SmartCard HSM key handling question

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SmartCard HSM key handling question

Marc
Hi,

We have a number of the smartcard hsm for testing, for the moment they
working great.
One issue has been raised, that keys cannot be imported to the card.

I understand Andreas statement, that
"This has been done to ensure the randomness of private keys. The
SmartCard-HSM uses the internal random number generator which has been
and CC-certified (AIS31-K3/DRNG2 Level). "

Nonetheless, very unfortunately this makes migration of CA`s impossible.
CA certificates are valid typically around 30 years, and changing the CA
keys is very challenging (and costly), so issuing a new CA certificate
only because a new HSM installation is not feasible.
(beside that, keeping a physically secured paper copy of the CA keys are
also often required at larger organizations)

Of course this is an organizational-operational issue, but we need also
take this into account when using a HSM.

@Andreas:
I am wondering if this issue is going to be addressed? What do you think?

Many thanks for you reply in advance,
Regards
Marc

------------------------------------------------------------------------------
Slashdot TV.  Videos for Nerds.  Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel