N-of-m Schemes¶
Compatible Nitrokeys |
|||||||
|---|---|---|---|---|---|---|---|
⨯ inactive |
⨯ inactive |
✓ active |
⨯ inactive |
⨯ inactive |
⨯ inactive |
⨯ inactive |
⨯ inactive |
The Nitrokey HSM 2 supports two different n-of-m schemes - one for secure sharing of key material/passwords and one for public key authentication to control the access to the device. Please see this blog post for more detailed information.
N-of-m for DKEK Shares¶
This feature can be used with OpenSC as described here. The general approach is seen in the videos below (external links).
Nitrokey HSM’s Secure Key Backup and Restore:
Nitrokey HSM’s M-of-N Threshold Scheme:
N-of-m for public key authentication¶
So far n-of-m authentication is only supported in OpenSCDP. The blog post gives an overview and a how-to here (CDN access required) is shown the process step by step in the Smart Card Shell.
N-of-m authentication is also supported in the PKI-as-a-Service Portal for locally and remote connected HSMs. The PKI-as-a-Service Portal is based on OpenSCDP.