I'm using PKCS11 network HSM (Safenet). I have data which is encrypted under key #1. I want to use HSM to protect it securely under key #2 without ever exposing data in plaintext outside HSM. Both key #1 and key #2 are available to me as handles from HSM. I know that for wrapped keys it's easy to translate protection to different wrapping key - if you have wrapped key, just unwrap with one key and wrap with another. Is it possible with data?
Asked
Active
Viewed 96 times
0
-
1I already answered here: https://stackoverflow.com/a/53310211/3325704 – jariq Apr 15 '21 at 16:56
-
1See [here](https://stackoverflow.com/q/57265305/5128464) as well... – vlp Apr 16 '21 at 02:04
-
Thanks, I also had an idea (workaround) that I could just treat data as a key. Was planning to extend data to AES key size but I see that generic secret is probably a better solution as in link provided. Will try to use that. – jozols Apr 16 '21 at 10:08