rday
commented
1 year ago Hi @PankajSahni , sorry for the long wait on this one. This sample demonstrates using the HSM for RSA encrypt. It uses the Public key to encrypt, and the Private key to decrypt. Both operations will happen inside the HSM, not in the client.
My understanding is, Private Key should never leave HSM cluster. HSM-Client should pass key-handle, Mechanism and payload to the HSM-Server and HSM-Server should encrypt or sign the payload and give it back to the HSM-Client. But the examples in the official documentation generates KeyPair and use actual PrivateKey to encrypt. Please let me know if my understanding is correct and point me to some Java example where encryption and signing happens on HSM-Server and not on HSM-Client