-a keypair is generated in secure hardware
- you send the public key to a server which encrypts the secret key with it
- the server sends the encrypted key back
- then it goes inside the secure hardware where it gets decrypted
The decrypted secret key is never in the userspace.
-a keypair is generated in secure hardware
- you send the public key to a server which encrypts the secret key with it
- the server sends the encrypted key back
- then it goes inside the secure hardware where it gets decrypted
The decrypted secret key is never in the userspace.