instead?

Yes, the stored CVC is overwritten, following the logic that the public key is then certified by the issuing CA.

No, key attestation only happens during key generation. The latest version of the Key Manager will export and restore the full chain, so that attestation remains intact.

No, we will need to conserve the full certificate chain for key attestation, even if the device containing the key after a key restore if different from the original device (e.g. because of a firmware update with new id).

This has been added to the Key Manager when writing the .kdm or .kda file. If the group signer was imported the CVC chain from the key is used rather than the chain in the device.

The basic assurance “Key pair was generated on trusted device” holds true even after migrating the key to a new device.

1 Like