SmartCard HSM key handling question

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

SmartCard HSM key handling question


We have a number of the smartcard hsm for testing, for the moment they
working great.
One issue has been raised, that keys cannot be imported to the card.

I understand Andreas statement, that
"This has been done to ensure the randomness of private keys. The
SmartCard-HSM uses the internal random number generator which has been
and CC-certified (AIS31-K3/DRNG2 Level). "

Nonetheless, very unfortunately this makes migration of CA`s impossible.
CA certificates are valid typically around 30 years, and changing the CA
keys is very challenging (and costly), so issuing a new CA certificate
only because a new HSM installation is not feasible.
(beside that, keeping a physically secured paper copy of the CA keys are
also often required at larger organizations)

Of course this is an organizational-operational issue, but we need also
take this into account when using a HSM.

I am wondering if this issue is going to be addressed? What do you think?

Many thanks for you reply in advance,

Slashdot TV.  Videos for Nerds.  Stuff that Matters.
Opensc-devel mailing list
[hidden email]