Open drsaluml opened 4 years ago
afk11
commented
4 years ago Yea it should work, but you might have to embed the key in an ASN1 structure so the HSM has the curve information. I'm not familiar with AWS's cloudhsm, have you looked into an import command?
drsaluml
commented
4 years ago drsaluml
commented
4 years ago I want to export private key to a file of ECDSA ( secp256k1 ) format. How can I do this? Is there a sample command or code? Thanks!
afk11
commented
4 years ago Hmm, there isn't code for it in this project. How about generating one on AWS and posting it's contents here and we'll try?
You can dump any ASN1 base64 or hex into this website and decode it, so you see what elements are embedded. https://lapo.it/asn1js/
Anyway, my guess is this DerPrivateKeySerializer from phpecc will be near enough.. https://github.com/phpecc/phpecc/blob/master/src/Serializer/PrivateKey/DerPrivateKeySerializer.php You can see how the ASN1 private key format is specified here: https://github.com/phpecc/phpecc/blob/master/src/Serializer/PrivateKey/DerPrivateKeySerializer.php#L54
If you can get a key from AWS, and then compare it against a key serialized by DerPrivateKeySerializer, I think you'll be 90% of the way there!
Convert bitcoin-php privkey to phpecc privkey, and serialize to DER:
$g = Bitcoin::getGenerator();
$privKey = // generate or parse your private key
$eccPrivKey = $g->getPrivateKeyFrom($privKey->getSecret());
$derPrivSerializer = new DerPrivateKeySerializer();
$der = $derPrivSerializer->serialize($eccPrivKey);
echo base64_encode($der)."\n";@drsaluml how did this go? any luck?
Supported PKCS#11 Key Types
https://docs.aws.amazon.com/cloudhsm/latest/userguide/pkcs11-key-types.html
Is it possible or not to be able to import HSM ?
I need advice from all of you.
Thanks.