tag:blogger.com,1999:blog-4243055206327689863.post4041992696424225309..comments2023-05-17T08:24:05.884-07:00Comments on Nick's Blog: Key Wrapping with HSMsNickhttp://www.blogger.com/profile/10500722547077537044noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4243055206327689863.post-57581173573360281952015-11-29T22:30:20.287-08:002015-11-29T22:30:20.287-08:00That is all true in the abstract, but in the concr...That is all true in the abstract, but in the concrete implementation of PKCS11 on an HSM (from Utimaco), there are restrictions on the templates that you're allowed to use for unwrapping keys. In this particular instance, it's impossible to unwrap a key and have it not be sensitive.<br /><br />Of course, it's up to the implementation to add restrictions like this, as there's Nickhttps://www.blogger.com/profile/10500722547077537044noreply@blogger.comtag:blogger.com,1999:blog-4243055206327689863.post-88556665443404356392015-11-29T15:22:58.039-08:002015-11-29T15:22:58.039-08:00I realize this is an old blog entry, but I'm p...I realize this is an old blog entry, but I'm posting this comment because I was planning to follow this advice until I did further research on the subject.<br /><br />Unfortunately, there appears to be a number of vulnerabilities when using PKCS#11 in this manner. PKCS#11 specifies a series of security mechanisms based on key attributes that dictate how keys can be used, whether they can be Anonymousnoreply@blogger.com