Closed npmccallum closed 1 year ago
The runtime may or may not allow managed keys to be exported. This allows the runtime to act as a HSM, where applications can only refer to keys using key identifiers.
The prohibited_operation
error code is returned if an export operation is refused for compliance reasons.
FIPS generally requires that keys not be exportable in plaintext. For example, NSS disables all export functionality in FIPS mode.
What is the plan for the following functions in a FIPS-regulated environment?
keypair_export
secretkey_export
symmetric_key_export