Re: How to sign TAs with an HSM?

Sign the TAs using the private key I meant...

On Nov. 15 2023, at 2:35 pm, Jan Claußen jan.claussen10@web.de wrote:

There is one thing I really don't understand about the offline signing process for TAs using an HSM:

In the documentation (https://link.getmailspring.com/link/756A14AB-7D5B-4EB4-B980-50EB714532CD@get...) it says to generate a keypair with openssl and sign the TAs using the public key as ${TA_SIGN_KEY}. In point 4. the usage of an HSM is described, but since it is not possible to extract the private key from an HSM, I wonder how steps 3.-5. are even possible. Do you mix the previously generated RSA key with the one from the HSM? I cannot image that is as it should be. Can you please clarify this! Thank you