Nitrokey HSM only supports asymmetric algorithms (RSA and ECC). Nitrokey Pro supports RSA and AES, so you might be interested in this one.
BTW, the term “hybrid encryption” usually refers to scenarios where the asymmetric key can be stored in a device like Nitrokey and a symmetric algorithm (e.g. AES) is used to encrypt the payload data separately from the device. You can apply such scenario also with Nitrokey HSM.
If “generate keys for use with local AES” refers to the usage of Nitrokey’s TRNG, that could be applied too.
Ok thanks !
so, regarding Nitrokey_Pro_factsheet.pdf indicates 1 AES 256 bit :
Is it still possible (even if not advised) to extract this AES key in clear text OUT OF the HSM ?
I am new and playing with Nitrokey HSM and reading forum, thnaks in advance for your help
when you say “any of our models” you mean also the HSM one?
if you store the AES key as EF, does it mean that the smartcard inside the HSM can’t actually use the key for doing AES operation? is it just plain storage?
It is like a storage for the AES key, but not plain as in plaintext of course it is stored securely in the smartcard either way (no matter if Pro, Storage oder HSM). The AES key can not be used for decryption directly.