Hello, my boss bought a NitrokeyHSM (USB) for generating a key (or key pair) and then encrypt/decrypt other keys (or some text, let’s say 64 bytes). I have been searching and testing, but I haven’t found a way to do that and it’s not explicitly specified as a feature in Nitrokey’s website. Before I post the errors I’m getting on my tests, I’d like to know if this device is supposed to encrypt and decrypt with the RSA algorithm, or you can only sign/verify/authenticate?
No the HSM only stores the keys that it generates. Other programs are available for accessing the HSM to use the keys securely (unless Nitrokey has given this particular HSM a different behavior than other HSMs).
The Nitrokey Pro supports encryption/decryption of files.
As with every security token, you can use public keys for encryption (in your own software) and use your private keys stored in the Nitrokey HSM for decryption.