YubiHSM - completely lost
Hello,
I am in dire need of assistance with my YubiHSM2.
I'm setting up a two-tier PKI infrastructure, where the RootCA and IssuingCA keys are stored in YubiHSM2. I was able to successfully establish the infrastructure itself, but now I am trying to back up what I have, and it's driving me nuts.
Here's what I'm trying to do:
- open yubihsm shell
- connect using an authentication key with full permissions
- run the following command:
get wrapped 0 [key_id] asymmetric-key [wrap_key_id] 0 C:\Temp\rootca.wrapped
Result?
Failed to get wrapped object: Wrong permissions for operation
The asymmetric key has the exportable-under-wrap capabilities.
The authentication key I'm opening the session with has all capabilities and delegated capabilities.
I also tried with yubihsm-setup dump, but I also get errors:
Unable to export object authentication-key with ID [id] wrapped under key ID [wrap_key_id]: Wrong permissions for operation.
Can it be a problem with the wrap-key? It was created using the reference command:
generate wrapkey 0 0 wrapkey 1 wrap-data:unwrap-data none aes256-ccm-wrap
With the only difference that I specified all 16 domains.
Also, how can I export the wrap key from the HSM in order to put it into a second HSM? I'm looking at the command reference, but either I am blind, or I can only see the import option...
I will greatly appreciate any help you can give.
Thanks
Wojciech