On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote:
> On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote:
> > As others have said, the best solution is to relay on HSW for handling
> > the cryptographic material.
> Aren't these answers to different questions?
> Not all attacks are about stealing the key or using it to sign unintended
> things.
Also a HSM does only allow to control access to the cryptographic
material. But it asserts no control over what is actually signed.
So an attacker needs to wait until you ask the HSM it is okay to sign
something.
Bastian
--
War isn't a good life, but it's life.
-- Kirk, "A Private Little War", stardate 4211.8
