How make private key import to HSM

[drsaluml]

Supported PKCS#11 Key Types

https://docs.aws.amazon.com/cloudhsm/latest/userguide/pkcs11-key-types.html

Is it possible or not to be able to import HSM ?

I need advice from all of you.

Thanks.

[afk11]

Yea it should work, but you might have to embed the key in an ASN1 structure so the HSM has the curve information. I'm not familiar with AWS's cloudhsm, have you looked into an import command?

[drsaluml]

https://docs.aws.amazon.com/cloudhsm/latest/userguide/key_mgmt_util-importPrivateKey.html

[drsaluml]

I want to export private key to a file of ECDSA ( secp256k1 ) format. How can I do this? Is there a sample command or code? Thanks!

[afk11]

Hmm, there isn't code for it in this project. How about generating one on AWS and posting it's contents here and we'll try?

You can dump any ASN1 base64 or hex into this website and decode it, so you see what elements are embedded. https://lapo.it/asn1js/

Anyway, my guess is this DerPrivateKeySerializer from phpecc will be near enough.. https://github.com/phpecc/phpecc/blob/master/src/Serializer/PrivateKey/DerPrivateKeySerializer.php You can see how the ASN1 private key format is specified here: https://github.com/phpecc/phpecc/blob/master/src/Serializer/PrivateKey/DerPrivateKeySerializer.php#L54

If you can get a key from AWS, and then compare it against a key serialized by DerPrivateKeySerializer, I think you'll be 90% of the way there!

Convert bitcoin-php privkey to phpecc privkey, and serialize to DER:

$g = Bitcoin::getGenerator();
$privKey = // generate or parse your private key
$eccPrivKey = $g->getPrivateKeyFrom($privKey->getSecret());
$derPrivSerializer = new DerPrivateKeySerializer();
$der = $derPrivSerializer->serialize($eccPrivKey);
echo base64_encode($der)."\n";

[afk11]

@drsaluml how did this go? any luck?