Yubico Forum

RSA key store
Page 1 of 1

Author:  Fredrik-at-Yubico [ Fri Apr 15, 2011 8:41 am ]
Post subject:  RSA key store

A use case suggested by a number of applicants to the YubiHSM beta program is to secure private RSA keys used in asymmetric encryption.

As can be read on the YubiHSM product page (under Use cases), there is currently only support for symmetric AES ECB encryption/decryption, and HMAC-SHA1 hashing (plus other unrelated features).

Just encrypting the RSA private key with AES will not provide very much added security since an attacker that gains access to the host with the YubiHSM could just ask the YubiHSM to decrypt the RSA key.

At this stage, we do not think you can achieve meaningful protection of RSA keys using the YubiHSM (but please prove us wrong =)), but we are listening to the feedback and potential use cases for the YubiHSM while refining our product roadmap.


Author:  offset [ Tue Jun 14, 2016 11:27 pm ]
Post subject:  Re: RSA key store

Would be interested in a HSM that supported RSA sign function with a flexible PIN policy that includes no PIN as an option.

Scenario would be automated code signing to protect the private key.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group