Re: RSA key store

2016-06-14T23:27:17+01:00

Would be interested in a HSM that supported RSA sign function with a flexible PIN policy that includes no PIN as an option.

Scenario would be automated code signing to protect the private key.

Statistics: Posted by offset — Tue Jun 14, 2016 11:27 pm

RSA key store

2011-04-15T08:41:54+01:00

A use case suggested by a number of applicants to the YubiHSM beta program is to secure private RSA keys used in asymmetric encryption.

As can be read on the YubiHSM product page (under Use cases), there is currently only support for symmetric AES ECB encryption/decryption, and HMAC-SHA1 hashing (plus other unrelated features).

Just encrypting the RSA private key with AES will not provide very much added security since an attacker that gains access to the host with the YubiHSM could just ask the YubiHSM to decrypt the RSA key.

At this stage, we do not think you can achieve meaningful protection of RSA keys using the YubiHSM (but please prove us wrong =)), but we are listening to the feedback and potential use cases for the YubiHSM while refining our product roadmap.

/Fredrik

Statistics: Posted by Guest — Fri Apr 15, 2011 8:41 am

Yubico Forum

Re: RSA key store

RSA key store