Hello,
just to have your opinion.
I am searching a device to stock 5 AES-128 symmetric or private keys.
Those keys have to be created or imported on the device, but should be exporter or imported using a XKEK, to be able to be also used on other type of device, so with an XKEK.
What item matches the best this requirements ?
Thank you all and have a nice we !
Tayfun
1 Like
tkalkanci:
I am searching a device to stock 5 AES-128 symmetric or private keys.
Those keys have to be created or imported on the device, but should be exporter or imported using a XKEK, to be able to be also used on other type of device, so with an XKEK.
Hi!
Nitrokey HSM 2 should complete these requirements. It supports XKEK, and can store 38 RSA keys or 300 ECC keys. Here is the Nitrokey HSM 2 factsheet .
From your other posts I see you have tested it already, but it has not worked for some of your cases. Let me response in proper topics.
Edit: AES keys might not be supported though . Here is supported algorithms reference table .
Edit: According to the HSM vendor, AES is supported: SmartCard-HSM Features .
Hello szszszsz, thank you.
Yes, I am trying with a HSM 2, but did not yet make it work. With your confirmation, I will try a little longer…
Hello szszszsz,
indeed, it seems to be the one.
I have still to have the XKEK work, but the rest is fine.
Thank you.
Hi!
Great!
About XKEK, I am not aware of any documentation unfortunately. I would search however either on HSM vendor pages, or through his CDN / support channels. In case you would find it please let me know.
cc: @sc-hsm Could you direct to the XKEK documentation?
Better XKEK documentation would be perfect! XKEK would solve some still existing drawbacks …
I asked already about XKEK here: Key Exchange between two or more NitroKey HSM2 with XKEK
There seems to be low-level documentation at CDN. But I didn’t find any examples so far.
Yes, I read this, and agree with you.
In the “AGD_SmartCard-HSM_V3.1rc1_User_Manual” we can find how to use it, but this is not trivial and has no examples…