This guide describes how to generate an AES key in AWS CloudHSM and encrypt it with a Skyflow-provided Wrapping Key. Key Wrapping is a common technique to store or transmit keys in insecure environments. Specifically, the produced key ciphertext is compatible with Skyflow's BYOK API. Prerequisites:
- Active AWS CloudHSM Cluster
- Amazon EC2 Instance connected to AWS CloudHSM Cluster
- A crypto user (CU) authorized to perform key management and cryptographic operations in the HSM
If any prerequisite is not met, please stop here and consult [1] and [2].