I have a cryptographic device that supports the following mechanisms:
How I could securely import RSA private key into it? Because there is no support for wrap/unwrap using symmetric key is there any other way?
Could it be used CKM_RSA_PKCS or CKM_RSA_X_509 to unwrap private key to device? If so, how?
Because:
The RSA algorithm can only encrypt data that has a maximum byte length of the RSA key length in bits divided with eight minus eleven padding bytes, i.e. number of maximum bytes = key length in bits / 8 - 11.
I think that these mechanism wouldn't be import 4096 bit private key either.
What would you suggest?
My idea is to get RSA key pair generated on one HSM and then export it to another cryptographic device.
