15 Nov
2023
15 Nov
'23
1:35 p.m.
There is one thing I really don't understand about the offline signing process for TAs using an HSM:
In the documentation (https://link.getmailspring.com/link/4CCC8610-79B9-4890-AF1F-7A0AA56F0C20@get...) it says to generate a keypair with openssl and sign the TAs using the public key as ${TA_SIGN_KEY}. In point 4. the usage of an HSM is described, but since it is not possible to extract the private key from an HSM, I wonder how steps 3.-5. are even possible. Do you mix the previously generated RSA key with the one from the HSM? I cannot image that is as it should be. Can you please clarify this! Thank you