Unwrapping an exported wrapped key without device involvement

[GalaxyGorilla]

Hi! The title says it all ... is it possible somehow? The key was generated on the device. Of course the wrap key is known.

I can see that there is even an yubihsm-wrap tool to wrap stuff without a device, but there is no way I'm aware of to unwrap e.g. an exported wrapped key to get the actual sensitive key data.

I tried the decrypt aesccm command but that didn't work and resulted in Failed to decrypt data: Malformed command / invalid data. Note: this is not a capability problem I think since I can en- and decrypt other data.

Since the wrapped key is only dependent on the wrap key (and not the device) there must be a way, right?

[qpernil]

decrypt aesccm will deliberately not let you decrypt wrapped keys, by using a slightly different format of the encrypted blob. The is also no tool available to unwrap keys. This is manly to discourage such usage, which would undermine the security of the keys. There is an external pull request (#323) that may do what you are looking for.

[GalaxyGorilla]

decrypt aesccm will deliberately not let you decrypt wrapped keys, by using a slightly different format of the encrypted blob. The is also no tool available to unwrap keys. This is manly to discourage such usage, which would undermine the security of the keys. There is an external pull request (#323) that may do what you are looking for.

Thanks for those hints! The usecase behind this is simply having maximum freedom in managing your PKI since the wrapping (to my understanding) forces you to work with technologies that support it. But what if I wanna migrate to e.g. AWS Private CA later on? Currently this appears to be impossible with keys generated on the device.

[qpernil]

If you want that type of freedom you can simply generate the keys outside the HSM and import them instead.

[GalaxyGorilla]

If you want that type of freedom you can simply generate the keys outside the HSM and import them instead.

That's exactly what I did now but I'd rather prefer keys generated inside a HSM. I know getting them out again might be a rather odd use case but overall his appears important to me (who knows what happens in the future?) and since external wrapping is possible it is just confusing that there's no counterpart (yet).

Anyway, thanks for all the infos here :)