I am using the HSM for my keys and a common DKEK-share to backup/restore the keys on a different HSM. That works very well. During the creation of the DKEK a statement is given to keep a printout by “openssl -base64 -in <DKEK-file>”
Now I wonder , how I would use this printout ? From a logical point of view , I could imagine that
I create a file with the content of the printout
I do something with openssl to convert that file back to a *.pbe that could be used as a DKEK
load the DKEK in a new HSM
Is my thinking right ? And how would I convert the txt file back to a pbe ? ( ← what are the cmds ?
Hmm, I I understood the Theorie, but can we go more practical ?!
So the printout after above OpenSSL is „abc“ .
What’s next when I need to recover the DKEK share ?