July 31, 2023
2:23 p.m.
On 2023-07-31 at 14:53, Frederico A C Neves via ksk-rollover wrote:
From our experience besides admin interfaces, standard APIs for regular operations, generating keys, sign, verify etc... are available (PKCS#11/KMIP) from multiple vendors. But exporting/importing a key, specially with the no-export attribute set, among vendors is not available.
I concur; moving keys not marked as CKA_EXTRACTABLE (at time of generation) is generally not supported (due to FIPS requirements). jakob -- Jakob Schlyter Kirei AB - www.kirei.se