A common key exchange operation is that a "client" provides a public (RSA or EC) key to the HSM, the HSM generates a symmetric key encrypted under that public key, and the client then imports the symmetric key into its own keystore. (This is a toy example of how key exchange between HSMs and mobile devices works.) The existing code samples provide hints at how to accomplish each of these steps except importing the public key; RSAImportKey does something similar but in the opposite direction.
An end-to-end example for exporting an AES key using this flow would be welcome.
A common key exchange operation is that a "client" provides a public (RSA or EC) key to the HSM, the HSM generates a symmetric key encrypted under that public key, and the client then imports the symmetric key into its own keystore. (This is a toy example of how key exchange between HSMs and mobile devices works.) The existing code samples provide hints at how to accomplish each of these steps except importing the public key; RSAImportKey does something similar but in the opposite direction.
An end-to-end example for exporting an AES key using this flow would be welcome.