2

I am building a solution to store keys and encrypt\decrypt data using an HSM. I am using a network HSM manufactured by Thales. The thing I have noticed is that a key generated in client machine 1 is inaccessible in client machine 2. The key can only be used to encrypt\decrypt data in client machine 1. Is there any thing that needs to be changed in my implementation or is there something to be changed in net-HSM configuration to enable this. I am using PKCS11Iterop library for all the key management operations.

I am using token based OCS protection.

4

1 回答 1

4

我想您的客户端机器 1 在 kmdata/local 目录中有一个与生成的新密钥相关联的新文件。但是您的客户端机器 2 在他的 kmdata/local 目录中没有这个文件。

您必须找到一种方法来共享 kmdata/local 目录,例如,使用 NFS。

于 2017-07-31T15:28:03.797 回答