Menu
▾
▴
[Opensc-devel] How to retrieve RSA private key from wrapped key blob?
|
From: Ogorzalek, P. <prz...@wi...> - 2016-04-19 12:06:21
|
Hello, I wonder if it's possible to decrypt wrapped RSA private key downloaded from a smartcard? The key was generated and obtained by the following set of commands: sc-hsm-tool --create-dkek-share dkek/dkek-share-1.pbe sc-hsm-tool --create-dkek-share dkek/dkek-share-2.pbe sc-hsm-tool --initialize --dkek-shares 2 sc-hsm-tool --import-dkek-share dkek/dkek-share-1.pbe sc-hsm-tool --import-dkek-share dkek/dkek-share-2.pbe pkcs11-tool -l --pin 123456 --keypairgen --key-type rsa:2048 --id 11 --usage-sign sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 I know how to upload the key to a new card, but what if I want to change the technology stack and stop using smartcards in the future? Is there any way to reencrypt the RSA key to store it in file protected simply by a passphrase? Assume that I have both DKEK key shares and corresponding passwords, and I can perform the whole process in a designated secure room. I have also asked this question on superuser.com: http://superuser.com/questions/1066719/how-to-retrieve-rsa-private-key-from-wrapped-key-blob So if you can answer my question, the reputation is yours to get :) Best regards, Przemysław Ogorzałek |
