Software to Hardware Key Migration Aids

Often times it might be necessary to migrate a software key on to a hardware device. However, this migration is a security risk, compared to keys generated, stored, and secured on a hardware device. Importing a software key to a hardware device can be done through KeyStore.setKeyEntry(). The setKeyEntry method can accept a software key as argument and converts the key to a session key object. Session object is short lived, it only exists during that session. When a session is closed, the object will be destroyed. If you want to store the key permanently on the token, you can do so by using the configuration file. The attributes option allows you to add additional PKCS#11 attributes to the configuration file. You can add attributes for "import" operation with CKA_TOKEN=true. That means that the keys with the type and algorithm specified in this set of attributes will be imported as token object. Token objects stay on the token after the session is closed. This operation is subject to the hardware device restriction.