[ksk-rollover] Root Zone KSK Rollover and HSM Update
Jakob Schlyter
jakob at kirei.se
Mon Jul 31 14:23:06 UTC 2023
On 2023-07-31 at 14:53, Frederico A C Neves via ksk-rollover wrote:
> From our experience besides admin interfaces, standard APIs for
> regular operations, generating keys, sign, verify etc... are available
> (PKCS#11/KMIP) from multiple vendors. But exporting/importing a key,
> specially with the no-export attribute set, among vendors is not
> available.
I concur; moving keys not marked as CKA_EXTRACTABLE (at time of generation) is generally not supported (due to FIPS requirements).
jakob
--
Jakob Schlyter
Kirei AB - www.kirei.se
More information about the ksk-rollover
mailing list