I am using the HSM for my keys and a common DKEK-share to backup/restore the keys on a different HSM. That works very well. During the creation of the DKEK a statement is given to keep a printout by “
openssl -base64 -in <DKEK-file>”
Now I wonder , how I would use this printout ? From a logical point of view , I could imagine that
- I create a file with the content of the printout
- I do something with openssl to convert that file back to a *.pbe that could be used as a DKEK
- load the DKEK in a new HSM
Is my thinking right ? And how would I convert the txt file back to a pbe ? ( <- what are the cmds ?