Menu
▾
▴
Re: [Opensc-devel] How to retrieve RSA private key from wrapped key blob?
|
From: Andreas S. <and...@ca...> - 2016-04-19 12:19:13
|
Dear Przemysław, if you register at the CardContact Developers Network, you can download the SDK [1]. It contains a class DKEK.js which can be used to decrypt and dump the key blob. Andreas [1] https://devnet.cardcontact.de/attachments/download/55/sc-hsm-workspace-20160229.zip On 04/19/2016 02:03 PM, Ogorzalek, Przemyslaw wrote: > Hello, > > I wonder if it's possible to decrypt wrapped RSA private key downloaded from a smartcard? The key was generated and obtained by the following set of commands: > > sc-hsm-tool --create-dkek-share dkek/dkek-share-1.pbe > sc-hsm-tool --create-dkek-share dkek/dkek-share-2.pbe > > sc-hsm-tool --initialize --dkek-shares 2 > sc-hsm-tool --import-dkek-share dkek/dkek-share-1.pbe > sc-hsm-tool --import-dkek-share dkek/dkek-share-2.pbe > pkcs11-tool -l --pin 123456 --keypairgen --key-type rsa:2048 --id 11 --usage-sign > sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 > > I know how to upload the key to a new card, but what if I want to change the technology stack and stop using smartcards in the future? Is there any way to reencrypt the RSA key to store it in file protected simply by a passphrase? > > Assume that I have both DKEK key shares and corresponding passwords, and I can perform the whole process in a designated secure room. > > I have also asked this question on superuser.com: http://superuser.com/questions/1066719/how-to-retrieve-rsa-private-key-from-wrapped-key-blob > So if you can answer my question, the reputation is yours to get :) > > Best regards, > Przemysław Ogorzałek > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- --------- CardContact Systems GmbH |.##> <##.| Schülerweg 38 |# #| D-32429 Minden, Germany |# #| Phone +49 571 56149 |'##> <##'| http://www.cardcontact.de --------- Registergericht Bad Oeynhausen HRB 14880 Geschäftsführer Andreas Schwier |
