@nitrokey Ehhh.. Isn't the whole point of an HSM to protect the key? https://raymii.org/s/articles/Decrypt_NitroKey_HSM_or_SmartCard-HSM_private_keys.html … does this need a CVE?
I can't see why this should be treated as a vulnerability, it's documented feature and w/o DKEK you can't export
-
-
ah ok, so it is possible to create keys on the device that cannot be exported, ever?
-
yes, afaik when no DKEK is set at initialisation then private keys can never be exported
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.