undefined | Better HN

0 pointseximius3y ago0 comments

I actually wish there was an in-between model that supported key extraction.

Let me store my key in a secure, offline, physical device... and extract to clone it when my yubikey is worryingly old.

My threat model does not include physical attacks, but storage of a key on-device or in backups? Or forgetting a password for an encrypted archive? yep.

0 comments

Too3y ago

Yubihsm can do that. Not sure about yubikey. It’s called export wrapped. Here wrapped means the export is encrypted by another key first. The only catch (feature) is that the key must be created with this capability on its initial creation, you can’t export a key that disallows exporting.

nevermindiguess3y ago

https://pistonvault.com

csw-0013y ago

The robot arm part of this reminds me so much of StorageTek’s tape drive robots. Man those were so cool to watch wizzing around in their giant tubes grabbing and loading tape drives on demand.

j / k navigate · click thread line to collapse