N-of-m Schemes#

The Nitrokey HSM 2 supports two different n-of-m schemes - one for secure sharing of key material/passwords and one for public key authentication to control the access to the device. Please see this blog post for more detailed information.

N-of-m for DKEK Shares#

This feature can be used with OpenSC as described here. The general approach is seen in the videos below (external links).

Nitrokey HSM’s Secure Key Backup and Restore:

Nitrokey HSM’s M-of-N Threshold Scheme:

N-of-m for public key authentication#

So far n-of-m authentication is only supported in OpenSCDP. The blog post gives an overview and a how-to here (CDN access required) is shown the process step by step in the Smart Card Shell. For OpenSC there is a ticket to get that integrated.

N-of-m authentication is also supported in the PKI-as-a-Service Portal for locally and remote connected HSMs. The PKI-as-a-Service Portal is based on OpenSCDP.